Freelance Opportunity: Banking Network
Project Summary
We are seeking a senior Network & Security Architect to design a resilient, regulator-compliant banking enterprise network that spans dual data-centers, disaster-recovery sites, regional branches/ATMs, and hybrid-cloud workloads.
Network Topology Requirements
• Data-Center & Disaster-Recovery Sites
Dual active-active DCs with spine-leaf fabric, MACsec on inter-DC links, isolated OOB network
• Campus / Headquarters
Redundant core & distribution, Wi-Fi 6/6E access, NAC-enforced segmentation
• Regional Branches & ATMs
SD-WAN overlays (MPLS + LTE/5G) with local Internet break-out, zero-touch provisioning
• Cloud Edge
Direct Connect / ExpressRoute / IPsec VPN-GW, micro-segmented VNET/VPCs
• Internet DMZ
Reverse proxies, WAF, DDoS scrubber, SWIFT-CSP-isolated zone
Services to Be Supported
• Core Banking & Treasury (ISO 8583, MQ, Micro-Services APIs)
• Digital & Mobile Banking (Open-Banking APIs, web/mobile channels)
• Payments – RTGS/NEFT/IMPS/UPI, SWIFT, card-switch, POS
• Unified Communications – VoIP/SBC, contact-center SIP, VC
• Enterprise IT – AD/Azure AD, M365, SaaS & SOC/SIEM feeds
Security-First Architecture
• Zero-Trust Segmentation (macro + micro, user/device-aware)
• Next-Gen Firewalls & virtual NGFWs at every trust boundary
• Inline IPS / sandboxing for east-west and north-south traffic
• Layer-7 WAF & API GW in DMZ; TLS 1.3 everywhere
• Compliance: PCI-DSS 4.0, RBI/IRDA cyber controls, SWIFT CSP, ISO 27001
• HA everywhere – clustered firewalls, ECMP, BGP GR, IPsec FVRF
Technical Requirements
• Routing/Switching: OSPF v2/v3, IS-IS, eBGP/iBGP, MP-BGP EVPN/VXLAN, MPLS L2/L3 VPN, Segment Routing (SR-MPLS/SRv6)
• Overlay & SD-WAN: DMVPN, SD-WAN (Viptela/Versa/Fortinet or similar)
• Automation: GitOps source-of-truth, Ansible/Terraform-ready design hooks
• Observability: gRPC telemetry, NetFlow/IPFIX, Syslog/SIEM pipelines
• Future-proof: IPv6-first; QoS placeholders (no policy config in scope)
Deliverables
• HLD – logical & topological views, security zones, resiliency model
• LLD – device roles, interface matrices, VRF maps, protocol timers
• IPv4/IPv6 Address Plan – summarised, dual-stack, hierarchically allocated
• Security Architecture Guide – segmentation tables, object-based FW rules, crypto standards
• Routing & Service Flow Docs – Core Banking, SWIFT, Digital channels, UC, Branch/ATM paths
• Procedure Playbooks – onboarding branches/cloud VPCs, DR fail-over, patch-window checklist
Mandatory Qualification Round
Please submit all required artefacts via this form:
• https://forms.office.com/r/4cCw88zP4c
• Digital Topology Diagram – DC, campus, branch, cloud edges & security zones
• One paragraph per major service – rationale, resiliency & security approach
• Routing, Overlay & Security Controls List – protocols, segmentation, crypto, automation hooks
• Service Checklist – confirm every item in the RFP is covered
Important Eligibility Notice – Read Before Applying
This contract demands proven senior-level expertise in banking/financial-sector network & security architecture.
Ideal Candidate
• 10 + years designing regulated financial networks & security
• Certifications: CCIE (Enterprise or Security) / JNCIE-SP and CISSP or CISM; PCNSE or NSE 7 is a plus
• Demonstrable PCI-DSS 4.0 and SWIFT CSP project history
• Comfortable with NetDevOps tooling and hybrid-cloud fabrics
Remuneration
USD $$$$ + premium project rate, fully commensurate with senior-level experience
Timeline
4 weeks (possible 1-week extension if agreed at kick-off)
Note: This is a short-term, deliverable-based engagement. It is not a full-time role or permanent position.
Work Mode
Remote; overlap with IST business hours preferred
How to Apply
Complete the qualification form → https://forms.office.com/r/4cCw88zP4c.
Short-listed candidates will be contacted for a technical interview and SOW alignment.