Network Architect

Network Architect – Utah Transit Authority

Join to apply for the Network Architect role at Utah Transit Authority

The Network Architect is the senior‑most technical role within the Network Infrastructure group and serves as the lead authority on network architecture, design standards, and future‑state planning. Under the direction of the IT Network Support Manager, this position is responsible for developing scalable, secure, and resilient network solutions across on‑premises, cloud, and operational technology environments. The Architect collaborates closely with infrastructure and security teams, cloud architects, and external vendors to ensure alignment between business needs and technical solutions.

This role provides technical mentorship to Network Administrators and contributes to the development of policies, design standards, and automation strategies, but does not carry supervisory authority.

Responsibilities include leading by influence, contributing to strategic initiatives, and acting as the escalation point for the most complex network design and troubleshooting scenarios. The role blends strong technical expertise with excellent communication and collaborative skills to help shape the agency’s long‑term network vision.

• Bachelor’s degree in Computer Science, Information Systems, or a related field (Master’s preferred).
• Technical certifications and relevant work experience may be considered in lieu of formal academic degrees.
• Preferred certifications:
  Cisco Certified Network Associate (CCNA) or Professional (CCNP), Palo Alto Networks Certified Cybersecurity Associate (PCCSA) or similar, Azure Network Engineer Associate, Palo Alto Networks Certified Network Security Engineer (PCNSE), Cisco Certified Internetwork Expert (CCIE), Certified Information Systems Security Professional (CISSP).

• 9+ years in enterprise network administration, engineering, or architecture roles.
• 2+ years in a senior or lead‑level capacity.
• Experience supporting LAN/WAN architecture, including OSPF and BGP routing protocols.
• Experience in multi‑site environments and basic troubleshooting of Layer 2 and Layer 3 network issues.
• Familiarity with hybrid network environments (on‑prem/cloud) and firewall platforms preferred.
• Exposure to operational networks (OT), radio or wireless technologies is a plus, but not required.

• Solid experience with Layer 2 and Layer 3 networking, OSPF and BGP routing protocols, and core switching concepts such as Spanning Tree.
• Familiarity with Cisco networking platforms (e.g., IOS, Catalyst switches, Wireless Controllers).
• Basic understanding of DHCP, DNS, and IP address management.
• Preferred experience with tools such as Cisco ISE, Catalyst Center, and network automation platforms (Cisco ACI, Python, SD‑WAN).
• Familiarity with hybrid infrastructure including Azure, segmented DMZs, and OT networks.

• Familiarity with Azure cloud networking, including VNETs, Express Route, VPN Gateways, and private endpoints.
• Understanding of cloud‑hybrid architectures and virtual network appliances like Cisco CSR 1000v and Palo Alto VM‑Series firewalls.

• Proficiency with Palo Alto features such as App‑, User‑, Content‑, and SSL decryption.
• Experience with Panorama for centralized management and threat prevention using Wild Fire and DNS Security.
• Working knowledge of NIST and CIS frameworks, network segmentation, privileged access management (PIM), AAA, and Zero‑Trust security standards.
• Layer 2 security protocols (IP DHCP snooping, IP ARP validation, access‑lists).
• Authentication and identity management systems such as Cisco ISE and Active Directory.
• Network principles for IDS and IPS using tools such as Gigamon.

• Knowledge of Cisco DNA automation using templates and workflows.
• Experience with automation platforms such as Terraform, Puppet, Chef.
• Programming experience in .NET, C++, and Python.

• Strong experience in network performance analysis and capacity planning.
• Proficiency with monitoring tools such as Solar Winds, PRTG, Whats Up…