Infrastructure Architect

About The Position

Requirements

• Deep understanding of BGP routing, Anycast, AWS Transit Gateway, Azure Virtual WAN, and hybrid connectivity (Direct Connect, ExpressRoute).
• Mastery of TCP/IP, UDP, OSPF, DNS, HTTP/S, TLS, and IPSec VPN frameworks.
• Understanding of Kubernetes networking models and CNIs like Cilium (eBPF), Calico, or cloud-native variants.
• Knowledge of micro-segmentation, Next-Generation Firewalls (NGFW), WAFs, DDoS mitigation, and mTLS.
• Familiarity with cloud pricing models, data transfer charges (NAT gateway costs, inter-AZ fees), and budget optimization.
• Writing modular, reusable Terraform, OpenTofu, or Pulumi code to provision complex, multi-region networks.
• Capturing and analyzing VPC Flow Logs or utilizing tools like Wireshark to debug Layer 3 through Layer 7 anomalies.
• Writing production-grade scripts in Python, Go, or Bash to automate routine network tasks and compliance audits.
• Configuring dashboards and synthetic testing in tools like Datadog, ThousandEyes, or Prometheus.
• Building automated deployment pipelines that safely validate and push network infrastructure changes.
• The capacity to systematically dissect and isolate root causes of complex, transient network latency or packet loss.
• The ability to visualize and design highly complex, multi-layered environments and trace data flow from edge to microservice.
• The capacity to quickly pivot between writing code/scripts and discussing high-level strategy with stakeholders.
• The innate ability to inspire, mentor, and upskill junior engineers on complex network-native engineering patterns.
• Translating deeply technical networking jargon into plain, actionable business logic for non-technical leadership.

Nice To Haves

• Bachelor’s degree in Computer Science, Computer Engineering, Information Technology, or a closely related technical field.
• AWS: AWS Certified Solutions Architect – Professional AND AWS Certified Advanced Networking – Specialty.
• Cisco: CCNA, CCNP (Enterprise or Data Center), or CCIE.
• HashiCorp: Terraform Associate
• Master’s degree (MS) in Computer Science, Computer Network Engineering, or Cybersecurity.
• Active participation in open-source networking projects, Cloud Native Computing Foundation (CNCF) working groups, or published technical whitepapers.
• AWS: AWS Certified Advanced Networking – Specialty.
• AWS Certified Solutions Architect – Professional or DevOps Engineer – Professional.
• HashiCorp: Terraform Cloud Certified Professional.
• ISC²: Certified Cloud Security Professional (CCSP) or CISSP.

Responsibilities

• Design, implement, and maintain complex connectivity solutions linking on-premises data centers to the cloud using AWS Direct Connect, Azure ExpressRoute, MegaPort, and high-performance site-to-site VPNs.
• Architect routing topologies utilizing BGP, transit gateways (e.g., AWS Transit Gateway, Azure Virtual WAN), Anycast routing, and intelligent Global Server Load Balancing (GSLB).
• Build and manage highly scalable service meshes (e.g., Istio, Linkerd, Consul) and advanced ingress controllers to handle microservices communication, traffic splitting, and mutual TLS (mTLS).
• Own the global IP Address Management (IPAM) strategy and design highly available, split-horizon DNS architectures across hybrid environments.
• Provision all software-defined networking (SDN) components—including VPCs/VNet peers, subnets, route tables, firewalls, and load balancers—strictly via declarative code (Terraform, OpenTofu, or Pulumi).
• Develop custom automation scripts (Python, Go, Bash) to automate routine network configuration changes, testing, and compliance audits.
• Implement strict micro-segmentation, network security groups, and zero-trust policies to isolate workloads and reduce the blast radius of security incidents.
• Design and manage edge infrastructure, including Content Delivery Networks (CDNs like Cloudflare or CloudFront), Web Application Firewalls (WAF), and DDoS mitigation layers.
• Deploy and operate centralized network inspection architectures, routing traffic through Next-Generation Firewalls (NGFW) or cloud-native firewall appliances for deep packet inspection.
• Other duties as assigned as related to the position
• Participates in the establishment of guidelines and policies

Benefits

• Affordable medical, dental, life, and short-term disability insurance plans
• Participation in the Arizona State Retirement System (ASRS) and long-term disability plans
• 10 paid holidays per year
• Vacation time accrued at 4.00 hours bi-weekly for the first 3 years
• Sick time accrued at 3.70 hours bi-weekly
• Paid Parental Leave-Up to 12 weeks per year paid leave for newborn or newly-placed foster/adopted child (pilot program).
• Deferred compensation plan
• Wellness plans
• Tuition Reimbursement
• Stipend Opportunities
• Infant at Work Program
• Rideshare and Public Transit Subsidy
• Career Advancement & Employee Development Opportunities
• Flexible schedules to create a work/life balance