VMware NSX Architect

About the Role

At MomentumAI, you’ll architect and deliver VMware NSX network virtualization and security solutions for enterprise and government clients, with a focus on NSX 4.x within VMware Cloud Foundation (VCF) 9 environments. You’ll partner with platform, infrastructure, and security teams to implement zero trust security, micro-segmentation, and modern network architectures while meeting stringent security and compliance requirements.

We are seeking an NSX Architect with deep expertise in software-defined networking and network security. You will work with mission stakeholders, developers, security, and operations to design resilient network architectures, implement distributed firewalls and micro-segmentation, and modernize network infrastructure in both commercial and air-gapped environments.

VCF 9 integrates NSX as a core networking and security component, featuring vDefend for advanced threat protection, virtual patching, and east-west traffic control. You’ll help clients leverage these capabilities to build secure, software-defined network infrastructures.

What You’ll Do

• Network Virtualization Architecture: Design and implement NSX 4.x software-defined networking solutions within VCF 9, including overlay networks, distributed routing, NSX VPCs, and load balancing
• Security Architecture: Architect micro-segmentation strategies, distributed firewalls, and zero trust network security models using NSX and vDefend
• vDefend Implementation: Deploy vDefend capabilities for virtual patching, ransomware protection, and lateral movement prevention across east-west traffic
• NSX VPC Design: Architect multi-tenant network environments using NSX VPCs with proper isolation, security policies, and connectivity
• Integration & Migration: Lead network modernization initiatives using HCX for workload migration and Layer 2 Network Extension to NSX VPC environments
• Threat Detection: Implement NSX Intelligence and NSX Network Detection and Response for security visibility and automated threat response
• Security & Compliance: Implement network security controls ensuring platforms meet enterprise security standards and government requirements (FedRAMP, NIST, DoD, STIG) where applicable
• Client Engagement: Work directly with clients to understand requirements, present solutions, and guide technical decisions
• Team Leadership: Mentor junior engineers and contribute to practice development, including reusable patterns and accelerators
• Documentation: Create architecture documentation, runbooks, and training materials for client teams

Required Qualifications

Strong candidates will meet most (not necessarily all) of the following requirements.

• 8+ years of experience in network engineering, network security, or infrastructure architecture roles
• Deep expertise with VMware NSX 4.x, including deployment within VCF environments
• Strong understanding of network fundamentals including routing protocols (BGP, OSPF), switching, and load balancing
• Hands-on experience with micro-segmentation design and distributed firewall policies
• Experience with overlay networking concepts (VXLAN, Geneve) and network virtualization
• Remote-friendly with travel to client sites as needed

Preferred Qualifications

These are nice-to-haves that strengthen your candidacy. You don’t need all of them.

• VMware Certified Professional - Network Virtualization (VCP-NV)
• VMware Certified Advanced Professional - Network Virtualization (VCAP-NV Design or Deploy)
• VMware Certified Design Expert (VCDX-NV)
• VMware Certified Professional - VCF Administrator (VCP-VCF Administrator) or VCP-VCF Architect
• Knowledge of NSX Advanced Load Balancer (Avi Networks)
• Experience with automation tools (Ansible, Terraform, Go, Python)
• Experience with air-gapped or disconnected environment deployments

Nice to Have

• Active security clearance (TS/SCI preferred for government engagements)
• Experience working in federal or defense environments
• Familiarity with integrating NSX with Kubernetes networking (Antrea, NCP)