276-Senior Network & Data Center Architect (CCIE Level)

Directorate of Information Communication Technology at Ministry of Finance mainly focusing in the area providing data and voice services for MoF operations using highly-equipped data center, unified transmission system, and interconnected links via fiber and microwaves.

Directorate of ICT is providing reliable and secure platform for overall data and voice connectivity and access to MoF core application services in MoF HQs and sites.

The organization operates a multi-branch enterprise network with centralized data center services. The infrastructure includes Cisco routing and switching, DMVPN WAN architecture, Sophos Next-Generation Firewalls, and VMware virtualization platform. A CCIE-level architect is required to design, secure, and optimize this environment following international best practices.

. Objectives

• Design scalable and resilient enterprise network architecture.
• Implement secure Cisco DMVPN WAN connectivity.
• Architect Sophos Firewall multi-zone security framework.
• Design Tier-2/Tier-3 Data Center architecture.
• Implement VMware vSphere high-availability clusters.
• Ensure Zero Trust segmentation and high availability.

 Cisco Enterprise Network

• Hierarchical Core / Distribution / Access design.
• OSPF multi-area and BGP WAN edge routing.
• HSRP/VRRP gateway redundancy.
• VLAN design and segmentation.

• QoS for ERP and VoIP.
• NetFlow, SNMPv3, and monitoring integration.

 DMVPN WAN Architecture

• Dual Hub DMVPN Phase 3 architecture.
• mGRE tunnels with NHRP configuration.
• IPsec IKEv2 with AES-256 encryption.
• Routing over DMVPN (OSPF/EIGRP/BGP).
• IP SLA tracking and automatic failover.
• QoS pre-classify and bandwidth control.

 Sophos Firewall

• Multi-zone segmentation (WAN, LAN, DMZ, Server, VPN, Guest).
• IPS, ATP, SSL inspection, Application Control.
• Web Application Firewall for public services.
• Active-Passive High Availability design.
• Firewall rule matrix and Zero Trust policy implementation.

 Data Center Design

• Dual core switch design.
• Redundant ISP and firewall connectivity.
• Rack elevation and power redundancy planning.
• Storage network segmentation.
• Disaster Recovery architecture.

 VMware Virtualization

• vSphere cluster with HA and DRS.
• Distributed Virtual Switch (VDS).
• Resource sizing and capacity planning.
• Backup and snapshot governance policy.
• Secure management and segmentation.

 Security & Compliance

• Micro-segmentation strategy.
• Control Plane Policing (CoPP).
• Certificate-based authentication.
• Logging, SIEM integration, and monitoring.
• Failover testing documentation.

 Deliverables

• High-Level Design (HLD).
• Low-Level Design (LLD).
• IP Addressing & VLAN Matrix.
• DMVPN Tunnel Plan.
• Firewall Security Matrix.
• Data Center Physical & Logical Diagrams.
• Disaster Recovery Plan.
• Knowledge Transfer & Documentation.

 Required Qualifications

• Cisco CCIE (Enterprise Infrastructure preferred).
• Minimum 10 years enterprise networking experience.
• Proven Sophos Firewall architecture experience.
• Data Center design expertise.
• VMware VCP/VCAP certification preferred.

 Performance Indicators (KPIs)

• Network uptime ≥ 99.9%.
• Zero critical misconfiguration findings.
• Successful failover test validation.
• Documented and approved architecture design.

Qualified applicants are encouraged to submit their CVs with a detailed application letter and contact details, no later than 9-JUL-2026 to below e-mail: 

Please clearly indicate “position name/vacancy number in the subject line.

Please do not attach your education and working experience documents.