📜 Project Summary
We’re hiring a senior Network & Security Architect (contractor, not employee) to design a resilient, regulator-compliant banking enterprise network that spans dual data-centres, disaster-recovery sites, regional branches/ATMs, and hybrid-cloud workloads. Your HLD/LLD and playbooks will serve as the blueprint for our deployment team.
📡 Network Topology Requirements
- Data-Centre & DR
Dual active-active DCs with spine-leaf fabric, MACsec on inter-DC links, isolated OOB network
- Campus / HQ
Redundant core & distribution, Wi-Fi 6/6E access, NAC-enforced segmentation
- Branches & ATMs
SD-WAN overlays (MPLS + LTE/5G) with local Internet break-out, zero-touch provisioning
- Cloud Edge
Direct Connect / ExpressRoute / IPsec VPN-GW, micro-segmented VNET/VPCs
- Internet DMZ
Reverse proxies, WAF, DDoS scrubber, SWIFT-CSP-isolated zone
🌐 Services to Be Supported
- Core Banking & Treasury (ISO 8583, MQ, micro-services APIs)
- Digital & Mobile Banking (Open-Banking APIs, web/mobile channels)
- Payments – RTGS/NEFT/IMPS/UPI, SWIFT, card-switch, POS
- Unified Comms – VoIP/SBC, contact-centre SIP, VC
- Enterprise IT – AD/Azure AD, M365, SaaS & SOC/SIEM feeds
🔐 Security-First Architecture
- Zero-Trust segmentation (macro + micro, user/device-aware)
- Next-Gen Firewalls & virtual NGFWs at every trust boundary
- Inline IPS / sandboxing for east-west and north-south traffic
- Layer-7 WAF & API GW in DMZ; TLS 1.3 everywhere
- Compliance: PCI-DSS 4.0, RBI/IRDA cyber controls, SWIFT CSP, ISO 27001
- HA everywhere – clustered firewalls, ECMP, BGP GR, IPsec FVRF
🧠 Technical Requirements
- Routing/Switching: OSPF v2/v3, IS-IS, eBGP/iBGP, MP-BGP EVPN/VXLAN, MPLS L2/L3 VPN, Segment Routing (SR-MPLS/SRv6)
- Overlay & SD-WAN: DMVPN, SD-WAN (Viptela/Versa/Fortinet or similar)
- Automation: GitOps source-of-truth, Ansible/Terraform-ready design hooks
- Observability: gRPC telemetry, NetFlow/IPFIX, Syslog/SIEM pipelines
- Future-proof: IPv6-first; QoS placeholders (no policy config in scope)
📦 Deliverables
- HLD – logical & topological views, security zones, resiliency model
- LLD – device roles, interface matrices, VRF maps, protocol timers
- IPv4/IPv6 Address Plan – summarised, dual-stack, hierarchically allocated
- Security Architecture Guide – segmentation tables, object-based FW rules, crypto standards
- Routing & Service Flow Docs – Core Banking, SWIFT, Digital channels, UC, Branch/ATM paths
- Procedure Playbooks – onboarding branches/cloud VPCs, DR fail-over, patch-window checklist
❌ CLI configurations and QoS policies are out-of-scope (architecture only).
🧪 Mandatory Qualification Round
Submit all required artefacts via this form:
- 👉 https://forms.office.com/r/4cCw88zP4c
- 🖼️ Digital Topology Diagram – DC, campus, branch, cloud edges & security zones
- 📝 One paragraph per major service – rationale, resiliency & security approach
- 📋 Routing, Overlay & Security Controls List – protocols, segmentation, crypto, automation hooks
- ✅ Service Checklist – confirm every item in the RFP is covered
⚠️ Only complete form submissions are reviewed.
❗ Important Eligibility Notice – Read Before Applying
This contract demands proven senior-level expertise in banking/financial-sector network & security architecture. If you do not meet all Ideal Candidate criteria—hands-on banking designs and the certifications listed below—please do not apply. Junior or incomplete submissions will be disqualified without review.
✅ Ideal Candidate
- 10 + years designing regulated financial networks & security
- Certifications: CCIE (Enterprise or Security) / JNCIE-SP and CISSP or CISM; PCNSE or NSE 7 is a plus
- Demonstrable PCI-DSS 4.0 and SWIFT CSP project history
- Comfortable with NetDevOps tooling and hybrid-cloud fabrics
💰 Remuneration
💵💵 USD $$$$ + — premium project rate, fully commensurate with senior-level experience
⏳ Timeline
4 weeks (possible 1-week extension if agreed at kick-off)
Note: This is a short-term, deliverable-based engagement. It is not a full-time role or permanent position.
📍 Work Mode
Remote; overlap with IST business hours preferred
📬 How to Apply
Complete the qualification form → https://forms.office.com/r/4cCw88zP4c.
Short-listed candidates will be contacted for a technical interview and SOW alignment.