Staff Network Engineer

Responsibilities- - Staff Network Engineering - AWS and Hybrid Cloud```{=html}```- - AWS VPC Engineering```{=html}```- - Design, build, and maintain Amazon VPCs including CIDR planning, subnet design (public/private), route tables, Internet Gateways (IGW), NAT gateways, and VPC endpoints (Interface/Gateway).```{=html}```- - Configure and manage security controls such as Security Groups, NACLs, AWS Network Firewall, and AWS WAF for defenseindepth across environments.```{=html}```- - Hybrid Connectivity```{=html}```- - Implement and support hybrid connectivity using AWS Direct Connect, SitetoSite VPNs, and AWS Transit Gateway for scalable VPCtoVPC and onprem connectivity.```{=html}```- - Traffic Management and DNS```{=html}```- - Configure Amazon Route 53 for internal and external DNS, routing policies, health checks, and failover.```{=html}```- - Deploy and manage Elastic Load Balancing (ALB/NLB/GLB) to provide high availability, SSL termination, pathbased routing, and/or TCP/UDP load balancing.```{=html}```- - OnPrem and Data Center Networking```{=html}```- - Operate and troubleshoot onprem and data center networks using Juniper and Aruba platforms (switching, routing, VLANs, VRFs, BGP/OSPF).```{=html}```- - Configure, manage, and tune Palo Alto Networks firewalls, including security policies, NAT, VPN, and content inspection.```{=html}```- - Monitoring, Logging and Dashboards```{=html}```- - Design and implement endtoend monitoring, alerting, and dashboards for network health, performance, and security, leveraging tools such as:```{=html}```- - VPC Flow Logs, CloudWatch metrics/logs, and Route 53 health checks.```{=html}```- - Firewall logs and onprem device telemetry.```{=html}```- - Build and maintain dashboards for:```{=html}```- - Link utilization, latency, packet loss, and error rates (DX, VPN, TGW, campus links).```{=html}```- - Load balancer health, connection metrics, and capacity.```{=html}```- - DNS performance and resolution issues.```{=html}```- - Establish actionable alerting thresholds and runbooks to support rapid incident triage and resolution.```{=html}```- - Capacity Planning and Performance```{=html}```- - Perform ongoing capacity planning for AWS networking (VPCs, TGW, DX, VPN, load balancers) and onprem links, forecasting growth and identifying bottlenecks.```{=html}```- - Analyze traffic patterns and utilization data to rightsize connectivity, optimize routing, and plan upgrades before they become constraints.```{=html}```- - Run performance tests and baselines (throughput, latency, failover behavior) and tune configurations accordingly.```{=html}```- - Incident Response and Troubleshooting```{=html}```- - Lead networkrelated incident response, including realtime troubleshooting across layers (DNS, TCP/IP, TLS, HTTP, internal app protocols).```{=html}```- - Drive rootcause analysis (RCA) and implement corrective and preventive actions (runbooks, automation, design changes).```{=html}```- - Architecture and Design (Significant Component)```{=html}```- - Own endtoend network architecture for multiaccount, multiregion AWS environments, ensuring scalability, reliability, observability, and security.```{=html}```- - Develop and maintain network reference architectures and patterns for:```{=html}```- - Isolated and regulated environments.```{=html}```- - Servicetoservice connectivity using PrivateLink, VPC peering, and/or VPC Lattice.```{=html}```- - Ingress/egress patterns through ELB, Global Accelerator, an centralized egress VPCs.```{=html}```- - Design application connectivity, segmentation, and zerotrust network patterns in partnership with Security and Platform teams.```{=html}```- - Evaluate and introduce advanced AWS networking capabilities (e.g., AWS App Mesh, Amazon VPC Lattice, AWS Global Accelerator) where they provide clear operational or performance benefits.```{=html}```- - Ensure architectural designs explicitly include observability and capacity planning requirements (telemetry, KPIs, SLOs).```{=html}```- - Automation, Tooling and Governance```{=html}```- - Build and maintain infrastructureascode for network components (e.g., Terraform/CloudFormation modules for VPCs, TGWs, Direct Connect, routing, firewall rules).```{=html}```- - Integrate network provisioning and configuration into CI/CD pipelines to support safe, auditable, and repeatable deployments.```{=html}```- - Automate generation and updates of network monitoring, logging, and dashboard configurations where possible.```{=html}```- - Define and codify network standards, guardrails, and best practices for AWS and onprem networking, including monitoring and capacity baselines.```{=html}```- - Partner with Security and Compliance to ensure designs and implementations meet regulatory and internal policy requirements, including logging and retention requirements.```{=html}```- - Collaboration and Leadership```{=html}```- - Act as the primary subject matter expert for AWS networking, hybrid connectivity, and network observability, providing guidance to platform, SRE, security, and application teams.```{=html}```- - Mentor other engineers on networking fundamentals, AWS networking, performance troubleshooting, and effective monitoring/dashboards.```{=html}```- - Lead and review technical designs, RFCs, and architectural decisions for networkrelated projects.```{=html}```- - Communicate complex networking concepts, tradeoffs, and capacity risks to both technical and nontechnical stakeholders.These responsibilities summarize the roles primary responsibilities and are not an exhaustive list. They may change at the companys discretion.Required Qualifications- - 10+ years of experience in network engineering, with at least several years in a senior/staff or architectureoriented role.```{=html}```- - Deep, handson experience with AWS networking:```{=html}```- - Amazon VPC (CIDR design, subnets, IGW/NAT, route tables, endpoints).```{=html}```- - Security Groups and NACLs.```{=html}```- - AWS Transit Gateway, SitetoSite VPN, and AWS Direct Connect.```{=html}```- - Route 53 and ELB (ALB/NLB/GLB).```{=html}```- - Strong enterprise/data center networking experience:```{=html}```- - Juniper and/or Aruba networking platforms.Routing/switching (BGP, OSPF, VLANs,

Created: 2026-01-26