Networks - Lead Architect IRES - SSFB/HSV

**Position Title: Networks - Lead Architect** **Location:** Schriever Space Force Base, Colorado Springs, CO or Redstone Arsenal, Huntsville, AL **Relocation Assistance:** None available at this time **Remote/Telework:** NO - Not available for this position **Clearance Type:** DoD Secret **Shift:** Day shift **Travel Required:** Up to 10% of the time **Description of Duties:** The **Networks - Lead Architect** supports the Missile Defense Agency (MDA) on the Integrated Research and Development for Enterprise Solutions (IRES) contract. The candidate will: - Be the senior technical authority for enterprise network architecture, modernization, and security across DoD mission environments (IL4/5/6). - Set standards and roadmaps - Lead end to end design for data center, campus/branch, WAN/SD WAN, and cloud connectivity - Drive Zero Trust-aligned segmentation and automation to deliver resilient, scalable, and compliant networks. **Key Responsibilities:** **Strategy & Architecture Governance** - Own the Enterprise Network Reference Architecture, standards, and design patterns aligned to agency objectives and DoD guidance. - Lead/participate in Architecture Review Boards (ARB) and Change/Configuration Control Boards, maintaining traceability with HLD/LLD, ADRs, ICDs, and security overlays. - Evaluate emerging capabilities (e.g., EVPN VXLAN fabrics, SD WAN/SASE, advanced telemetry) with adoption criteria, risk posture, and migration approaches- Develop and maintain network architecture roadmaps, standards, and best practices aligned with DoD and Agency requirements. **Core Network Architecture & Design** - Design underlay/overlay topologies for data centers and campuses (spine leaf, EVPN VXLAN, MPLS L2/L3VPN) and for WAN/backbone (BGP/OSPF/IS IS, traffic engineering, route policy, communities). - Engineer HA and fast convergence (ECMP, FHRP, FRR, ISSU/GSU) and plan for capacity, growth, and performance (QoS, queuing, shaping, policing). - Define IPv4/IPv6 addressing strategy, NAT policies, multicast/RP design where required, and DNS/DHCP/IPAM governance. Security Architecture & Zero Trust - Architect segmentation and micro segmentation (identity /policy based), secure access (802.1X, certificate based auth), and crypto/crypto boundary designs (IPsec, MACsec) using FIPS validated algorithms. - Align to DoD RMF, NIST SP 800 53/37, and DISA STIGs; map control inheritance and produce artifacts needed for ATO/cATO. - Integrate network security controls (firewall policy frameworks, IDS/IPS, SWG, DLP) and validate with tabletop/blue team exercises. **Cloud, Edge & Cross Domain Connectivity** - Design hybrid and multi cloud connectivity (IL cloud constructs, private connectivity, transit/segmentation, inspection service insertion, east west control). - Engineer remote access/telework, edge footprints, and mission partner/coalition interconnects with explicit security demarcation and monitoring. **Campus & Branch** - Define campus access, distribution, and core designs with 802.1X, posture assessment, guest/IoT segmentation. - Establish branch patterns (SD WAN, DIA/MPLS mix, local breakout controls) with consistent policy and centralized governance. Automation, Reliability & Observability - Drive intent based and policy driven operations: configuration standards, golden baselines, compliance drift detection, and repeatable change. - Establish observability requirements (model driven/streaming telemetry, logs/metrics/flows) and SLOs; ensure runbooks and test plans cover failure scenarios. **Delivery Leadership** - Lead discovery, HLD/LLD, PoCs, pilots, migrations/cutovers, and operational handoffs with minimal mission impact. - Mentor engineers; conduct design reviews and knowledge transfers; brief senior leadership on tradeoffs and risk mitigations **Documentation & Deliverables** - Produce and maintain: Enterprise Network Standards, High/Low Level Designs (HLD/LLD), Architecture Decision Records (ADRs), Interface Control Documents (ICDs), test/validation plans, cutover plans, security overlays, addressing/IP plans, and runbooks. **Resumes, in month and year format, must be submitted with application in order to be considered for the position.** **The selected candidate may be assigned as an employee for one of our teammate companies.** **Basic Requirements:** - Must have 14, or more, years of general (full-time) work experience o May be reduced with completion of advanced education - Must have 7, or more, years of directly related experience designing and leading large-scale enterprise or DoD networks across data center, WAN/backbone, campus/branch domains - Must have 1, or more, years of experience working in a management or leadership role - Must have expert level knowledge of routing and switching (BGP, OSPF, IS IS), EVPN VXLAN and/or MPLS, QoS, IPv6, multicast, and network resiliency patterns. - Must have demonstrated success implementing Zero Trust segmentation, 802.1X/NAC, identity aware firewall policy, and FIPS validated cryptography. - Must be familiar with hybrid/multi cloud networking patterns and IL4/5/6 operational constraints; strong grasp of RMF/STIG compliance. - Must have a current DoD 8570 IAT Level III or IAM Level II certification (examples: CISSP, CASP+ CE, CISM). - Must have a current Cisco Certified Network Professional (CCNP) - Enterprise certification - Must have an active DoD Secret Security Clearance **Desired Requirements:** - Have an active DoD Top Secret Security Clearance with SCI eligibility - Have a Bachelor's degree (or higher) in computer science, Information Technology, or equivalent - ITIL, TOGAF, or other architecture frameworks. - Have experience supporting the Missile Defense Agency (MDA) or other DoD organizations. - Have experience with software-defined networking (SDN), automation, and cross-domain solutions. - Have a current CCIE (Enterprise Infrastructure, Security, or Data Center) certification - Have an ITIL® 4 Foundation (service alignment) and an architecture framework credential (TOGAF/DoDAF familiarity). - Have excellent communication skills with the ability to brief senior leaders and translate technical concepts into mission impact. This position is expected to pay **$** **180** **,000 - $** **240** **,000** annually; depending on experience, education, and any certifications that are directly related to the position. This position will be posted for a minimum of 3 days. If a candidate has not been selected at that time, it will continue to be posted until a suitable candidate is selected or the position is closed. Our health and welfare benefits are designed to invest in you, and in the things that you care about. Your health. Your well-being. Your security. Your future. Typical benefits offered include flexible work schedules, educational reimbursement, retirement benefits (401K match), employee stock purchase plan, health benefits, tax saving options, disability benefits, life and accident insurance, voluntary benefits, paid time off and paid holidays, and parental leave.