Sr. Network Engineer & Connectivity Architect

OverviewAPCO Holdings partners with dealerships across North America to deliver innovative vehicle protection products and services that enhance the ownership experience for customers and drive growth for our partners. Through our family of brands, we bring together industry expertise, technology, and data-driven insights to help dealers strengthen their finance and insurance performance and build lasting relationships with their customers. Our teams work collaboratively across operations, technology, risk, finance, marketing, and sales to deliver solutions that create measurable value and support the continued growth of APCO and the partners we serve.The Sr. Network Engineer & Connectivity Architect serves as the principal architect of the organization's enterprise connectivity platform (The Backbone), with a primary focus on Microsoft Azure networking, Cisco Meraki infrastructure, and identity-driven access (Active Directory & Entra ID).This role is responsible for designing and operating a secure, highly resilient, and cloud-aligned network architecture, where access decisions are governed by user identity, device posture, and real-time risk signals, rather than traditional network boundaries. Leveraging Infrastructure as Code (IaC), AIOps, and Zero Trust principles, this position ensures seamless, secure connectivity across Azure, on-prem environments, branch networks (Meraki), and SaaS platforms such as Microsoft 365, while enabling a scalable, automated, and self-healing infrastructure.Key ResponsibilitiesIdentity-Driven Network Architecture (CORE)Design and implement a network architecture where identity is the primary control plane. Integrate Active Directory (on-prem), Entra ID, and identity providers (Okta) with network enforcement points to enable real-time, identity-based access decisions.Active Directory & Hybrid Identity OwnershipArchitect and support enterprise-scale hybrid identity environments, including:Active Directory design (sites, replication, GPO strategy)Entra Connect (Azure AD Connect) synchronizationAuthentication protocols (Kerberos, NTLM, modern authentication)Secure integration with cloud and network servicesEntra ID & Conditional Access EngineeringDesign, implement, and optimize Conditional Access policies, including:MFA enforcement strategiesDevice compliance (Intune integration)Risk-based and session-based access controlsLocation-aware and Zero Trust access modelsZero Trust & Identity EnforcementLead the implementation of a Zero Trust architecture by aligning:Identity (Entra ID / Active Directory / Okta)Network (Azure, Meraki)Endpoint (Intune / device posture)Ensure consistent enforcement of least privilege access across all environments.Microsoft 365 Identity & Access OptimizationEnsure secure, high-performance access to Microsoft 365 by:Aligning identity policies with network routing and access controlsSupporting modern authentication flows and token-based accessOptimizing Teams, Exchange, and SharePoint connectivityAzure-Centric Network ArchitectureDesign and implement scalable Azure networking solutions, including:Virtual Networks (VNet) and Hub-and-Spoke architecturesPrivate Endpoints and Private LinkAzure Firewall, NSGs, and routing strategiesDNS architecture and name resolutionMeraki Network Design & OperationsLead the design, deployment, and optimization of Cisco Meraki environments, including:MX (SD-WAN & security appliances)MS (switching)MR (wireless)Auto VPN and centralized cloud-based managementHybrid Connectivity & InterconnectsArchitect and manage secure connectivity between environments using:ExpressRouteVPN GatewaysMeraki SD-WAN (Auto VPN)Ensure low latency, high availability, and seamless failover.Infrastructure as Code (IaC) & AutomationManage network and cloud configurations as code using:Terraform, Bicep, or ARM templatesCI/CD pipelines (Azure DevOps, GitHub Actions)Ensure all deployments are standardized, repeatable, and auditable.AI Ops & ObservabilityImplement monitoring and telemetry across Azure and Meraki using:Azure Monitor & Log AnalyticsMeraki DashboardObservability tools (Dynatrace, Splunk, etc.)Enable proactive detection, anomaly identification, and automated remediation.Resiliency & Business Continuity Engineering (CRITICAL)Design and maintain a highly resilient network architecture across Azure, Meraki, on-prem, and SaaS environments:Eliminate single points of failureImplement redundancy across WAN, LAN, wireless, and cloudDesign for automated failover and rapid recoveryEnsure identity-dependent services remain available during outagesGovernance & Policy EnforcementEstablish and enforce governance using:Azure Policy and tagging standardsPolicy-as-Code frameworksIdentity governance (access reviews, RBAC, least privilege)Ensure compliance with security, regulatory, and enterprise standards.Technical ExpertiseIdentity & Access (PRIMARY)Deep expertise in Active Directory (architecture, GPOs, replication), Entra ID, Conditional Access, MFA, federation (SAML, OAuth, OIDC), hybrid identityZero Trust ArchitectureExperience implementing identity-driven access integrating network, endpoint, and SaaSAzure Networking (PRIMARY)VNets, ExpressRoute, VPN Gateway, Azure Firewall, Private Link, DNS, Hub-Spoke designMeraki (PRIMARY)MX (SD-WAN), MS (switching), MR (wireless), Auto VPN, Meraki DashboardAutomation &IaCTerraform, Bicep, ARM templates, CI/CD pipelinesM365 IntegrationIdentity and network dependency across Exchange, Teams, SharePointEndpoint IntegrationIntune/device compliance integration with access policiesObservabilityAzure Monitor, Log Analytics, Meraki Dashboard, Dynatrace, SplunkScripting & DevOpsPowerShell, Python, or similar scripting experienceEducation and ExperienceBachelor's degree in Computer Science, Information Technology, or a related technical field; Master's degree in Information Systems Management preferred.In lieu of a degree, 12+ years of enterprise-level infrastructure experience with a proven track record of delivering automation-first networking projects.Required Experience8–10+ years of enterprise networking experience5+ years of Active Directory experience (enterprise scale)3+ years of Entra ID (Azure AD), Conditional Access, and MFA3+ years of Azure networking experience3+ years of Cisco Meraki experience (SD-WAN, switching, wireless)Experience designing hybrid connectivity (ExpressRoute, VPN, SD-WAN)Experience implementing IaC (Terraform, Bicep, ARM)Experience integrating identity with network and Zero Trust frameworksProven experience leading a transition from legacy "box-by-box" management to a centralized, API-driven orchestration model.Preferred ExperienceMicrosoft 365 performance and connectivity optimizationCertifications (Preferred)Microsoft Certified: Azure Network Engineer Associate (AZ-700)Microsoft Certified: Identity and Access Administrator (SC-300)Microsoft Certified: Azure Solutions Architect ExpertCisco Meraki Solutions Specialist (CMSS)Cisco Certified Internetwork Expert (CCIE) or CCNP EnterpriseCisco Certified DevNet ProfessionalHashiCorp Certified: Terraform AssociateCertified Kubernetes Administrator (CKA)At APCO, the way we work matters just as much as the results we deliver. Our values guide how we work, how we partner, and how we deliver results.We C.A.R.E.Committed – We build strong, high-trust relationships with our partners and each other.Accountable – We take ownership of outcomes and hold ourselves to the highest standards of performance and integrity.Results-Driven – We focus on delivering measurable outcomes that create value for our partners and our business.Excellent – We strive for excellence in everything we do while balancing short-term performance with long-term success.If you're excited about joining a team that values collaboration, accountability, and continuous improvement, we'd love to hear from you.By submitting your application, you acknowledge that you have read and understand our Privacy Policy and Terms & Conditions. APCO Holdings may collect personal information to evaluate your candidacy. We may share this data with our subsidiaries, affiliates, and service providers. We retain applicant data only as long as necessary for the hiring process or as required by law.J-18808-Ljbffr