Manager/Tech Lead, Network Engineering
CTH
On-site Sunnyvale, CA
About this role:
We're looking for a hands-on Manager / Senior Technical Lead to take end-to-end ownership of our global corporate network and network security posture from the switch port to the SASE edge.
You'll own everything that connects our people to our systems: in-office wired and wireless connectivity, secure remote access, inter-office and third-party connectivity, and the governance of mobile and endpoint assets on the network. You'll also lead a strategic initiative: migrating our remote access model from Tailscale to Zscaler, enabling Zscaler Private Access (ZPA) to front our most sensitive internal applications.
This is a builder's role. You'll inherit a modern, well-invested stack (Palo Alto firewalls, Meraki switching/AP, Infoblox DDI, dual-ISP resilience per site) and be expected to mature it into a globally consistent, secure, and observable network as we open new offices and grow headcount.
What You'll Own
Global Network Architecture & Operations
- Take ownership of network architecture and operations across all Applied Intuition offices globally, including standards for wired/wireless LAN, WAN, and site design.
- Manage dual-ISP redundancy, failover, and site connectivity for each office location.
- Own our Palo Alto firewall estate (policy, segmentation, NAT, threat prevention) and Meraki switching/wireless environment (MX/MS/MR) across all sites.
- Administer and evolve our Infoblox DDI environment (DNS, DHCP, IPAM) as the source of truth for network addressing globally.
Zero Trust & Secure Remote Access
- Lead the migration from Tailscale to Zscaler, standing up ZIA for secure internet access and ZPA to broker access to sensitive internal applications without exposing them on a flat network.
- Design the target-state Zero Trust access model: user/device posture, app segmentation, and policy replacing broad VPN-style access with least-privilege, app-specific access.
- Manage the cutover plan, user migration, and legacy VPN decommissioning with minimal disruption to the business.
Site & Inter-Office Connectivity
- Design and maintain secure, performant connectivity between offices and to key third-party endpoints (data centers, cloud environments, partner networks).
- Build repeatable, documented playbooks for opening new office locations (network standing up new sites quickly and consistently as the company grows).
Leadership & Roadmap
- Act as the technical authority and escalation point for all things network you'll operate as both an individual contributor and a lead who can eventually build out a team as scope grows.
- Partner with the Head of Security and IT leaderships to set the multi-year network and network-security roadmap, and vendor strategy.
- Own vendor relationships (Palo Alto, Cisco Meraki, Zscaler, Infoblox) including licensing, renewals, and support escalations.
- Establish monitoring, alerting, and documentation standards so the network is observable and operable beyond "tribal knowledge."
What We're Looking For
- 7+ years in network engineering/architecture roles, including experience owning network security for a multi-site organization ideally at a high-growth technology company that scaled offices and headcount quickly.
- Hands-on expertise with Palo Alto Networks firewalls (policy, Panorama, threat prevention) and Cisco Meraki (MX/MS/MR) in production, multi-site environments.
- Direct experience with Infoblox or comparable DDI/IPAM platforms.
- Experience designing or migrating to a SASE/ZTN
A architecture direct Zscaler (ZIA/ZPA) experience is a strong plus; experience with a comparable platform (Cloudflare, Netskope, Palo Alto Prisma Access) is also relevant.- Working knowledge of modern lightweight VPN/mesh tooling (Tailscale, WireGuard) is a plus, particularly if you've been part of a migration off of one.
- Strong grasp of core networking fundamentals: routing/switching, VLANs, SD-WAN, DNS/DHCP, NAT, 802.1X/NAC.
- Experience governing mobile/BYOD device access on corporate networks (NAC, MDM integration).
- A track record of taking ambiguous, growing infrastructure and turning it into documented, standardized, and automatable operations.
- Comfort operating both strategically (roadmap, vendor strategy, budget) and hands-on (you will still be in the weeds, especially early