DEPARTMENT OF REVENUE

Division of Information Technology

1600 W Monroe St.

Phoenix, AZ 85007

Salary: $104,500.24 

Grade: 28

Closing Date: 6/15/2026

Deeply technical, hands-on Senior Cloud Infrastructure Architect with a specialized expertise in Cloud Networking. In this role, the employee will lead the architectural design and heavy-lifting execution of ADOR's network infrastructure. Employee will actively write the code, configure the routing tables, and build the secure pipelines that connect ADOR's cloud environments, on-premises data centers, and edge locations. Employee will own the performance, security, and scalability of ADOR's network mesh, ensuring low-latency communication across multi-region or hybrid cloud deployments.

This position may be available for remote work within Arizona (# days per week in the office/hoteling).

Essential Duties and Responsibilities include but are not limited to:

• Hybrid & Multi-Cloud Connectivity: Design, implement, and maintain complex connectivity solutions linking on-premises data centers to the cloud using AWS Direct Connect, Azure ExpressRoute, MegaPort, and high-performance site-to-site VPNs.
  
• Global Routing & Traffic Management: Architect routing topologies utilizing BGP, transit gateways (e.g., AWS Transit Gateway, Azure Virtual WAN), Anycast routing, and intelligent Global Server Load Balancing (GSLB).
  
• Enterprise Service Meshes: Build and manage highly scalable service meshes (e.g., Istio, Linkerd, Consul) and advanced ingress controllers to handle microservices communication, traffic splitting, and mutual TLS (mTLS).
  
• IPAM & DNS Architecture: Own the global IP Address Management (IPAM) strategy and design highly available, split-horizon DNS architectures across hybrid environments.
  
• NetDevOps / Infrastructure as Code: Provision all software-defined networking (SDN) components—including VPCs/VNet peers, subnets, route tables, firewalls, and load balancers—strictly via declarative code (Terraform, OpenTofu, or Pulumi).
  
• Network Automation Scripting: Develop custom automation scripts (Python, Go, Bash) to automate routine network configuration changes, testing, and compliance audits.
  
• Zero-Trust Network Architecture: Implement strict micro-segmentation, network security groups, and zero-trust policies to isolate workloads and reduce the blast radius of security incidents.
  
• Edge Security & CDN: Design and manage edge infrastructure, including Content Delivery Networks (CDNs like Cloudflare or CloudFront), Web Application Firewalls (WAF), and DDoS mitigation layers.
  
• Egress/Ingress Inspection: Deploy and operate centralized network inspection architectures, routing traffic through Next-Generation Firewalls (NGFW) or cloud-native firewall appliances for deep packet inspection.
  
• Other duties as assigned as related to the position
  
• Participates in the establishment of guidelines and policies
  
  

Knowledge

• Cloud SDN & Routing Architectures: Deep understanding of BGP routing, Anycast, AWS Transit Gateway, Azure Virtual WAN, and hybrid connectivity (Direct Connect, ExpressRoute).
  
• Core Networking Protocols: Mastery of TCP/IP, UDP, OSPF, DNS, HTTP/S, TLS, and IPSec VPN frameworks.
  
• Container Networking (CNI): Understanding of Kubernetes networking models and CNIs like Cilium (eBPF), Calico, or cloud-native variants.
  
• Zero-Trust & Perimeter Security: Knowledge of micro-segmentation, Next-Generation Firewalls (NGFW), WAFs, DDoS mitigation, and mTLS.
  
• FinOps & Cost Frameworks: Familiarity with cloud pricing models, data transfer charges (NAT gateway costs, inter-AZ fees), and budget optimization.

Skill

• Advanced IaC Development: Writing modular, reusable Terraform, OpenTofu, or Pulumi code to provision complex, multi-region networks.
  
• Packet-Level Diagnosis: Capturing and analyzing VPC Flow Logs or utilizing tools like Wireshark to debug Layer 3 through Layer 7 anomalies.
  
• Network Automation & Scripting: Writing production-grade scripts in Python, Go, or Bash to automate routine network tasks and compliance audits.
  
• Telemetry Setup & Observability: Configuring dashboards and synthetic testing in tools like Datadog, ThousandEyes, or Prometheus.
  
• CI/CD Pipeline Engineering: Building automated deployment pipelines that safely validate and push network infrastructure changes.

Ability

• Complex Problem-Solving: The capacity to systematically dissect and isolate root causes of complex, transient network latency or packet loss.
  
• Architectural Vision: The ability to visualize and design highly complex, multi-layered environments and trace data flow from edge to microservice.
  
• Adaptability: The capacity to quickly pivot between writing code/scripts and discussing high-level strategy with stakeholders.
  
• Technical Leadership: The innate ability to inspire, mentor, and upskill junior engineers on complex network-native engineering patterns.
  
• Effective Communication: Translating deeply technical networking jargon into plain, actionable business logic for non-technical leadership.
  
  
  

Bachelor’s degree in Computer Science, Computer Engineering, Information Technology, or a closely related technical field. AWS: AWS Certified Solutions Architect – Professional AND AWS Certified Advanced Networking – Specialty. Cisco: CCNA, CCNP (Enterprise or Data Center), or CCIE. HashiCorp: Terraform Associate

Master’s degree (MS) in Computer Science, Computer Network Engineering, or Cybersecurity. Active participation in open-source networking projects, Cloud Native Computing Foundation (CNCF) working groups, or published technical whitepapers. AWS: AWS Certified Advanced Networking – Specialty. AWS Certified Solutions Architect – Professional or DevOps Engineer – Professional. HashiCorp: Terraform Cloud Certified Professional. ISC²: Certified Cloud Security Professional (CCSP) or CISSP.

The final candidate will be required to abide by the the following pre-employment checks:

• Employment Verification and Reference Checks
  
• State and Federal Criminal Background Check, including fingerprinting
  
• Arizona Tax Filing Records Check
  

If applicable, ASEDRA Authorized Driver Identification Check

If this position requires driving or the use of a vehicle as an essential function of the job to conduct State business, then the following requirements apply: Driver’s License Requirements.

The State of Arizona provides a world class comprehensive benefits package including:

• Affordable medical, dental, life, and short-term disability insurance plans
  
• Participation in the Arizona State Retirement System (ASRS) and long-term disability plans
  
• 10 paid holidays per year
  
• Vacation time accrued at 4.00 hours bi-weekly for the first 3 years
  
• Sick time accrued at 3.70 hours bi-weekly
  
• Paid Parental Leave-Up to 12 weeks per year paid leave for newborn or newly-placed foster/adopted child (pilot program).
  
• Deferred compensation plan
  
• Wellness plans
  
• Tuition Reimbursement
  
• Stipend Opportunities
  
• Infant at Work Program
  
• Rideshare and Public Transit Subsidy
  
• Career Advancement & Employee Development Opportunities
  
• Flexible schedules to create a work/life balance
  

Learn more about the Paid Parental Leave program here. For a complete list of benefits provided by The State of Arizona, please visit our benefits page

State employees are required to participate in the Arizona State Retirement System (ASRS).
Top ranked Arizona State Retirement System (ASRS) provides 100% employer matched contributions (enrollment eligibility will be effective after 27 weeks of State employment). ASRS provides a lifelong benefit based on years of service earned, or worked, and your ending salary.
Learn more about ASRS at: https://www.azasrs.gov/content/new-and-prospective-members.

If you have any questions, need assistance, or would like to request a reasonable accommodation, please contact the ADOR Talent Team at ogre.ctr@azdor.gov

*The State of Arizona is an Equal Opportunity/Reasonable Accommodation Employer.