Principle Technical Architect

Responsibilities Kforce has a client that is seeking a Principle Technical Architect in Plano, TX. In this role, you will set architecture direction, drive complex deployments across distributed campuses, and mentor engineers while partnering closely with security and operations. Duties/Day to Day Overview: • Own end to end SD Access architecture for large, multi-site enterprises: fabric design (control/edge/border), transit options, segmentation (SGTs/TrustSec), identity policy, and integration with WAN and data center • Lead Catalyst Center-driven automation: design templates, SDA workflows, network assurance, SWIM, and closed loop operations aligned to reliability/SLOs • Design identity centric security with ISE: policy sets, authorization profiles, posture, PxGrid integrations, wired/wireless 802.1X/MAB, guest/BYOD, and scalable group policies • Engineer secure edge and campus perimeters: Cisco FTD/Firepower policy design, NAT, VPN, IDS/IPS, SSL decryption strategy, and high availability • Architect SD WAN underlay/overlay: transport independence, application aware routing, DIA/Cloud on ramp, security integration, and multi region scale • Expert routing at scale: BGP (policy, route reflectors, communities), OSPF, EIGRP, ECMP, redistribution strategies, route filtering, summarization, and IPv6 planning • Drive modernization roadmaps: brownfield to SDA migration, hierarchical campus design, QoS, multicast, wireless controller (Catalyst 9800) alignment, and resiliency patterns • Deliver hands on build and escalation leadership: lab validation, pilot, phased rollout, cutover plans, MOPs, change windows, and root cause analysis for P1/P2 incidents • Mentor and uplift engineering teams: design reviews, standards, runbooks, and enablement sessions for operations and field engineers Requirements • Active CCIE (any track; Enterprise Infrastructure and/or Security strongly preferred) • 10+ years enterprise networking experience, including 3-5+ years leading SD Access architecture and deployment across multiple sites • Strong experience with Cisco SD WAN (design, policy/templating, security integration, operationalization) • Proven, exceptional hands-on skills with Cisco routing/switching and Catalyst Center (formerly Cisco DNA Center) for SDA automation and assurance • Deep expertise with Cisco ISE (policy, 802.1X, SGT/TrustSec) and Cisco FTD (Firepower) firewalls (threat, access control, NAT/VPN, high availability) • Expert level knowledge of BGP, EIGRP, OSPF, redistribution, and route policy design for large enterprises • Demonstrated success leading complex, multi-phase migrations and mentoring senior engineers Preferred Qualifications • CCDE or dual CCIE; Cisco Certified Specialist certifications in SDA, ISE, or SD WAN • Automation fluency (Ansible, Python, Terraform), Git based workflows, and API integration with Catalyst Center/ISE/FTD/SD WAN • Wireless (Catalyst 9800/Prime/Catalyst Center Assurance), QoS strategy, multicast, NAC posture, and Zero Trust segmentation • Cloud networking (Azure/AWS), hybrid connectivity, and DNS/DHCP/IPAM integration • Familiarity with data center and campus interconnect (e.g., ACI concepts beneficial but not required) The pay range is the lowest to highest compensation we reasonably in good faith believe we would pay at posting for this role. We may ultimately pay more or less than this range. Employee pay is based on factors like relevant education, qualifications, certifications, experience, skills, seniority, location, performance, union contract and business needs. This range may be modified in the future. We offer comprehensive benefits including medical/dental/vision insurance, HSA, FSA, 401(k), and life, disability & ADD insurance to eligible employees. Salaried personnel receive paid time off. Hourly employees are not eligible for paid time off unless required by law. Hourly employees on a Service Contract Act project are eligible for paid sick leave. Note: Pay is not considered compensation until it is earned, vested and determinable. The amount and availability of any compensation remains in Kforce's sole discretion unless and until paid and may be modified in its discretion consistent with the law. This job is not eligible for bonuses, incentives or commissions. Kforce is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status. By clicking “Apply Today” you agree to receive calls, AI-generated calls, text messages or emails from Kforce and its affiliates, and service providers. Note that if you choose to communicate with Kforce via text messaging the frequency may vary, and message and data rates may apply. Carriers are not liable for delayed or undelivered messages. You will always have the right to cease communicating via text by using key words such as STOP.