Infrastructure Security Architect

Who we are

NTT DATA is one of the world's largest global security service providers, partnering with some of the most recognized security technology brands. We're looking for passionate, curious, and motivated individuals to join our team.

What you’ll be doing

• Create security architecture designs for network/infrastructure projects under supervision.
• Develop network diagrams, security zone models, and data flow diagrams following standards.
• Document design decisions and contribute to reference architectures and reusable patterns.
• Design firewall architectures, segmentation strategies, DMZ configurations, and VPN solutions.
• Create detailed rulesets, access control lists, and security policy designs.
• Support implementation of network security controls and document configurations.
• Design solutions for SIEM, endpoint protection, and monitoring platforms.
• Create technical specifications and integration approaches for security tools.
• Support proof-of-concept activities and vendor/product evaluations.
• Develop hardening standards and secure baseline configurations aligned with CIS Benchmarks.
• Create security configuration policies, validation procedures, and automation approaches.
• Document requirements and support configuration assessments and remediation planning.
• Produce architecture documents, diagrams, and design specifications under supervision.
• Maintain design repositories, configuration management, and technical guidelines.
• Contribute to governance processes and write operational runbooks.
• Support architecture reviews, gap analyses, and compliance assessments.
• Validate security controls against design requirements and identify weaknesses.
• Document findings, risks, and remediation recommendations.

What you'll bring along

• Bachelor's degree in Computer Science, Software Engineering, Cybersecurity, or related field
• Minimum 5–10 years of experience in cybersecurity or IT security roles
• Solid understanding of security architecture principles and design patterns
• Knowledge of network security architectures including defense in depth and zero trust
• Understanding of security zone models, network segmentation, and DMZ designs
• Familiarity with security frameworks (NIST CSF, ISO 27001, CIS Controls)
• Awareness of secure design principles for cloud and hybrid environments
• Network security: Firewalls, IPS/IDS, VPNs, proxies, NAC, load balancers
• Network protocols: Deep TCP/IP knowledge, routing protocols (BGP, OSPF), MPLS
• Switching and routing: VLANs, VXLANs, spanning tree, port security
• Security platforms: Palo Alto, Cisco ASA/Firepower, Fortinet, Check Point
• Virtualization: VMware NSX, network virtualization, micro-segmentation
• SIEM platforms: Splunk, QRadar, Azure Sentinel, ELK Stack
• Endpoint protection: CrowdStrike, Carbon Black, Microsoft Defender
• Network monitoring: NetFlow, IPFIX, packet capture, network behavior analysis
• Identity and access: Active Directory, Azure AD, LDAP, RADIUS, TACACS+
• Cloud security: AWS VPC, Azure Virtual Networks, GCP VPC security
• Diagramming: Microsoft Visio, Lucidchart, draw.io, enterprise architecture tools
• Infrastructure as Code: Terraform, CloudFormation, Ansible basics
• Version control: Git, document management systems
• Collaboration: Confluence, SharePoint, technical wikis
• Project management: Jira, ServiceNow, project documentation tools
• Clear technical communication with engineering teams and stakeholders
• Ability to translate security requirements into technical designs
• Collaborative approach to working with network, infrastructure, and security teams
• Problem-solving skills for complex security design challenges
• Attention to detail in technical specifications and documentation
• Time management and ability to prioritize multiple design activities
• CCNA Security or SSCP (Systems Security Certified Practitioner) - Mandatory
• Network security certification: Fortinet NSE4, Palo Alto PCNSA/PCNSE, or Cisco CyberOps - Required
• Security+ or equivalent foundation certification - Required
• Working toward: CISSP Associate, CCNP Security, or security architecture certifications 
• Excellent command of both spoken and written English.