Role: Network Architect
Location: Remote
FTE
Job Description
Must Have Technical/Functional Skills
Routing & Switching
• Expert in OSPF, BGP, IS-IS, route redistribution, filtering, communities, path selection.
• IPv4/IPv6, NAT, multicast (PIM), ECMP, HA pairs/stacking, MLAG/vPC.
Data Center & Campus
• VXLAN/EVPN fabrics, spine leaf, EVPN, L2/L3 segmentation.
• Wireless/Wi Fi 6/6E, RF planning, identity-based access.
WAN / Edge / Remote
• SD WAN (Cisco/Viptela, Meraki, Aruba, Versa, Fortinet, Palo Alto, etc.).
• SASE/SSE (Zscaler, Prisma Access, Netskope) and Zero Trust access patterns.
Security Integration
• Next gen firewalls, IPS/IDS, micro-segmentation (NSX-T/ACI/Illumio), NAC (ISE/ClearPass).
• TLS/IPsec, MACsec, PKI, AAA, RADIUS/TACACS+, device hardening.
Cloud Networking
• AWS: VPC, TGW, PrivateLink, GWLB, Route 53, NLB/ALB, SG/NACL.
• Azure: VNet, vWAN, ExpressRoute, Private Link, Azure Firewall, Front Door, DNS.
• GCP: VPC, Cloud Router/NAT, Interconnect, Cloud DNS, Load Balancing.
• Hybrid connectivity (MPLS, DIA, ExpressRoute/Direct Connect/Interconnect), routing, and security.
Wireless and Remote Access:
• Implementation and management of enterprise Wi-Fi (WLCs, RADIUS, 802.1X, WPA3).
• Experience with remote access VPN (SSL/IPsec), SD-WAN, and policy-based routing.
Roles & Responsibilities
Essential Duties and Responsibilities:
• Architecture & Design
- Define target-state network architectures (LAN/WAN, data center, campus, branch, edge, SD-WAN, SASE, Zero Trust, Wi Fi).
- Produce HLD/LLD (High-/Low-Level Designs), reference architectures, bill of materials, and network diagrams.
- Architect cloud networking across AWS/Azure/GCP (VPC/VNet, transit, private link, routing, DNS, FW, load balancing, service mesh integration).
- Design resiliency and performance: HA, ECMP, QoS, traffic engineering, capacity planning, multi-region patterns.
- Define standards, policies, and patterns (naming, IPAM, routing, segmentation, encryption, observability).
• Implementation & Delivery
- Lead proofs-of-concept and pilots for new technologies (SD WAN/SASE/NAC/automation frameworks).
- Guide implementation teams; review configuration templates, change plans, and cutover runbooks.
- Establish automation-first workflows for provisioning, configuration, compliance, and drift remediation.
• Security & Compli ance
- Embed Zero Trust principles: micro/macro segmentation, identity-aware networking, secure access.
- Partner with Security to integrate NAC, IDS/IPS, FWaaS, DLP, CASB/SSE/SASE, and logging pipelines.
- Ensure compliance with ISO 27001, SOC 2, PCI-DSS, and data residency/regulatory requirements.
• Operations & Reliability
- Define SLOs/SLAs, capacity thresholds, and monitoring KPIs (availability, latency, loss, jitter).
- Build observability: NetFlow/IPFIX, SNMP, streaming telemetry, syslog, packet brokers, NPM/APM.
- Drive problem management: root-cause analysis (RCA), post-incident reviews, and prevention plans.
• Automation and Network Management:
- Scripting and automation with Python, Ansible, Terraform, or similar tools for network provisioning and configuration management.
- Familiarity with Infrastructure as Code (IaC) principles.
- Integration with network management and monitoring platforms (SolarWinds, NetBrain, Cisco DNA Center).
• Governance & Leadership
- Own the network technology roadmap and multi year investment plan (TCO/ROI).
- Lead vendor selection, bake offs, and contract/SKU optimization.
- Mentor engineers, uplift standards, and evangelize best practices across teams.
- Communicate complex topics to both executive and engineering audiences.