Sr. Network Engineer & Connectivity Architect

Job Description

Job Description

APCO Holdings partners with dealerships across North America to deliver innovative vehicle protection products and services that enhance the ownership experience for customers and drive growth for our partners. Through our family of brands, we bring together industry expertise, technology, and data-driven insights to help dealers strengthen their finance and insurance performance and build lasting relationships with their customers.

Our teams work collaboratively across operations, technology, risk, finance, marketing, and sales to deliver solutions that create measurable value and support the continued growth of APCO and the partners we serve.

The Sr. Network Engineer & Connectivity Architect serves as the principal architect of the organization’s enterprise connectivity platform (“The Backbone”), with a primary focus on Microsoft Azure networking, Cisco Meraki infrastructure, and identity-driven access (Active Directory & Entra ID). 

This role is responsible for designing and operating a secure, highly resilient, and cloud-aligned network architecture, where access decisions are governed by user identity, device posture, and real-time risk signals, rather than traditional network boundaries. 

Leveraging Infrastructure as Code (IaC), AIOps, and Zero Trust principles, this position ensures seamless, secure connectivity across Azure, on-prem environments, branch networks (Meraki), and SaaS platforms such as Microsoft 365, while enabling a scalable, automated, and self-healing infrastructure. 

Identity-Driven Network Architecture (CORE) 

Design and implement a network architecture where identity is the primary control plane. Integrate Active Directory (on-prem), Entra ID, and identity providers (Okta) with network enforcement points to enable real-time, identity-based access decisions. 

Active Directory & Hybrid Identity Ownership 

• Architect and support enterprise-scale hybrid identity environments, including: 
• Active Directory design (sites, replication, GPO strategy) 
• Entra Connect (Azure AD Connect) synchronization 
• Authentication protocols (Kerberos, NTLM, modern authentication) 
• Secure integration with cloud and network services  

Entra ID & Conditional Access Engineering 

• Design, implement, and optimize Conditional Access policies, including: 
• MFA enforcement strategies 
• Device compliance (Intune integration) 
• Risk-based and session-based access controls 
• Location-aware and Zero Trust access models  

Zero Trust & Identity Enforcement

• Lead the implementation of a Zero Trust architecture by aligning:
• Identity (Entra ID / Active Directory / Okta) 
• Network (Azure, Meraki) 
• Endpoint (Intune / device posture) 
• Ensure consistent enforcement of least privilege access across all environments

Microsoft 365 Identity & Access Optimization 

• Ensure secure, high-performance access to Microsoft 365 by: 
• Aligning identity policies with network routing and access controls  
• Supporting modern authentication flows and token-based access  
• Optimizing Teams, Exchange, and SharePoint connectivity  

Azure-Centric Network Architecture 

• Design and implement scalable Azure networking solutions, including: 
• Virtual Networks (VNet) and Hub-and-Spoke architectures  
• Private Endpoints and Private Link  
• Azure Firewall, NSGs, and routing strategies  
• DNS architecture and name resolution  

Meraki Network Design & Operations 

• Lead the design, deployment, and optimization of Cisco Meraki environments, including: 
• MX (SD-WAN & security appliances)  
• MS (switching)  
• MR (wireless)  
• Auto VPN and centralized cloud-based management  

Hybrid Connectivity & Interconnects 

• Architect and manage secure connectivity between environments using: 
• ExpressRoute  
• VPN Gateways  
• Meraki SD-WAN (Auto VPN)  
• Ensure low latency, high availability, and seamless failover. 

Infrastructure as Code (IaC) & Automation 

• Manage network and cloud configurations as code using: 
• Terraform, Bicep, or ARM templates  
• CI/CD pipelines (Azure DevOps, GitHub Actions)  
• Ensure all deployments are standardized, repeatable, and auditable. 

AI Ops & Observability 

• Implement monitoring and telemetry across Azure and Meraki using: 
• Azure Monitor & Log Analytics  
• Meraki Dashboard  
• Observability tools (Dynatrace, Splunk, etc.)  
• Enable proactive detection, anomaly identification, and automated remediation. 

Resiliency & Buiness Continuity Engineering (CRITICAL) 

• Design and maintain a highly resilient network architecture across Azure, Meraki, on-prem, and SaaS environments: 
• Eliminate single points of failure  
• Implement redundancy across WAN, LAN, wireless, and cloud  
• Design for automated failover and rapid recovery  
• Ensure identity-dependent services remain available during outages  

Governance & Policy Enforcement 

• Establish and enforce governance using: 
• Azure Policy and tagging standards  
• Policy-as-Code frameworks  
• Identity governance (access reviews, RBAC, least privilege)  
• Ensure compliance with security, regulatory, and enterprise standards. 

Technical Expertise 

Category 

Requirements 

Identity & Access (PRIMARY) 

Deep expertise in Active Directory (architecture, GPOs, replication), Entra ID, Conditional Access, MFA, federation (SAML, OAuth, OIDC), hybrid identity 

Zero Trust Architecture 

Experience implementing identity-driven access integrating network, endpoint, and SaaS 

Azure Networking (PRIMARY) 

VNets, ExpressRoute, VPN Gateway, Azure Firewall, Private Link, DNS, Hub-Spoke design 

Meraki (PRIMARY) 

MX (SD-WAN), MS (switching), MR (wireless), Auto VPN, Meraki Dashboard 

Automation & IaC 

Terraform, Bicep, ARM templates, CI/CD pipelines 

M365 Integration 

Identity and network dependency across Exchange, Teams, SharePoint 

Endpoint Integration 

Intune/device compliance integration with access policies 

Observability 

Azure Monitor, Log Analytics, Meraki Dashboard, Dynatrace, Splunk 

Scripting & DevOps 

PowerShell, Python, or similar scripting experience 

• Bachelor’s degree in Computer Science, Information Technology, or a related technical field; Master’s degree in Information Systems Management preferred. 
• In lieu of a degree, 12+ years of enterprise-level infrastructure experience with a proven track record of delivering automation-first networking projects.

Required Experience  

• 8–10+ years of enterprise networking experience  
• 5+ years of Active Directory experience (enterprise scale)  
• 3+ years of Entra ID (Azure AD), Conditional Access, and MFA  
• 3+ years of Azure networking experience  
• 3+ years of Cisco Meraki experience (SD-WAN, switching, wireless)  
• Experience designing hybrid connectivity (ExpressRoute, VPN, SD-WAN)  
• Experience implementing IaC (Terraform, Bicep, ARM)  
• Experience integrating identity with network and Zero Trust frameworks  
• Proven experience leading a transition from legacy "box-by-box" management to a centralized, API-driven orchestration model.

  Preferred Experience  

• Microsoft 365 performance and connectivity optimization  

• Microsoft Certified: Azure Network Engineer Associate (AZ-700)  
• Microsoft Certified: Identity and Access Administrator (SC-300)  
• Microsoft Certified: Azure Solutions Architect Expert  
• Cisco Meraki Solutions Specialist (CMSS)  
• Cisco Certified Internetwork Expert (CCIE) or CCNP Enterprise
• Cisco Certified DevNet Professional
• Hashi Corp Certified: Terraform Associate
• Certified Kubernetes Administrator (CKA)

At APCO, the way we work matters just as much as the results we deliver. Our values guide how we work, how we partner, and how we deliver results.

We C.A.R.E.

C ommitted – We build strong, high-trust relationships with our partners and each other.

A ccountable – We take ownership of outcomes and hold ourselves to the highest standards of performance and integrity.

R esults-Driven – We focus on delivering measurable outcomes that create value for our partners and our business.

E xcellent – We strive for excellence in everything we do while balancing short-term performance with long-term success.

If you're excited about joining a team that values collaboration, accountability, and continuous improvement, we'd love to hear from you.

By submitting your application, you acknowledge that you have read and understand our Privacy Policy and Terms & Conditions. APCO Holdings may collect personal information (such as name, contact details, and employment history) to evaluate your candidacy. We may share this data with our subsidiaries, affiliates, and service providers. We retain applicant data only as long as necessary for the hiring process or as required by law.

We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.