Sr. Technology Architect - DC Network architecture Germany, NL

Job Description Role - Senior Technology Architect – Network Architect Location – Germany, UK and Netherlands (Any location) Unit – CIS (Cloud and Infrastructure) Job Description Role Overview

The Senior Technology Architect (STA) – Network owns the end‑to‑end network architecture across data center, campus, WAN/SD‑WAN, cloud, and edge environments. The role defines strategy, blueprints, and guardrails; leads complex transformations; and ensures the network platform delivers resilience, security (Zero Trust), performance, and cost efficiency
. The STA partners with product, security, platform engineering, and operations to architect vendor‑agnostic, automation‑first designs that scale across global enterprises.

• Define the network target state (DC, Campus, WAN/SD‑WAN, Cloud Networking, Edge) with reference architectures, patterns, and standards.
• Create high‑level and low‑level designs (HLD/LLD), including L2/L3, routing, segmentation, DNS, IPAM, firewalling, service insertion, and observability.
• Establish multi‑cloud network architectures (AWS/GCP/Azure) covering VPC/VNet design, Transit Gateways, Private Service Connect/Endpoint, Direct Connect/Interconnect, cross‑cloud connectivity, and service mesh integration.
• Lead modernization from legacy to EVPN/VXLAN fabrics, intent‑based networking, Zero Trust segmentation, and SASE/SSE.

• Apply Zero Trust principles across identity‑aware segmentation, micro/macro segmentation (e.g., SDN, NSX‑T, ACI, TGW/Cloud WAN firewalls), secure east‑west and north‑south flows.
• Define security guardrails (FWaaS, NGFW, WAF, IDS/IPS, DDoS, DNS security), key management, and policy‑as‑code; integrate with SIEM/SOAR.
• Partner with the CISO and platform teams to align with NIST, CIS, ISO 27001
  , and regulatory standards (e.g., telco/public sector as applicable).

• Engineer for high availability (multi‑AZ/region, fast reroute, ECMP, anycast, graceful restart) and deterministic performance for latency‑sensitive workloads (including telco and real‑time apps).
• Define traffic engineering strategies (QoS/CoS, policy‑based routing, segment routing, MPLS/EVPN/VXLAN, SR‑MPLS/SRv6).
• Design DR and failover topologies; conduct chaos/resilience testing and capacity planning.

• Drive automation‑first delivery using Terraform/Ansible/Python and network controllers/SDKs; embed policy‑as‑code and compliance checks into CI/CD.
• Implement observability
  : streaming telemetry, Net Flow/IPFIX, SNMP, syslog, synthetic testing, path analytics, digital experience monitoring (DEM).
• Govern SRE practices:
  SLO/SLI/error budgets for network services; automate pre‑/post‑change validation and rollbacks.

• Architect cloud networking at scale: VPC/VNet design, routing domains, NAT, ingress/egress, hybrid connectivity (DX/Interconnect/VPN), service discovery, Private Link/PSC.
• Integrate Kubernetes networking (CNI, Ingress/Egress, service mesh like Istio/Cilium), and secure service‑to‑service communication.
• Support edge/IoT networking patterns, SD‑Branch, and local breakout with unified policy.

• Lead SD‑WAN strategy and migration from MPLS to internet/5G underlay with application‑aware routing and performance SLAs.
• Define SASE/SSE reference patterns (ZTNA, SWG, CASB, DNS security, FWaaS) aligned with identity and device posture.

• Advise executives on network strategy, roadmap, TCO/ROI, and risk
  .
• Chair Design Authority
  ; review HLD/LLD, test plans, and change windows; ensure design compliance and non‑functional requirements (NFRs) are met.
• Mentor architects/engineers; cultivate reusable patterns and accelerators.

• Expert in routing & switching (OSPF, BGP, IS‑IS),
  EVPN/VXLAN
  , MPLS
  , QoS/CoS
  , multicast
  , NAT
  , DNS/DHCP/IPAM
  .
• Proven experience designing leaf‑spine data center fabrics
  , campus architectures, and global WANs.

• Deep knowledge of segmentation (macro/micro), NGFWs, IDS/IPS, DDoS, WAF, PKI,
  identity‑driven policy
  ,…