Network Architect- L4

Job Title : L4 Network Architect / Engineer – Cisco SD‑Access & Enterprise Networking

Location : Los Angeles, CA Onsite Role

Duration : 12+ Months Contract

Job Description :

Work location : Los Angeles, CA (Venue / Location based on‑site. Candidate would have to work at different venues in LA rather than a specific office ) (Locals preferred, however non-local candidates who are willing to relocate to LA on their own expense would be considered.)

We are hiring for an L4 Network Architect / Engineer to lead design and delivery of multi‑site Cisco Software‑Defined Access (SD‑Access) solutions at scale. Contribute to and implement architecture direction, drive complex deployments across distributed campuses, and mentor engineers while partnering closely with security and operations. The ideal candidate holds an active CCIE and demonstrates deep, hands‑on expertise across Cisco routing / switching, Cisco Catalyst Center (formerly Cisco DNA Center), Cisco ISE, Cisco FTD firewalls, and Cisco SD‑WAN, with expert‑level command of BGP, EIGRP, OSPF, and related enterprise routing protocols.

What you’ll do (Key Responsibilities)

Own end‑to‑end SD‑Access architecture for large, multi‑site enterprises : fabric design (control / edge / border), transit options, segmentation (SGTs / TrustSec), identity policy, and integration with WAN and data center.

Lead Catalyst Center–driven automation : design templates, SDA workflows, network assurance, SWIM, and closed‑loop operations aligned to reliability / SLOs.

Design identity‑centric security with ISE : policy sets, authorization profiles, posture, PxGrid integrations, wired / wireless 802.1X / MAB, guest / BYOD, and scalable group policies.

Engineer secure edge and campus perimeters : Cisco FTD / Firepower policy design, NAT, VPN, IDS / IPS, SSL decryption strategy, and high availability.

Architect SD‑WAN underlay / overlay : transport independence, application‑aware routing, DIA / Cloud on‑ramp, security integration, and multi‑region scale.

Expert routing at scale : BGP (policy, route reflectors, communities), OSPF, EIGRP, ECMP, redistribution strategies, route filtering, summarization, and IPv6 planning.

Drive modernization roadmaps : brownfield to SDA migration, hierarchical campus design, QoS, multicast, wireless controller (Catalyst 9800) alignment, and resiliency patterns.

Deliver hands‑on build and escalation leadership : lab validation, pilot, phased rollout, cutover plans, MOPs, change windows, and root‑cause analysis for P1 / P2 incidents.

Mentor and uplift engineering teams : design reviews, standards, runbooks, and enablement sessions for operations and field engineers.

Stakeholder leadership : collaborate with security, EUC, cloud, and application teams; translate business outcomes into technical architectures and measurable milestones.

Documentation & governance : HLD / LLD, as‑builts, standards, security exceptions, and compliance artifacts; contribute to reference architectures and reusable templates.

Required Qualifications (Must‑Have)

• Active CCIE (any track; Enterprise Infrastructure and / or Security strongly preferred).
• 10+ years enterprise networking experience, including 3–5+ years leading SD‑Access architecture and deployment across multiple sites.
• Proven, exceptional hands‑on skills with Cisco routing / switching and Catalyst Center (formerly Cisco DNA Center) for SDA automation and assurance.
• Deep expertise with Cisco ISE (policy, 802.1X, SGT / TrustSec) and Cisco FTD (Firepower) firewalls (threat, access control, NAT / VPN, high availability).
• Strong experience with Cisco SD‑WAN (design, policy / templating, security integration, operationalization).
• Expert‑level knowledge of BGP, EIGRP, OSPF, redistribution, and route‑policy design for large enterprises.
• Demonstrated success leading complex, multi‑phase migrations and mentoring senior engineers.

Preferred Qualifications