Network Architect (Infrastructure)

Seeking a Senior Network & Cloud Infrastructure Architect with deep expertise in AWS networking, SD-WAN, and hybrid multi-region architectures. This role involves designing and implementing a secure, low-latency, highly available network foundation for a real-time cross-border payment proxy system. The architect will bridge traditional networking and modern cloud-native infrastructure, ensuring seamless connectivity between regional Instant Payment Systems (IPS) in Asia through a high-performance SD-WAN and AWS Cloud WAN fabric, driving innovation and transforming businesses.

Must Have

• Design and implement multi-region AWS network architecture for instant cross-border payment flows.
• Architect AWS VPC topologies, Transit Gateway/Cloud WAN, and Direct Connect/VPN links for ultra-low-latency communication.
• Integrate SD-WAN overlay for intelligent traffic routing, redundancy, and performance optimization.
• Define network segmentation, routing policies, QoS, and traffic-engineering strategies.
• Design end-to-end encryption, mTLS, and PKI for secure data-in-transit.
• Lead deployment of network infrastructure using Infrastructure as Code (IaC)—Terraform/CDK.
• Configure and manage AWS networking services like VPC Peering, Transit Gateway, Route 53, Global Accelerator, Network Firewall, WAF, and Shield.
• Integrate SD-WAN edge appliances with AWS Cloud WAN and on-prem IPS nodes.
• Enforce MAS TRM, PCI DSS, and GDPR-aligned network security policies.
• Implement micro-segmentation, zero-trust access, and least-privilege IAM.
• Model network capacity for high-throughput, event-driven workloads.
• Define and maintain SLAs/SLOs for latency, packet loss, and uptime.
• Participate in chaos-engineering and failover drills to validate Active–Active region resilience.
• Work closely with Cloud, DevOps, and Application teams.
• Mentor engineers on AWS networking, security best practices, and automation.

Good to Have

• AWS Certified Advanced Networking – Specialty
• AWS Certified Solutions Architect – Professional
• CCNP Enterprise or CCIE
• Equivalent SD-WAN certification
• CISSP
• CCSP

Company Description

Technology is our how. And people are our why. For over two decades, we have been harnessing technology to drive meaningful change.

By combining world-class engineering, industry expertise and a people-centric mindset, we consult and partner with leading brands from various industries to create dynamic platforms and intelligent digital experiences that drive innovation and transform businesses.

From prototype to real-world impact - be part of a global shift by doing work that matters.

Job Description

We are seeking a Senior Network & Cloud Infrastructure Architect with deep expertise in AWS networking, SD-WAN, and hybrid multi-region architectures.

This role is central to designing and implementing the secure, low-latency, highly available network foundation for a real-time cross-border payment proxy system based on ISO 20022 messaging.

You will bridge traditional networking and modern cloud-native infrastructure, ensuring seamless connectivity between regional Instant Payment Systems (IPS) in Asia through a high-performance SD-WAN and AWS Cloud WAN fabric.

Key Responsibilities

Architecture & Design

• Design and implement a multi-region AWS network architecture for instant cross-border payment flows

• Architect AWS VPC topologies, Transit Gateway/Cloud WAN, and Direct Connect/VPN links to domestic IPS networks for ultra-low-latency communication.
• Integrate SD-WAN overlay for intelligent traffic routing, redundancy, and performance optimization across borders.
• Define network segmentation, routing policies, QoS, and traffic-engineering strategies to meet latency targets in the millisecond range.
• Design end-to-end encryption, mTLS, and PKI for secure data-in-transit across hybrid environments.
• Collaborate with cloud architects to ensure the network supports event-driven microservices, DynamoDB global tables, and multi-AZ EKS clusters.

Implementation & Operations

• Lead deployment of network infrastructure using Infrastructure as Code (IaC)—Terraform/CDK for repeatable, auditable builds.
• Configure and manage AWS networking services: VPC Peering, Transit Gateway, Route 53, Global Accelerator, Network Firewall, WAF, and Shield.
• Integrate SD-WAN edge appliances (Cisco, Fortinet, or similar) with AWS Cloud WAN and on-prem IPS nodes.
• Establish redundant connectivity using AWS Direct Connect, VPN failover, and dynamic route propagation (BGP/OSPF).
• Optimize network performance monitoring using CloudWatch, Flow Logs, and third-party observability tools.
• Build and maintain network-as-code pipelines with version control, validation, and automated compliance checks.

Security & Compliance

• Enforce MAS TRM, PCI DSS, and GDPR-aligned network security policies.
• Implement micro-segmentation, zero-trust access, and least-privilege IAM for network operations.
• Design intrusion detection and DDoS mitigation strategies (AWS Shield Advanced, GuardDuty, custom NVA).
• Conduct periodic penetration testing and vulnerability assessments of cloud and network layers.
• Support audits with detailed evidence of network logs, flow telemetry, and encryption posture.

Performance & Reliability

• Model network capacity for high-throughput, event-driven workloads (thousands of TPS).
• Define and maintain SLAs/SLOs for latency, packet loss, and uptime across regions.
• Participate in chaos-engineering and failover drills to validate Active–Active region resilience.
• Drive incident response and root-cause analysis for any network or inter-region failures.

Collaboration & Leadership

• Work closely with Cloud, DevOps, and Application teams to ensure network design aligns with service mesh (EKS/App Mesh/Istio) requirements.
• Mentor engineers on AWS networking, security best practices, and automation.
• Present architecture decisions to stakeholders and provide technical documentation and runbooks.

Qualifications

Required Skills & Experience

Networking Core

• 10+ years in network architecture and engineering, including large-scale WAN and SD-WAN design.
• Expert in BGP, OSPF, ECMP, QoS, and traffic-engineering for low-latency, high-availability systems.
• Hands-on with SD-WAN solutions (Cisco Viptela, Fortinet SD-WAN, Versa, or Palo Alto CloudGenix).
• Experience integrating on-prem financial networks or PSP environments with public cloud.

AWS Cloud Networking

• Deep knowledge of AWS VPC design, Transit Gateway, Cloud WAN, Direct Connect, Route 53, NLB/ALB, and Global Accelerator.
• Multi-region active-active deployment expertise; familiarity with DynamoDB Global Tables, S3 cross-region replication, and private inter-region routing.
• Security services: AWS Network Firewall, WAF, Shield, GuardDuty, KMS, CloudHSM, IAM.

Automation & Observability

• Proficiency with Terraform, AWS CDK, or CloudFormation for IaC.
• Familiar with Python or Bash scripting for automation and monitoring.
• Knowledge of CloudWatch, OpenTelemetry, X-Ray, and ELK/OpenSearch for traceability.

Compliance & Governance

• Proven delivery under financial-grade compliance frameworks: PCI DSS, MAS TRM, ISO 27001, SOC 2.
• Ability to map technical controls to regulatory requirements (encryption, audit, resilience, data localization).

Certifications (Preferred)

• AWS Certified Advanced Networking – Specialty
• AWS Certified Solutions Architect – Professional
• CCNP Enterprise or CCIE, or equivalent SD-WAN certification
• CISSP / CCSP (for security alignment)

Additional Information

At Endava, we’re committed to creating an open, inclusive, and respectful environment where everyone feels safe, valued, and empowered to be their best. We welcome applications from people of all backgrounds, experiences, and perspectives—because we know that inclusive teams help us deliver smarter, more innovative solutions for our customers. Hiring decisions are based on merit, skills, qualifications, and potential. If you need adjustments or support during the recruitment process, please let us know.