Explore and Apply for Architect jobs in Lancashire, United Kingdom

VMware vDefend Architect to lead the design, deployment, and operationalisation of VMware NSX‑based security controls, with emphasis on Distributed Firewall (DFW) and Advanced Threat Protection (ATP).

This role will drive two parallel workstreams: (1) architecture and rollout of ATP security features (e.g., IDS/IPS, malware prevention, threat scenarios, dashboards) and (2) the end‑to‑end vDefend security posture across infrastructure, applications, and identity—translating business risk into enforceable, scalable policies and operational metrics.

3-month contract to start in January

Remote role

Inside IR35

Key Responsibilities

Workstream 1 – ATP Security Features

Enable ATP capabilities across NSX/vDefend and ensure policy activation (IDS/IPS).

Test and validate protections; tune malware prevention to reduce false positives while maintaining coverage.

Perform threat assessments and develop advanced use cases to detect attacks across kill-chain stages.

Lead initial investigations using an attack lifecycle evidence chain and coordinate handoffs to SOC/IR.

Build custom dashboards, logging, and operational metrics to support visibility and continuous improvement.

Plan and perform product upgrades and patching for ATP/vDefend components.

Own Day‑2 enablement (post‑deployment optimization, runbooks, tuning, and adoption).

Workstream 2 – vDefend (DFW) & Overall Security Features

Architect and assist deployment of the platform to support NSXi/NSX‑T for micro‑segmentation.

Lead DFW policy creation and rule migrations from legacy controls to NSX, ensuring risk‑based coverage.

Define the operating model, standardization goals, and policy structure at macro/meso/micro levels:

Common Services Policy (Macro) – shared services, global controls.

Infrastructure Policy (Meso) – zones/tiers, platform components.

Application Policy (Micro) – workloads, east‑west segmentation.

Integrate Identity Firewall (users/groups/VM tags) to enforce context‑aware access.

Establish logging, monitoring, operational metrics, capacity management, and visibility across the stack.

Produce runbooks, design documents, and migration plans aligned to best practices and audit requirements.

Deliverables

High‑level & low‑level designs (HLD/LLD) for vDefend (DFW, ATP), including data flows and policy models.

Migration plan for DFW rules and legacy firewall policies; cutover playbooks and rollback plans.

Operating Model & RACI for build/run (incident, change, problem, threat hunting, vulnerability triage).

Policy standards (macro/meso/micro), tagging taxonomy, and naming conventions.

Security use cases and evidence chain procedures (attack lifecycle mapping, triage steps).

Dashboards & reports (logging, KPIs, capacity, coverage, exceptions).

Day‑2 materials: runbooks, tuning guidelines, upgrade/patch procedures.

Required Qualifications & Experience

8+ years in network/security architecture with 3+ years of hands‑on VMware NSX (NSX‑T) micro‑segmentation and DFW.

Demonstrable experience enabling IDS/IPS, malware prevention, and threat detection within NSX/vDefend or equivalent.

Proven track record migrating firewall rules, designing segmentation at multiple layers (macro/meso/micro), and integrating identity‑based controls.

Strong background in logging/monitoring, SIEM/SOAR integration, and building operational metrics.

Proficiency with capacity planning, performance tuning, and platform visibility tooling.

Excellent documentation skills; able to produce architecture artefacts, standards, and runbooks.

Technical Skills (Must‑Have)

VMware NSX (NSX‑T): DFW, Policy API/Manager, inventory groups, tags, service insertion.

vDefend / ATP: IDS/IPS enablement, malware prevention tuning, threat scenarios, evidence chain workflows.

Identity Firewall: directory/group integration, context‑aware policies.

Logging & Monitoring: syslog, NetFlow/IPFix, NSX Traceflow/Packet Capture; dashboard creation.

Scripting/Automation (nice to have): PowerShell, Python, or REST APIs for policy automation.

Security Frameworks: understanding of attack lifecycle/kill chain, MITRE ATTACK mapping (preferred).

Networking: L2/L3, routing, NAT, overlay/underlay; segmentation patterns.

Education & Certifications (Preferred)

Certifications: VMware NSX (VCP‑NV/VCAP‑NV), security certs (e.g., CISSP, GSEC), and/or cloud security credentials