Job description:
For our client we are looking for a 75% remote: Product Portfolio Architect (f/m/d) focus Network (Network Architect).
Start: 21.07.2025
Duration: 31.10.2025 (long term engagement (2026))
Capacity: 100% if possible
Location: 75% Remote, 25% Berlin (1 week Berlin / 3 weeks remote in rotation), up to 50% onsite in peak times
Language: English, German is a plus
Team:
Product Portfolio Architecture – Network defines and advances the architectural vision and technical design of network services within the Infrastructure Product Line. This includes shaping the strategic and technical direction of core network domains such as DNS, IPAM, and virtual networking platforms.
With a focus on scalability, security, and alignment to overall platform objectives, the architectural function maintains close exchange with engineering, product planning, and broader architectural governance. Delivering on its mission requires a forward-looking perspective, deep domain knowledge in infrastructure and distributed systems, and the capability to translate enterprise requirements into robust technical solutions.
Core focus areas include —
- the architectural design of a client access solution (e.g., VPN integrated with IAM),
- the strategic transformation of DNS infrastructure from Infoblox to BIND, and
- the continuous evolution of virtual network capabilities to support future enterprise demands.
These efforts establish the foundation for scalable, secure, and future-ready network services, addressing both short-term priorities and long-term transformations
Tasks:
- Define and Own Network Architecture Designs
- Conceptuzalization and development of scalable, secure, and maintainable architecture designs for core components including DNS Services, IP Address Management (IPAM), Virtual Networking Infrastructure (Workspaces), and Client Access solutions.
- Providing of translation of product specifications and technical requirements into practical architectural blueprints.
- Deliver on Strategic Architecture Initiatives
- Providing of a design for a secure, IAM-integrated Client Access solution (e.g., VPN-based).
- Development of an API-exposed architecture for the dynamic provisioning of virtual network resources (Workspaces product).
- Planning and architecting the replacement of the Infoblox DNS infrastructure with a BIND-based solution, ensuring operational continuity, performance, and security.
- Ensure Technical Oversight and Best Practice Alignment
Tasks:
- Providing architectural guidance to engineering throughout the design, development, and delivery phases.
- Monitoring the technical integrity of DNS, IPAM, and virtual networking layers, recommending improvements or refactoring where necessary.
- Drive Continuous Improvement and Architectural Quality
Skills (must-have):
- 7–10 years of professional experience in IT infrastructure, software architecture, or platform engineering.
- In-depth Experience in Modular/Distributed Software as well as Highly Available Systems Architecture.
- Distributed System Algorithms (synchronization, replication, consensus etc.)
- Deep expertise in network architecture design, including DNS, DHCP, IPAM, and virtual networking.
- Strong understanding of networking protocols and technologies: VXLAN, VLAN, VRF, BGP, MPLS, and routing.
- Experience with stateful firewalls and network security best practices.
- Knowledge of REST API design and authentication/authorization standards (IAM, RBAC, OAuth, OIDC).
- Programming experience in Python, particularly with frameworks like FastAPI and Pydantic.
- Understanding of Observability concepts (logs, metrics, traces etc.).
- Technology skills in Cisco and Juniper
- Solid understanding of K8s concepts (namespaces, services, deployments, ingress) and surrounding technologies (e.g. service mesh)
Skills (should-have):
- Certifications in architecture, cloud infrastructure, or security (e.g. TOGAF, AWS/Azure/GCP certifications) are an advantage.
- Understanding of Observability tools (Prometheus, Grafana, OpenTelemetry).