Job Description

:

--------------------



Hybrid Cloud Network Architect focused on bridging modern public cloud with on premises connectivity Own the end to end network architecture across AWS and Google Cloud GCP integrating on prem environments via AWS Direct Connect GCP Dedicated Interconnect and site to site VPNs Requires a seasoned architect with a minimum of 5 years experience in an architecture role Work with external vendors and cross functional teams discover business and technical requirements perform design impact assessments evaluate multiple design options and translate application and business needs into resilient secure and cost efficient network designs Lead delivery from High Level Design HLD to production converting application requirements into HLD blueprint patterns aligned with Service Level Management practices SLAs SLOs SLIs and SRE principles Provide guidance to the network engineering team and support the definition of Low Level Designs LLDs Maintaining up to date design documentation and diagrams

Key Responsibilities:

-------------------------



Own hybrid connectivity Design implement perform capacity planning and evolve AWS Direct Connect GCP Dedicated Partner Interconnect Cloud Router BGP and IPSec HA VPN for multi region multi VPC VPC hub and spoke topologies Proof Of Concepts Carry out proof of concepts PoCs to validate new greenfield solutions design options Engineer cloud network platforms AWS GCP Kubernetes EKS GKE Integrate with on prem MPLS L3VPN route design import export policies VRFs inter AS options and traffic engineering to DCs and sites BGP Routing policy control eBGP iBGP best path communities MED local pref AS path policy graceful failover between Interconnect VPNv4 VPNv6 BFD where applicable Encrypted overlays tunnels Architect IPSec IKEv2 DMVPN FlexVPN GRE for intra cloud and hybrid use cases handle overlapping IP with NAT strategies Reliability performance High availability designs multi region DR ECMP QoS and capacity planning minimise egress costs and hair pinning Troubleshooting authority Lead deep dive analysis across TCP IP DNS HTTP TLS and app flows using flow logs packet captures tcpdump Wireshark and cloud monitoring tools Security segmentation Work with security architecture team to align designs with zero trust least privilege principals security groups NACLs firewall policies centralised inspection via GWLB GWLBE or PSC and DNS egress controls

Technical Requirements:

---------------------------



5 years hands on experience designing and operating hybrid cloud environments with on prem integration in a large scale enterprise or service provider networks Solid hands on knowledge of EKS and GKE networking CNI models pod node CIDR and IP address planning load balancers and Ingress private public clusters control plane access and troubleshooting cluster connectivity to on prem and across clouds Strong expertise in MPLS L3VPNs BGP eBGP iBGP route policy and traffic engineering Deep knowledge of IPSec and DMVPN FlexVPN GRE and site to site VPN

Additional Responsibilities:

--------------------------------



HashiCorp Vault OIDC with Keycloak Experience with Catalyst 8000v IOS XE or Cisco Nexus NX OS ACI or equivalent Observability CloudWatch Cloud Logging and Monitoring VPC Flow Logs analytics NetFlow sFlow or similar Scripting automation Terraform or any IaC equivalent Python Bash Ansible Exposure to security controls cloud firewalls IDS IPS and zero trust network design IPv6 design and migration experience

Preferred Skills:

---------------------


Technology->Cloud Security->AWS - Infrastructure Security->AWS Virtual Private Cloud (VPCs),Technology->Cloud Platform->GCP Devops,Technology->Container Platform->Kubernetes