Sr. Network Engineer & Connectivity Architect

The Sr. Network Engineer & Connectivity Architect serves as the principal architect of the organization’s enterprise connectivity platform (“The Backbone”), with a primary focus on Microsoft Azure networking, Cisco Meraki infrastructure, and identity-driven access (Active Directory & Entra ID).

This role is responsible for designing and operating a secure, highly resilient, and cloud-aligned network architecture, where access decisions are governed by user identity, device posture, and real-time risk signals, rather than traditional network boundaries.

Leveraging Infrastructure as Code (IaC), AIOps, and Zero Trust principles, this position ensures seamless, secure connectivity across Azure, on-prem environments, branch networks (Meraki), and SaaS platforms such as Microsoft 365, while enabling a scalable, automated, and self-healing infrastructure.

Identity-Driven Network Architecture (CORE)

Design and implement a network architecture where identity is the primary control plane. Integrate Active Directory (on-prem), Entra ID, and identity providers (Okta) with network enforcement points to enable real-time, identity-based access decisions.

Active Directory & Hybrid Identity Ownership

Architect and support enterprise-scale hybrid identity environments, including:

Active Directory design (sites, replication, GPO strategy)

Entra Connect (Azure AD Connect) synchronization

Authentication protocols (Kerberos, NTLM, modern authentication)

Secure integration with cloud and network services

Entra ID & Conditional Access Engineering

Design, implement, and optimize Conditional Access policies, including:

MFA enforcement strategies

Device compliance (Intune integration)

Risk-based and session-based access controls

Location-aware and Zero Trust access models

Zero Trust & Identity Enforcement

Lead the implementation of a Zero Trust architecture by aligning:

Identity (Entra ID / Active Directory / Okta)

Network (Azure, Meraki)

Endpoint (Intune / device posture)

Ensure consistent enforcement of least privilege access across all environments.

Microsoft 365 Identity & Access Optimization

Ensure secure, high-performance access to Microsoft 365 by:

Aligning identity policies with network routing and access controls

Supporting modern authentication flows and token-based access

Optimizing Teams, Exchange, and SharePoint connectivity

Azure-Centric Network Architecture

Design and implement scalable Azure networking solutions, including:

Virtual Networks (VNet) and Hub-and-Spoke architectures

Private Endpoints and Private Link

Azure Firewall, NSGs, and routing strategies

DNS architecture and name resolution

Meraki Network Design & Operations

Lead the design, deployment, and optimization of Cisco Meraki environments, including:

MX (SD-WAN & security appliances)

MS (switching)

MR (wireless)

Auto VPN and centralized cloud-based management

Hybrid Connectivity & Interconnects

Architect and manage secure connectivity between environments using:

ExpressRoute

VPN Gateways

Meraki SD-WAN (Auto VPN)

Ensure low latency, high availability, and seamless failover.

Infrastructure as Code (IaC) & Automation

Manage network and cloud configurations as code using:

Terraform, Bicep, or ARM templates

CI/CD pipelines (Azure DevOps, GitHub Actions)

Ensure all deployments are standardized, repeatable, and auditable.

AI Ops & Observability

Implement monitoring and telemetry across Azure and Meraki using:

Azure Monitor & Log Analytics

Meraki Dashboard

Observability tools (Dynatrace, Splunk, etc.)

Enable proactive detection, anomaly identification, and automated remediation.

Resiliency & Business Continuity Engineering (CRITICAL)

Design and maintain a highly resilient network architecture across Azure, Meraki, on-prem, and SaaS environments:

Eliminate single points of failure

Implement redundancy across WAN, LAN, wireless, and cloud

Design for automated failover and rapid recovery

Ensure identity-dependent services remain available during outages

Governance & Policy Enforcement

Establish and enforce governance using:

Azure Policy and tagging standards

Policy-as-Code frameworks

Identity governance (access reviews, RBAC, least privilege)

Ensure compliance with security, regulatory, and enterprise standards.

Technical Expertise

Category	Requirements
Identity & Access (PRIMARY)	Deep expertise in Active Directory (architecture, GPOs, replication), Entra ID, Conditional Access, MFA, federation (SAML, OAuth, OIDC), hybrid identity
Zero Trust Architecture	Experience implementing identity-driven access integrating network, endpoint, and SaaS
Azure Networking (PRIMARY)	VNets, ExpressRoute, VPN Gateway, Azure Firewall, Private Link, DNS, Hub-Spoke design
Meraki (PRIMARY)	MX (SD-WAN), MS (switching), MR (wireless), Auto VPN, Meraki Dashboard
Automation & IaC	Terraform, Bicep, ARM templates, CI/CD pipelines
M365 Integration	Identity and network dependency across Exchange, Teams, SharePoint
Endpoint Integration	Intune/device compliance integration with access policies
Observability	Azure Monitor, Log Analytics, Meraki Dashboard, Dynatrace, Splunk
Scripting & DevOps	PowerShell, Python, or similar scripting experience

Bachelor’s degree in Computer Science, Information Technology, or a related technical field; Master’s degree in Information Systems Management preferred.

In lieu of a degree, 12+ years of enterprise-level infrastructure experience with a proven track record of delivering automation-first networking projects.

Required Experience

8–10+ years of enterprise networking experience

5+ years of Active Directory experience (enterprise scale)

3+ years of Entra ID (Azure AD), Conditional Access, and MFA

3+ years of Azure networking experience

3+ years of Cisco Meraki experience (SD-WAN, switching, wireless)

Experience designing hybrid connectivity (ExpressRoute, VPN, SD-WAN)

Experience implementing IaC (Terraform, Bicep, ARM)

Experience integrating identity with network and Zero Trust frameworks

Proven experience leading a transition from legacy "box-by-box" management to a centralized, API-driven orchestration model.

Microsoft Certified: Azure Network Engineer Associate (AZ-700)

Microsoft Certified: Identity and Access Administrator (SC-300)

Microsoft Certified: Azure Solutions Architect Expert

Cisco Meraki Solutions Specialist (CMSS)

Cisco Certified Internetwork Expert (CCIE) or CCNP Enterprise

Cisco Certified DevNet Professional

Hashi Corp Certified: Terraform Associate

Certified Kubernetes Administrator (CKA)