Senior Manager, IT Infrastructure

Req

Region:
Americas

Country: USA

State/Province:
Texas

City:
Richardson

Summary

We are seeking a highly experienced and meticulous Lead Network & Security Architect to join the IT Support team for the Hardware Platform Solutions (HPS) group. In this role, you will take ownership of our global Research and Development Lab (RDL) reference architecture and drive its deployment, management, and scaling across all current and future HPS Design Centers (including Silicon Valley, Richardson, Thailand, and other global hubs).

The successful candidate will be responsible for implementing and maintaining a completely isolated, air-gapped network environment that operates independently of standard corporate IT networks. You will manage complex secure access paths, isolated VLAN provisioning, private full-mesh SD-WAN overlays, and a multi-tiered global data package replication and distribution system. You will also serve as the key enablement architect, helping project teams quickly spin up new project-specific instantiations of the RDL network model while adhering to strict security constraints.

Core Responsibilities

1. Architectural Implementation & Governance

* Deploy Reference Architecture:
Standardize and implement the RDL reference design across all global HPS design locations (San Jose, Richardson, Thailand, Shanghai, Song Shan Lake, Penang, Chennai and future locations).

* Support New Instantiations:
Act as the primary technical design authority to spin up new RDL network instances (allocating subnets, configuring dedicated VLANs, establishing local jump hosts, and defining user authentication parameters) for upcoming HPS design projects.

* Strict Constraint Enforcement:
Maintain absolute isolation of the RDL environments. Ensure zero direct or indirect public internet connectivity and guarantee that out-of-scope systems or agents (e.g., Crowd Strike, Threat Locker, Big Fix, Service Now Agents, Clear Pass NAC, and Windows Domain joins) are strictly excluded from the lab network.

2. Network Infrastructure & Security

* SD-WAN & Routing:
Design, configure, and maintain the private, full-mesh SD-WAN overlay connecting global RDL sites.

* Secure Firewalling:
Configure and administer enterprise-grade firewalls (Checkpoint 3980) protecting the perimeter of each localized lab, defining strict ingress/egress filtering rules.

* Switching & Segmentation:
Manage core and access layer switches (Cisco Catalyst 9400/9200 series, Celestica DS2000, ES1500 switches) to segment the RDL into logical, multi-tenant VLAN environments-specifically separating Export Controlled and Non-Export Controlled network zones.

3. Identity and Remote Access Management

* Remote Customer Access:
Oversee the implementation and administration of Cyber Ark vPAM (Virtual Privileged Access Management) for remote customer connections.

* Corporate Remote Access:
Configure and maintain Zscaler ZTNA (Zero Trust Network Access) and App Connectors to terminate connections securely on Linux-based local jump hosts.

* Decentralized Authentication:
Design and maintain a secure user management protocol on jump hosts and local RDL nodes. As the RDL operates without Windows Active Directory, you will define standard operating procedures for the manual/programmatic creation of local system accounts and localized role-based access control (RBAC).

4. Secure Data Package Management & Dev Ops Repo Architecture

* Repository Architecture:
Maintain the multi-tier secure data distribution system:

* IT Repository Server:
Internet-facing ingestion nodes (running on Hyper-V/Dell Power Edge) to securely pull packages, drivers, and applications.

* Global Repository Server:
The middle-layer relay that acts as a secure, scanned transit point between the corporate IT network and the isolated RDL network.

* RDL Local Repository Server:
Localized instances inside the labs that pull from the Global Repo and host files locally over HTTP/HTTPS at /var/(Use the "Apply for this Job" box below)..

* Workflow Automation:
Ensure seamless, secure, programmatically validated transfer of "transfer bundles" containing operating system packages (Rocky, Ubuntu, CentOS, etc.) across the air gap.

* Security Scans & Compliance:
Coordinate with corporate IT and security teams to execute periodic vulnerability scanning and patching of repository servers, ensuring all packages undergo integrity checks before reaching the inner RDL networks.

Knowledge/Skills/Competencies

Required Technical Skills

* Hardware & OS

Competencies:

Hands-on experience with Checkpoint Firewalls (Checkpoint 3980 preferred), Cisco Catalyst 9400/9200 switches, and Silver Peak SD-WAN solutions.

* Security & Identity Tools:
Expert-level understanding of Cyber Ark (PVWM/vPAM) and Zscaler ZTNA/Zscaler App Connectors.

* Virtualization & Systems:
Solid administration experience in VMware vSphere Enterprise and/or Microsoft Hyper-V running on bare-metal systems (e.g., Dell Power Edge R670).

* Linux Administration:
Strong proficiency with Linux environments (Rocky Linux, Ubuntu, CentOS) for jump…