NTG
Position Summary
The Network Lead Architect is the senior technical authority for enterprise network architecture, modernization, and security across DoD mission environments (IL4/5/6). This role sets standards and roadmaps; leads end to end design for data center, campus/branch, WAN/SD WAN, and cloud connectivity; and drives Zero Trustaligned segmentation and automation to deliver resilient, scalable, and compliant networks. Essential Duties And Responsibilities
Strategy & Architecture Governance Own the Enterprise Network Reference Architecture, standards, and design patterns aligned to agency objectives and DoD guidance. Lead/participate in Architecture Review Boards (ARB) and Change/Configuration Control Boards, maintaining traceability with HLD/LLD, ADRs, ICDs, and security overlays. Evaluate emerging capabilities (e.g., EVPN VXLAN fabrics, SD WAN/SASE, advanced telemetry) with adoption criteria, risk posture, and migration approaches. Develop and maintain network architecture roadmaps, standards, and best practices aligned with DoD and Agency requirements. Core Network Architecture & Design Design underlay/overlay topologies for data centers and campuses (spine leaf, EVPN VXLAN, MPLS L2/L3VPN) and for WAN/backbone (BGP/OSPF/IS-IS, traffic engineering, route policy, communities). Engineer high availability and fast convergence (ECMP, FHRP, FRR, ISSU/GSU) and plan for capacity, growth, and performance (QoS, queuing, shaping, policing). Define IPv4/IPv6 addressing strategy, NAT policies, multicast/RP design where required, and DNS/DHCP/IPAM governance. Security Architecture & Zero Trust Architect segmentation and micro-segmentation (identity/policy based), secure access (802.1X, certificate-based auth), and crypto boundary designs (IPsec, MACsec) using FIPS validated algorithms. Align to DoD RMF, NIST SP 800-53/37, and DISA STIGs; map control inheritance and produce artifacts needed for ATO/cATO. Integrate network security controls (firewall policy frameworks, IDS/IPS, SWG, DLP) and validate with tabletop/blue team exercises. Cloud, Edge & Cross Domain Connectivity: design hybrid and multi-cloud connectivity (IL cloud constructs, private connectivity, transit/segmentation, inspection service insertion, east-west control). Engineer remote access/telework, edge footprints, and mission partner/coalition interconnects with explicit security demarcation and monitoring. Campus & Branch Define campus access, distribution, and core designs with 802.1X, posture assessment, guest/IoT segmentation. Establish branch patterns (SD WAN, DIA/MPLS mix, local breakout controls) with consistent policy and centralized governance. Automation, Reliability & Observability Drive intent-based and policy-driven operations: configuration standards, golden baselines, compliance drift detection, and repeatable change. Establish observability requirements (model-driven/streaming telemetry, logs/metrics/flows) and SLOs; ensure runbooks and test plans cover failure scenarios. Delivery Leadership Lead discovery, HLD/LLD, PoCs, pilots, migrations/cutovers, and operational handoffs with minimal mission impact. Mentor engineers; conduct design reviews and knowledge transfers; brief senior leadership on tradeoffs and risk mitigations. Documentation & Deliverables Produce and maintain: Enterprise Network Standards, High/Low Level Designs (HLD/LLD), Architecture Decision Records (ADRs), Interface Control Documents (ICDs), test/validation plans, cutover plans, security overlays, addressing/IP plans, and runbooks. Requirements
Minimum Qualifications (Knowledge, Skills, and Abilities)
Active DoD Secret Clearance required 10+ years designing and leading large-scale enterprise or DoD networks across data center, WAN/backbone, campus/branch domains. IAT III or IAM II baseline (examples: CISSP, CASP+ CE, CISM). Expert level knowledge of routing and switching (BGP, OSPF, IS-IS), EVPN VXLAN and/or MPLS, QoS, IPv6, multicast, and network resiliency patterns. Demonstrated success implementing Zero Trust segmentation, 802.1X/NAC, identity aware firewall policy, and FIPS validated cryptography. Familiarity with hybrid/multi-cloud networking patterns and IL4/5/6 operational constraints; strong grasp of RMF/STIG compliance. Excellent communication skills with the ability to brief senior leaders and translate technical concepts into mission impact. Preferred Qualifications
Top Secret/SCI Clearance Bachelors degree in computer science, Information Technology, or equivalent combination of education and experience (4 additional years of relevant experience may substitute for a degree). ITIL, TOGAF, or other architecture frameworks. CCIE (Enterprise Infrastructure, Security, or Data Center), CCNP (Enterprise, Service Provider, or Security) or equivalent credentials (JNCIE, NSE 7/8, PCNSE). ITIL 4 Foundation and an architecture framework credential (TOGAF/DoDAF familiarity). Cloud networking foundations (e.g., AWS/Azure associate level) helpful for hybrid designs. Prior experience supporting the Missile Defense Agency (MDA) or other DoD organizations. Experience with software-defined networking (SDN), automation, and cross-domain solutions. Physical Demands and Work Environment
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this position. Reasonable accommodations may be made to enable individuals with disabilities to perform these functions. The employee is regularly required to talk or hear, use hands to handle or feel objects, and may stand, walk, sit, or reach. Occasional lifting up to 25 pounds. Vision requirements include close and distance vision with ability to adjust focus. Noise level is usually low to moderate. Northern Technologies Group
is an equal opportunity employer. We do not discriminate based on race, color, religion, sex, national origin, disability, age, or any other protected status under federal, state, or local law. Travel: 10% Shift: Normal office hours that align with the core hours of the customer. Note: The salary range listed represents a good faith estimate and is provided in compliance with applicable pay transparency laws. Final compensation offered will be determined based on skills, experience, qualifications, internal equity, and market conditions. This job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities. Duties may change at any time with or without notice. This document does not create an employment contract, implied or otherwise, other than an at-will relationship. #J-18808-Ljbffr
The Network Lead Architect is the senior technical authority for enterprise network architecture, modernization, and security across DoD mission environments (IL4/5/6). This role sets standards and roadmaps; leads end to end design for data center, campus/branch, WAN/SD WAN, and cloud connectivity; and drives Zero Trustaligned segmentation and automation to deliver resilient, scalable, and compliant networks. Essential Duties And Responsibilities
Strategy & Architecture Governance Own the Enterprise Network Reference Architecture, standards, and design patterns aligned to agency objectives and DoD guidance. Lead/participate in Architecture Review Boards (ARB) and Change/Configuration Control Boards, maintaining traceability with HLD/LLD, ADRs, ICDs, and security overlays. Evaluate emerging capabilities (e.g., EVPN VXLAN fabrics, SD WAN/SASE, advanced telemetry) with adoption criteria, risk posture, and migration approaches. Develop and maintain network architecture roadmaps, standards, and best practices aligned with DoD and Agency requirements. Core Network Architecture & Design Design underlay/overlay topologies for data centers and campuses (spine leaf, EVPN VXLAN, MPLS L2/L3VPN) and for WAN/backbone (BGP/OSPF/IS-IS, traffic engineering, route policy, communities). Engineer high availability and fast convergence (ECMP, FHRP, FRR, ISSU/GSU) and plan for capacity, growth, and performance (QoS, queuing, shaping, policing). Define IPv4/IPv6 addressing strategy, NAT policies, multicast/RP design where required, and DNS/DHCP/IPAM governance. Security Architecture & Zero Trust Architect segmentation and micro-segmentation (identity/policy based), secure access (802.1X, certificate-based auth), and crypto boundary designs (IPsec, MACsec) using FIPS validated algorithms. Align to DoD RMF, NIST SP 800-53/37, and DISA STIGs; map control inheritance and produce artifacts needed for ATO/cATO. Integrate network security controls (firewall policy frameworks, IDS/IPS, SWG, DLP) and validate with tabletop/blue team exercises. Cloud, Edge & Cross Domain Connectivity: design hybrid and multi-cloud connectivity (IL cloud constructs, private connectivity, transit/segmentation, inspection service insertion, east-west control). Engineer remote access/telework, edge footprints, and mission partner/coalition interconnects with explicit security demarcation and monitoring. Campus & Branch Define campus access, distribution, and core designs with 802.1X, posture assessment, guest/IoT segmentation. Establish branch patterns (SD WAN, DIA/MPLS mix, local breakout controls) with consistent policy and centralized governance. Automation, Reliability & Observability Drive intent-based and policy-driven operations: configuration standards, golden baselines, compliance drift detection, and repeatable change. Establish observability requirements (model-driven/streaming telemetry, logs/metrics/flows) and SLOs; ensure runbooks and test plans cover failure scenarios. Delivery Leadership Lead discovery, HLD/LLD, PoCs, pilots, migrations/cutovers, and operational handoffs with minimal mission impact. Mentor engineers; conduct design reviews and knowledge transfers; brief senior leadership on tradeoffs and risk mitigations. Documentation & Deliverables Produce and maintain: Enterprise Network Standards, High/Low Level Designs (HLD/LLD), Architecture Decision Records (ADRs), Interface Control Documents (ICDs), test/validation plans, cutover plans, security overlays, addressing/IP plans, and runbooks. Requirements
Minimum Qualifications (Knowledge, Skills, and Abilities)
Active DoD Secret Clearance required 10+ years designing and leading large-scale enterprise or DoD networks across data center, WAN/backbone, campus/branch domains. IAT III or IAM II baseline (examples: CISSP, CASP+ CE, CISM). Expert level knowledge of routing and switching (BGP, OSPF, IS-IS), EVPN VXLAN and/or MPLS, QoS, IPv6, multicast, and network resiliency patterns. Demonstrated success implementing Zero Trust segmentation, 802.1X/NAC, identity aware firewall policy, and FIPS validated cryptography. Familiarity with hybrid/multi-cloud networking patterns and IL4/5/6 operational constraints; strong grasp of RMF/STIG compliance. Excellent communication skills with the ability to brief senior leaders and translate technical concepts into mission impact. Preferred Qualifications
Top Secret/SCI Clearance Bachelors degree in computer science, Information Technology, or equivalent combination of education and experience (4 additional years of relevant experience may substitute for a degree). ITIL, TOGAF, or other architecture frameworks. CCIE (Enterprise Infrastructure, Security, or Data Center), CCNP (Enterprise, Service Provider, or Security) or equivalent credentials (JNCIE, NSE 7/8, PCNSE). ITIL 4 Foundation and an architecture framework credential (TOGAF/DoDAF familiarity). Cloud networking foundations (e.g., AWS/Azure associate level) helpful for hybrid designs. Prior experience supporting the Missile Defense Agency (MDA) or other DoD organizations. Experience with software-defined networking (SDN), automation, and cross-domain solutions. Physical Demands and Work Environment
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this position. Reasonable accommodations may be made to enable individuals with disabilities to perform these functions. The employee is regularly required to talk or hear, use hands to handle or feel objects, and may stand, walk, sit, or reach. Occasional lifting up to 25 pounds. Vision requirements include close and distance vision with ability to adjust focus. Noise level is usually low to moderate. Northern Technologies Group
is an equal opportunity employer. We do not discriminate based on race, color, religion, sex, national origin, disability, age, or any other protected status under federal, state, or local law. Travel: 10% Shift: Normal office hours that align with the core hours of the customer. Note: The salary range listed represents a good faith estimate and is provided in compliance with applicable pay transparency laws. Final compensation offered will be determined based on skills, experience, qualifications, internal equity, and market conditions. This job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities. Duties may change at any time with or without notice. This document does not create an employment contract, implied or otherwise, other than an at-will relationship. #J-18808-Ljbffr