Job Description

Overview

We are hiring for an L4 Network Architect/Engineer to lead design and delivery of multi site Cisco Software Defined Access (SD Access) solutions at scale. Contribute to and implement architecture direction, drive complex deployments across distributed campuses, and mentor engineers while partnering closely with security and operations. The ideal candidate holds an active CCIE and demonstrates deep, hands on expertise across Cisco routing/switching, Cisco Catalyst Center (formerly Cisco DNA Center), Cisco ISE, Cisco FTD firewalls, and Cisco SD WAN, with expert level command of BGP, EIGRP, OSPF, and related enterprise routing protocols.

Notes

1. Must reside in the immediate Los Angles metro area and be able to work onsite at client site in Downtown LA. Candidate has to visit different onsite work locations in LA so locals are preferred.
2. Off hours / change windows as needed for critical migrations.

Responsibilities

What you ll do (Key Responsibilities) is to be interpreted here as follows:

• Own end to end SD Access architecture for large, multi site enterprises: fabric design (control/edge/border), transit options, segmentation (SGTs/TrustSec), identity policy, and integration with WAN and data center.
• Lead Catalyst Center driven automation: design templates, SDA workflows, network assurance, SWIM, and closed loop operations aligned to reliability/SLOs.
• Design identity centric security with ISE: policy sets, authorization profiles, posture, PxGrid integrations, wired/wireless 802.1X/MAB, guest/BYOD, and scalable group policies.
• Engineer secure edge and campus perimeters: Cisco FTD/Firepower policy design, NAT, VPN, IDS/IPS, SSL decryption strategy, and high availability.
• Architect SD WAN underlay/overlay: transport independence, application aware routing, DIA/Cloud on ramp, security integration, and multi region scale.
• Expert routing at scale: BGP (policy, route reflectors, communities), OSPF, EIGRP, ECMP, redistribution strategies, route filtering, summarization, and IPv6 planning.
• Drive modernization roadmaps: brownfield to SDA migration, hierarchical campus design, QoS, multicast, wireless controller (Catalyst 9800) alignment, and resiliency patterns.
• Deliver hands on build and escalation leadership: lab validation, pilot, phased rollout, cutover plans, MOPs, change windows, and root cause analysis for P1/P2 incidents.
• Mentor and uplift engineering teams: design reviews, standards, runbooks, and enablement sessions for operations and field engineers.
• Stakeholder leadership: collaborate with security, EUC, cloud, and application teams; translate business outcomes into technical architectures and measurable milestones.
• Documentation & governance: HLD/LLD, as builts, standards, security exceptions, and compliance artifacts; contribute to reference architectures and reusable templates.

Qualifications

• Active CCIE (any track; Enterprise Infrastructure and/or Security strongly preferred).
• 10 years enterprise networking experience, including 3 5 years leading SDA architecture and deployment across multiple sites.
• Proven, exceptional hands on skills with Cisco routing/switching and Catalyst Center (formerly Cisco DNA Center) for SDA automation and assurance.
• Deep expertise with Cisco ISE (policy, 802.1X, SGT/TrustSec) and Cisco FTD (Firepower) firewalls (threat, access control, NAT/VPN, high availability).
• Strong experience with Cisco SD WAN (design, policy/templating, security integration, operationalization).
• Expert level knowledge of BGP, EIGRP, OSPF, redistribution, and route policy design for large enterprises.
• Demonstrated success leading complex, multi phase migrations and mentoring senior engineers.

Preferred Qualifications

• CCDE or dual CCIE; Cisco Certified Specialist certifications in SDA, ISE, or SD WAN.
• Automation fluency (Ansible, Python, Terraform), Git based workflows, and API integration with Catalyst Center/ISE/FTD/SD WAN.
• Wireless (Catalyst 9800/Prime/Catalyst Center Assurance), QoS strategy, multicast, NAC posture, and Zero Trust segmentation.
• Cloud networking (Azure/AWS), hybrid connectivity, and DNS/DHCP/IPAM integration.
• Familiarity with data center and campus interconnect (e.g., ACI concepts beneficial but not required).

Job Tags

Similar Jobs