Senior Manager, IT Infrastructure

About The Position

Requirements

• Hands-on experience with Checkpoint Firewalls (Checkpoint 3980 preferred), Cisco Catalyst 9400/9200 switches, and SilverPeak SD-WAN solutions.
• Expert-level understanding of CyberArk (PVWM/vPAM) and Zscaler ZTNA/Zscaler App Connectors.
• Solid administration experience in VMware vSphere Enterprise and/or Microsoft Hyper-V running on bare-metal systems (e.g., Dell PowerEdge R670).
• Strong proficiency with Linux environments (Rocky Linux, Ubuntu, CentOS) for jump host configuration and secure HTTP/HTTPS local web repository servers (Nginx/Apache).
• Expert in VLAN tagging, inter-VLAN routing, subnetting, IP address management (IPAM), and secure file transfer protocols.
• Familiarity with script-based file synchronization and automated extraction/integrity validation mechanisms (e.g., hashing, checksums) for software deployment across isolated boundaries.
• Proven track record of generating flawless High-Level Designs (HLD) and Low-Level Designs (LLD), block diagrams, and standard operating procedures (SOPs).
• Comfortable working around strict operational boundaries where typical modern agents and automated tools are banned for security compliance.
• Ability to collaborate closely with HPS Design Engineers, Project Managers, Corporate IT Security, and external Customers.
• Ability to work closely with procurement to specify, justify, and size bill of materials (BOM) for both upgrading existing sites and provisioning new infrastructure.
• Bachelor’s degree in Network Engineering, Computer Science, Cybersecurity, or a related technical field.
• Minimum of 8+ years of experience in network architecture, with a heavy emphasis on securing air-gapped or highly isolated enterprise environments.

Nice To Haves

• Checkpoint Certified Security Expert (CCSE) or Master (CCSM)
• Cisco Certified Network Professional (CCNP) - Enterprise or Security
• CyberArk Certified Defender or Sentry
• Certified Information Systems Security Professional (CISSP)

Responsibilities

• Deploy Reference Architecture: Standardize and implement the RDL reference design across all global HPS design locations (San Jose, Richardson, Thailand, Shanghai, SongShan Lake, Penang, Chennai and future locations).
• Support New Instantiations: Act as the primary technical design authority to spin up new RDL network instances (allocating subnets, configuring dedicated VLANs, establishing local jump hosts, and defining user authentication parameters) for upcoming HPS design projects.
• Strict Constraint Enforcement: Maintain absolute isolation of the RDL environments. Ensure zero direct or indirect public internet connectivity and guarantee that out-of-scope systems or agents (e.g., CrowdStrike, Threat Locker, Big Fix, ServiceNow Agents, ClearPass NAC, and Windows Domain joins) are strictly excluded from the lab network.
• SD-WAN & Routing: Design, configure, and maintain the private, full-mesh SD-WAN overlay connecting global RDL sites.
• Secure Firewalling: Configure and administer enterprise-grade firewalls (Checkpoint 3980) protecting the perimeter of each localized lab, defining strict ingress/egress filtering rules.
• Switching & Segmentation: Manage core and access layer switches (Cisco Catalyst 9400/9200 series, Celestica DS2000, ES1500 switches) to segment the RDL into logical, multi-tenant VLAN environments—specifically separating Export Controlled and Non-Export Controlled network zones.
• Remote Customer Access: Oversee the implementation and administration of CyberArk vPAM (Virtual Privileged Access Management) for remote customer connections.
• Corporate Remote Access: Configure and maintain Zscaler ZTNA (Zero Trust Network Access) and App Connectors to terminate connections securely on Linux-based local jump hosts.
• Decentralized Authentication: Design and maintain a secure user management protocol on jump hosts and local RDL nodes. As the RDL operates without Windows Active Directory, you will define standard operating procedures for the manual/programmatic creation of local system accounts and localized role-based access control (RBAC).
• Repository Architecture: Maintain the multi-tier secure data distribution system: IT Repository Server, Global Repository Server, RDL Local Repository Server.
• Workflow Automation: Ensure seamless, secure, programmatically validated transfer of "transfer bundles" containing operating system packages (Rocky, Ubuntu, CentOS, etc.) across the air gap.
• Security Scans & Compliance: Coordinate with corporate IT and security teams to execute periodic vulnerability scanning and patching of repository servers, ensuring all packages undergo integrity checks before reaching the inner RDL networks.

Benefits

• Celestica is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, pregnancy, genetic information, disability, status as a protected veteran, or any other protected category under applicable federal, state, and local laws.
• This policy applies to hiring, promotion, discharge, pay, fringe benefits, job training, classification, referral and other aspects of employment and also states that retaliation against a person who files a charge of discrimination, participates in a discrimination proceeding, or otherwise opposes an unlawful employment practice will not be tolerated.
• All information will be kept confidential according to EEO guidelines.