Cloud Network Engineer

Position Summary:

Own the design, reliability, and automation of enterprise network connectivity across on-prem and cloud. This role delivers secure, scalable network services (routing, segmentation, firewalling, VPN, DNS/IPAM, monitoring) with a platform mindset, enabling application teams and operations to move faster with guardrails. Success requires strong hands-on troubleshooting fundamentals plus the ability to implement repeatable patterns in AWS and Azure (hybrid connectivity, multi-account/subscription architectures, centralized inspection/egress, and network observability). Provide resilient, secure, and automated connectivity as a service—reducing operational friction, improving time-to-delivery, and increasing network reliability through standard architectures and automation. Function as an engineer with a platform-oriented approach by standardizing best practices, minimizing manual effort through automation, and enhancing system reliability using telemetry data and insights from incident analysis.

Job Responsibilities:

Network Architecture & Engineering

• Design and operate enterprise LAN/WAN connectivity, including routing (BGP/OSPF), subnetting, segmentation, NAT, and high availability patterns.

• Build and maintain secure connectivity services: site-to-site VPN, remote access integration patterns, and encrypted transport where required.

• Partner with stakeholders to translate requirements into network designs that meet performance, resiliency, and security objectives.

Cloud Connectivity (AWS + Azure)

• Design and support cloud networking primitives and patterns in AWS and Azure (VPC/VNet, routing, segmentation, private connectivity, load-balancing integration, DNS considerations).

• Engineer secure hybrid connectivity between on-prem and cloud, including routing, failover strategy, and operational runbooks.

• Implement and operate multi-account/multi-subscription connectivity architectures (hub/spoke, shared services, centralized routing domains, and guardrails).

Security Controls, Segmentation, and Inspection

• Implement and manage network security controls in partnership with Security Engineering (firewall policy lifecycle, segmentation zones, secure egress).

• Deliver centralized inspection/egress patterns and ensure traffic flows are logged and traceable (flow logs, firewall logs) per requirements

• Ensures network designs and telemetry align to healthcare privacy/security expectations, including segmentation, encryption in transit where required, and audit-friendly logging for incident response.

Automation & Change Enablement

• Automate repeatable network deployments and changes using infrastructure-as-code and version-controlled workflows (peer review, drift management).

• Improve change reliability via validation (pre-checks/post-checks) and documentation-as-code where practical.

Reliability & Operations

• Maintain operational excellence through proactive monitoring, capacity awareness, and structured incident response participation.

• Lead troubleshooting using packet-level analysis and systematic fault isolation across cloud and on-prem dependencies.

• Continuously improve runbooks, diagrams, and reference architectures to reduce MTTR.

• Collaborate with global colleagues.

Vendor Governance

• Manage provider performance and cloud connectivity; support optimization initiatives and contract deliverables as applicable.

Experience

Minimum Qualifications

• 7-10 years of hands-on experience as a Network Engineer (or similar) in a complex, multi-protocol environment.

• Hands-on cloud networking experience in AWS and/or Azure (VPC/VNet design, routing, segmentation, hybrid connectivity).

• Strong fundamentals in enterprise networking: TCP/IP, routing (BGP/OSPF), VLANs, subnetting, NAT/PAT, VPN, and packet-level troubleshooting.

• Infrastructure-as-code exposure for networking (e.g., Terraform or equivalent) plus peer-reviewed change workflows.

• Demonstrated ability to operate network monitoring and analysis tooling; strong competence diagnosing latency/loss/route issues end-to-end.

• Experience operating perimeter and internal security controls (firewalls, segmentation principles, authentication/authorization integrations).

• Ability to produce and maintain clear network documentation (diagrams, standards, runbooks) and communicate effectively across technical and non-technical audiences.

• Bachelor’s Degree in an IT/engineering discipline or equivalent practical experience.

• Experience implementing centralized inspection/egress patterns and flow visibility (e.g., VPC Flow Logs, Network Watcher, firewall logging).

• Experience with multi-account/multi-subscription networking patterns (shared services hub, standardized guardrails, centralized routing/inspection).

Regulatory / Domain Context (Preferred)

• Familiarity with healthcare regulatory expectations and privacy/security best practices (e.g., HIPAA considerations) as they apply to network security and logging.

Certifications Preferred

• AWS Advanced Networking - Specialty and/or AWS Security - Specialty.

• Azure AZ-700 and/or AZ-500.

• CCNA/CCNP (or equivalent).

• Palo Alto certification (e.g., PCNSE) preferred; Palo Alto platform experience a plus.

Technology Areas

• WAN/LAN: MPLS, Metro Ethernet, SD-WAN, Wireless.

• Access/Security: NAC, RADIUS/LDAP/TACACS, segmentation, MFA integration patterns.

• VPN & Secure Edge: site-to-site and remote connectivity patterns; secure edge / zero-trust access patterns.

• Cloud Networking: AWS/Azure network constructs (e.g., VPC/VNet), hybrid connectivity (e.g., Direct Connect/ExpressRoute), routing, DNS, load balancing, cloud-native firewalling/inspection patterns.

• Infrastructure as Code (IaC) & Automation: Terraform (preferred), CI/CD for network changes, config automation and policy-as-code patterns.

Skills and Abilities:

Language Skills: Strong communication skills both written and verbal to work with multiple internal and external clients in a fast-paced environment

Mathematical Skills:  Ability to work with mathematical concepts such as probability and statistical inference. Ability to apply concepts such as fractions, percentages, ratios, and proportions to practical situations.

Reasoning Ability:  Ability to apply principles of logical or scientific thinking to a wide range of intellectual and practical problems.

Computer Skills:  Ability to create and maintain documents using Microsoft Office (Word, Excel, Outlook, PowerPoint)

Other Skills and Abilities:

• Ability to create and maintain network documentation including standards, diagrams, implementation guides, and operational runbooks. Includes maintaining reference architectures, operational SLOs/runbooks, and automation artifacts where appropriate.

Travel:

• Ability to travel up to 20% of the time to assist with network components and projects in offices nationwide.

Salary range shown is a guideline. Individual compensation packages can vary based on factors unique to each candidate, such as skill set, experience, and qualifications.