Network Architect

The Network Architect is responsible for the high-level design and long-term evolution of the hybrid infrastructure. You will define how the AWS cloud environment integrates with our on-premises VMware data centers, ensuring security, high availability, and cost-efficiency. Key Responsibilities:Hybrid Blueprinting: Design and govern the connectivity patterns between AWS (Direct Connect, Transit Gateway) and VMware (NSX/Standard vSwitch).Capacity Planning: Forecast network growth and design scalable IPAM (IP Address Management) schemes that prevent CIDR overlaps across hybrid environments.Security Architecture: Define the "gold standard" for security groups, NACLs, and edge protection (AWS Shield/WAF) to maintain a zero-trust posture.Technology Selection: Evaluate and select third-party virtual appliances (e.g., Palo Alto, Cisco CSR) to run within AWS and VMware.Standardization: Create HLDs (High-Level Designs) and LLDs (Low-Level Designs) that the operations team will use for implementation.IPAM Strategy: Design the integration between AWS Route 53 and BlueCat Address Manager to ensure a unified "source of truth" for DNS and IP space across the hybrid estate.Application Delivery Design: Architect high-availability patterns using F5 BIG-IP (LTM/GTM), deciding between hardware appliances on-premise and Virtual Editions (VE) within AWS.Physical-to-Cloud Integration: Design the 802.1Q trunking and BGP peering between the physical core switches and AWS Direct Connect Gateways.Observability Framework: Define the logging standards for what network data (VPC Flow Logs, SNMP traps, F5 logs) is ingested into Splunk to create executive health dashboards.ACI Fabric Design: Lead the architectural design of the ACI Multi-Pod/Multi-Site fabric across QTS data centers, ensuring seamless L2/L3 extension to AWS.Logical Policy Mapping: Define the Tenant, VRF, and EPG (Endpoint Group) structures. Since NSX is absent, you will design how VMware VDS (Virtual Distributed Switches) integrate directly with ACI via VMM Domains.IPAM & DNS Orchestration: Architect the "Source of Truth" workflow using BlueCat, ensuring AWS VPC CIDRs and ACI Bridge Domains (BDs) are automatically synchronized to prevent overlaps.Traffic Steering (F5): Design the Service Graph integration to automate F5 BIG-IP insertion into ACI fabric paths for both on-prem and cloud workloads. Technical Skills:Primary (AWS): Expert knowledge of AWS Transit Gateway, Direct Connect (DX), Route 53 (Resolver/Hybrid DNS), and VPC Multi-Account strategy. Expert in Transit Gateway, Direct Connect, and Route 53 Resolver Endpoints. Expert in Cisco APIC policy, Contracts, and Cloud ACI (extending ACI policy natively into AWS VPCs)Primary (On-Prem): Deep expertise in VMware Standard/Distributed Switches and physical switching (Cisco Nexus/Arista). Proficiency in VMware Networking and physical data center networking (Spine-Leaf architecture, BGP/OSPF).L4-L7 Delivery: Advanced knowledge of F5 I Rules, BigIPS, GSLB (Global Server Load Balancing), and SSL orchestration.IPAM: Strategic management of BlueCat for complex hybrid CIDR allocations.Tools: Terraform for structural deployments; Python for API integrations (e.g., syncing BlueCat with AWS VPCs).Nice-to-have Infrastructure as Code: Ability to write and review Terraform modules to enforce "Architecture as Code" and ensure environment consistency. Advanced Terraform for "Fabric-as-Code” - automating the creation of Tenants, BDs, and EPGs alongside AWS resourcesScripting: Proficient in Python for high-level architectural tasks, such as automating audit reports or integrating network telemetry into dashboarding tools. Soft Skills:Strategic Communication & Influence: Translate complex network architecture into business-aligned decisions, influence senior stakeholders, and guide incident direction during major outages.Systems Thinking & Decision-Making Under Pressure: See end-to-end dependencies, anticipate cascading failures, and make high-impact architectural calls during P1/P0 incidents.Leadership & Cross-Functional Alignment: Lead war rooms, mentor engineers, and align network, cloud, security, and application teams toward rapid resolution and long-term fixes.Ownership, Foresight & Continuous Improvement: Drive RCA quality, embed resilience into design, and proactively evolve architecture, runbooks, and observability to prevent repeat incidents.