• Applicants must possess either EU citizenship or a valid EU residence card to be eligible for this role.

IT means everything to us!

At TH3RA, we deliver IT solutions that empower global businesses to achieve their digital ambitions. With deep expertise and a commitment to excellence, we support clients across industries in building resilient, scalable, and secure infrastructures.

Role overview

We are URGENTLY hiring an L3 Cisco ACI-SDA Engineer to join a Network & SecOps team responsible for implementing, operating, and continuously evolving campus and data center networks. The focus is on Cisco SD-Access (DNA Center) for campus networks and Cisco ACI for data center networks, with a strong emphasis on automation, monitoring, and multi-ISP interconnectivity.

• Contract type: Outsourced engagement, full-time (100%)
• Start: ASAP
• Location: Luxembourg - ONSITE
• Languages: English, French +
• Experience: 3+ years (network infrastructure)
• Applicants must possess either EU citizenship or a valid EU residence card to be eligible for this role.

What you’ll do

• Design, deploy, and operate Cisco SDA fabrics (DNAC: design, policy, assurance) and Cisco ACI (tenants/VRFs/BDs/EPGs, contracts, L3Out).
• Maintain legacy Cisco networks while leading migrations to SDA/ACI.
• Engineer inter-site & Internet connectivity (multi-ISP BGP, own ASN, IX peering), with robust failover and traffic engineering.
• Harden access & segmentation using Cisco ISE (802.1X/MAB, SGT/TrustSec, posture, guest/BYOD) and DNAC/ACI policy.
• Improve monitoring & compliance with SolarWinds (NPM/NTA/NCM): discovery, alerting, NetFlow, config backup, compliance rules.
• Automate configuration and lifecycle tasks (Ansible/Python, templates, CI/Git) and reduce config drift.
• Troubleshoot complex incidents (control/data-plane, SPAN/ERSPAN, path trace, packet captures) and deliver RCAs.
• Produce HLD/LLD, runbooks/MOPs, and risk/issue reports.

Must-have skills

• Strong Cisco networking foundation (routing/switching, VRFs, VLANs, STP, HSRP/VRRP, EtherChannel).
• Hands-on with Cisco SDA (DNA Center): fabric roles, VNs/VRFs, SGT/SGACL, Anycast GW, LAN Automation, Assurance.
• Hands-on with Cisco ACI: tenants/VRFs/BDs/EPGs, contracts/filters, L3Out design, change/upgrade procedures.
• Cisco ISE for secure access (802.1X/MAB) and TrustSec policy with DNAC/ACI integration.
• BGP multi-homing with policy control (local-pref, MED, communities, prepends), route-maps, and failover testing.
• SolarWinds (NPM/NTA/NCM) operations and config compliance.
• Automation with Ansible and/or Python (templates, inventory, idempotent changes).
• Clear written and spoken communication in English, French would be a +

Nice to have

• Internet Exchange (IX) peering practices (prefix filters, max-prefix, RPKI/ROA).
• API work with DNAC/ACI; GitOps/CI basics.
• Wireless (SDA-WLC integration), QoS design, or network security crossover (NGFW, segmentation strategy).
• Experience with change management, CABs, and structured rollbacks.

Certifications

• CCNP (required or equivalent experience).
• CCIE (nice to have).
• Relevant ACI/DNAC/ISE training/certs are a plus.

📨 How to apply: Send your CV (in English), with ref: ASLENG006, to [email protected] or apply below.

Thank you!

T3 Team