Network Architect (Infrastructure)

We are seeking a Senior Network & Cloud Infrastructure Architect with deep expertise in AWS networking, SD-WAN, and hybrid multi-region architectures.

This role is central to designing and implementing the secure, low-latency, highly available network foundation for a real-time cross-border payment proxy system based on ISO 20022 messaging.
You will bridge traditional networking and modern cloud-native infrastructure, ensuring seamless connectivity between regional Instant Payment Systems (IPS) in Asia through a high-performance SD-WAN and AWS Cloud WAN fabric.

Key Responsibilities

Architecture & Design

• Design and implement a multi-region AWS network architecture for instant cross-border payment flows

• Architect AWS VPC topologies, Transit Gateway/Cloud WAN, and Direct Connect/VPN links to domestic IPS networks for ultra-low-latency communication.
• Integrate SD-WAN overlay for intelligent traffic routing, redundancy, and performance optimization across borders.
• Define network segmentation, routing policies, QoS, and traffic-engineering strategies to meet latency targets in the millisecond range.
• Design end-to-end encryption, mTLS, and PKI for secure data-in-transit across hybrid environments.
• Collaborate with cloud architects to ensure the network supports event-driven microservices, DynamoDB global tables, and multi-AZ EKS clusters.

Implementation & Operations

• Lead deployment of network infrastructure using Infrastructure as Code (IaC)—Terraform/CDK for repeatable, auditable builds.
• Configure and manage AWS networking services: VPC Peering, Transit Gateway, Route 53, Global Accelerator, Network Firewall, WAF, and Shield.
• Integrate SD-WAN edge appliances (Cisco, Fortinet, or similar) with AWS Cloud WAN and on-prem IPS nodes.
• Establish redundant connectivity using AWS Direct Connect, VPN failover, and dynamic route propagation (BGP/OSPF).
• Optimize network performance monitoring using CloudWatch, Flow Logs, and third-party observability tools.
• Build and maintain network-as-code pipelines with version control, validation, and automated compliance checks.

Security & Compliance

• Enforce MAS TRM, PCI DSS, and GDPR-aligned network security policies.
• Implement micro-segmentation, zero-trust access, and least-privilege IAM for network operations.
• Design intrusion detection and DDoS mitigation strategies (AWS Shield Advanced, GuardDuty, custom NVA).
• Conduct periodic penetration testing and vulnerability assessments of cloud and network layers.
• Support audits with detailed evidence of network logs, flow telemetry, and encryption posture.

Performance & Reliability

• Model network capacity for high-throughput, event-driven workloads (thousands of TPS).
• Define and maintain SLAs/SLOs for latency, packet loss, and uptime across regions.
• Participate in chaos-engineering and failover drills to validate Active–Active region resilience.
• Drive incident response and root-cause analysis for any network or inter-region failures.

Collaboration & Leadership

• Work closely with Cloud, DevOps, and Application teams to ensure network design aligns with service mesh (EKS/App Mesh/Istio) requirements.
• Mentor engineers on AWS networking, security best practices, and automation.
• Present architecture decisions to stakeholders and provide technical documentation and runbooks.