Role Purpose
We are seeking a Senior IT Architecture Expert to define, govern, and continuously optimize the end-to-end IT architecture across datacenter, network, security, servers, virtualization, and cloud.
Our environment consists of one central datacenter in Germany and multiple office locations, connected via secure WAN and VPN architectures, and standardized exclusively on Microsoft Hyper-V for on-premises virtualization.
This role exists to:
- Eliminate fragmented infrastructure and network designs
- Ensure secure, scalable, and resilient connectivity between datacenter and offices
- Prevent technical debt caused by inconsistent or reactive technical decisions
This is not an operational role. The Architecture Expert defines what must be built and why, not how day-to-day administration is performed.
Architecture Ownership Scope
- The Architecture Expert acts as design authority across:
- Datacenter & Infrastructure Architecture
- Network & Connectivity Architecture (Datacenter + Offices)
- Firewall & Security Architecture (Sophos-based)
- Server & Platform Architecture (Windows & Linux)
- Hyper-V Virtualization Architecture (exclusive platform)
- Cloud & Hybrid Architecture
- Identity & Access Architecture
Key Responsibilities:
- Enterprise Infrastructure & Datacenter Architecture
Define and maintain:
- Target-state infrastructure architecture
- Reference architectures and design principles
Design scalable and resilient datacenter architectures covering:
- Compute
- Storage
- Networking
- High availability and disaster recovery
Ensure infrastructure designs align with:
- Business continuity requirements
- Security and compliance standards
- Network & Connectivity Architecture (Critical Responsibility)
Own end-to-end network architecture for:
- Central datacenter in Germany
- Multiple branch and office locations
Design and govern:
- LAN and WAN architecture
- Site-to-site VPN connectivity
- Remote access connectivity models
Define and standardize:
- IP addressing strategy
- VLAN and network segmentation
- Redundancy and failover design
Ensure predictable performance, scalability, and availability across all locations
- Firewall & Security Architecture (Sophos Focus)
Act as architecture authority for Sophos Firewall environments
Design and govern:
- Perimeter and internal firewall architecture
- Network zone and segmentation models
- VPN security standards (site-to-site and remote access)
Define standards for:
- Firewall rule structure and lifecycle
- Secure inter-site traffic flows
Work closely with IT Security teams to ensure:
- Secure-by-design network architecture
- Consistent security policy enforcement
- Server, Virtualization & Platform Architecture
Define and govern Hyper-V–based virtualization architecture as the exclusive on-premises virtualization platform
Establish approved architecture standards for:
- Hyper-V host and cluster design
- Windows Failover Clustering
- Storage Spaces Direct (where applicable)
- Virtual machine sizing and placement models
Define:
- Capacity and scalability guardrails
- High-availability and resiliency patterns
Review and approve:
- Hyper-V cluster designs
- Major platform architecture changes
This role does not perform day-to-day server or Hyper-V administration
Work in close collaboration with the Senior Server, Linux & Datacenter Expert, who owns implementation and optimization
- Cloud & Hybrid Architecture
Design hybrid architectures integrating:
- On-premises datacenter
- Cloud platforms (Microsoft Azure)
Define:
- Secure hybrid network connectivity
- Workload placement strategy
- Identity and access integration
Ensure cloud adoption aligns with:
- Network architecture
- Security architecture
- Cost and operational efficiency
- Identity, Security & Compliance Architecture
Define architecture for:
- Active Directory
- Microsoft Entra ID (Azure AD)
Ensure identity, network, and security architectures are fully aligned
Partner with IT Security teams to implement:
- Zero Trust principles
- Least-privilege access models
Ensure architectural compliance with regulatory and audit requirements
- Architecture Governance & Standards
Act as final design authority for:
- Infrastructure architecture
- Network and firewall design
- Hyper-V platform architecture
Review and approve:
- New office network designs
- Major infrastructure and connectivity changes
Enforce architecture standards and prevent design drift
- Documentation & Architecture Visibility
Create and maintain:
- Datacenter and network topology diagrams
- Firewall and connectivity architecture documentation
- Approved reference architectures
Ensure documentation is:
- Accurate
- Maintained
- Actively used by operational teams
Required Languages
12+ years in enterprise IT roles
5+ years in senior infrastructure or solution architecture roles
Proven experience designing:
- Enterprise datacenters
- Multi-site network architectures
- Hyper-V-based virtualization platforms
Strong background in network-centric infrastructure environments
Mandatory Technical Expertise
Network & Security
- Enterprise LAN and WAN architecture
- Firewall and VPN design (Sophos or equivalent)
- Network segmentation, redundancy, and failover
Infrastructure & Platforms
- Datacenter infrastructure architecture
- Hyper-V virtualization architecture (expert level)
- Windows and Linux server platform architecture
Cloud & Hybrid
- Microsoft Azure architecture fundamentals
- Hybrid connectivity and identity integration
Soft Skills
- Strong decision-making and accountability
- Ability to challenge poor technical designs constructively
- Clear communication with technical and non-technical stakeholders
- High documentation and governance discipline
Certification Requirements
Mandatory (At Least One)
- Microsoft Certified: Azure Solutions Architect Expert
OR
- TOGAF Certified
Strongly Preferred
- Microsoft Certified: Azure Stack HCI
- Microsoft Certified: Windows Server Hybrid Administrator Associate
- Cisco CCNP (Enterprise or Data Center)
- Sophos Firewall Engineer / Architect Certification
Nice to Have (Expert Signal)
- SABSA (Security Architecture)
- ITIL 4 – Strategic Leader
- AWS Solutions Architect – Professional
Success Criteria
- Stable and secure connectivity across all Germany locations
- Clear, standardized network and Hyper-V architecture
- Reduced incidents caused by architectural weaknesses
- Strong alignment between network, security, and infrastructure layers
