Network Cyber Security Architect (RARR Job 5955)

Key Responsibilities

• Design and implement microsegmentation using VMware NSX T and vDefend Distributed Firewall across vSphere and vSAN based environments.
• Define and maintain zero trust security policies for east west and north south traffic, leveraging NSX security groups, tags, context profiles and distributed firewall L4–L7 rules.
• “Lead the full policy lifecycle for NSX T/vDefend microsegmentation: initial discovery, policy design, rule creation, testing, staged enforcement, and ongoing fine tuning based on application and SOC feedback.”
• Use NSX Intelligence / flow analytics and application rule managers to iteratively refine least‑privilege policies without impacting availability.
• Integrate NSX T with Active Directory / identity providers to enable role based access control for administrators and, where required, Identity Firewall (user /group based rules).
• Integrate NSX‑T/vDefend logs, NDR/ATP events and firewall audit data with the enterprise SIEM for centralized monitoring, detection and compliance reporting.
• “Define logging and alerting standards (what to log, at what severity, retention) and work with SOC engineers to create use‑cases and playbooks around vDefend events.
• Lead the application discovery and policy baselining phase, analysing flows between Windows, Linux and appliance workloads to derive least privilege rules.
• Own troubleshooting and remediation of complex connectivity issues caused by segmentation changes, including use of NSX/vDefend flow logs and security analytics.
• Work with application and infrastructure teams to segment legacy and unsupported operating systems using hypervisor‑level controls where host‑based agents are not feasible.
• Extend microsegmentation principles into AWS, designing VPC‑level controls using security groups, NACLs and, where appropriate, AWS Network Firewall and other native services.
• Align NSX‑T/vDefend segmentation with AWS environments (for example, VMware Cloud on AWS or connected VPCs), ensuring consistent policy across on‑prem and cloud workloads.
• Define patterns for securing application flows between on‑premises VMware workloads and AWS services, including private connectivity, shared services VPCs and inspection points.

Required Skills & Qualifications

Technical Skills

• Deep technical expertise in VMware vSphere, vSAN and NSX‑T, including NSX Manager, transport zones, T0/T1 gateways and distributed firewall.
• Proven hands‑on experience delivering NSX‑T / vDefend microsegmentation projects in production, from discovery through design, implementation and handover.
• Strong understanding of Windows and Linux server platforms, common enterprise application architectures, and typical east‑west traffic patterns.
• Solid experience with AWS networking and security constructs including VPC design, subnets, routing, security groups, NACLs and related security services.
• Strong analytical and problem‑solving skills, with the ability to diagnose and remediate complex connectivity and performance issues caused by segmentation policies.

Soft Skills

• Strong analytical and problem-solving skills.
• Excellent communication and documentation abilities.
• Ability to explain complex security concepts to non-technical stakeholders.
• Leadership mindset with mentoring capability.

Certifications (Must)

• VMware Certified Professional – Network Virtualization (VCP‑NV).
• VMware Certified Professional – Private Cloud Security Administrator (VCP‑PCS / vDefend Security for VCF 5.x Administrator, 6V0‑21.25).

Certifications (Good to have )

• VMware Certified Advanced Professional – Network Virtualization (VCAP NV Deploy and/or Design).
• AWS Certified Security – Specialty (SCS C01).
• AWS Certified Solutions Architect – Associate/Professional for broader cloud design credibility.
• CISSP / CCSP / or equivalent

Education

• Bachelor’s or Master’s degree in Engineering (Computer Science Preferred), Information Security, or related field