AWS Network Engineer

Must Haves:
3+ years of experience in Infrastructure automation using Cloud Formation, Ansible, Powershell, or Terraform
3+ YEARS IN DESIGNING AND BUILDING WITH ALL ASPECTS OF HYBRID CLOUD NETWORK INFRASTRUCTURE DESIGN, DEVELOPMENT, AND IMPLEMENTATION
3+ years of experience with AWS environment, operations and automation
Experience with security in the cloud: Intrusion, penetration, and vulnerability scanning
AWS certification required, AWS Certified Solutions Architect, CCNP or CCIE is a plus.

Job Objective
This position will act as a primary technical principal and is responsible for delivering network solutions at an enterprise level. Expertise with network infrastructure technologies such as Public, Private, Hybrid Cloud, LAN, WAN, Wireless, Security, and Data Center. Ideal candidates will have AWS Cloud and Data Center experience. You will be part of our Network team for supporting our growing portfolio of cloud-based software applications. Candidates for this position must be able to, from day one, roll up their sleeves and hit the ground running, and bring their experience to the team to make the project deployments much smoother.

DELIVERABLES

• Operation tasks are conducted primarily in AWS public cloud, with some work in traditional data centers.
• Establish automation through Infrastructure as a code scripting using Cloudformation or Terraform.
• Contribute to the build-out of cloud infrastructure, for example, working with services such as load balancers, gateways, firewalls, subnets, security groups, storage options, and direct connect.
• Use scripting and automation tools to increase efficiency, performance, and cost reductions, for example, CloudFormation, Terraform, Unix Shell, Python, PowerShell, Ansible, etc.
• You will work with network team architects and cross-functional teams to determine project requirements, specifications, and technical solutions. IP Routing in Public Cloud and On-Prem Datacenters (SD-WAN, MPLS, HA, BGP, DNS, Subnetting, Firewalls and Load Balancers) AWS Networking (VPN, VPC, security group, transit gateways, direct connect) AWS Services, CloudFormation, CloudWatch, CloudTrail, VPC flow log, AWS Config, S3, EC2, VPC, IAM, and KMS) Network Logging/Monitoring tools
• Oversee planning, design, implementation, and operation of network infrastructure projects and participate in the specification of business requirements and implementation plans for technically advanced internetworking solutions
• Manage implementation of network infrastructure projects, from both technical and communication aspects.
• Review network design for network security and other risks during course of projects. Serve as a liaison to vendors and/or third-party providers as assigned
• Provide on-site and remote technical assistance to other resources and to customers
• Build and document new Infrastructure environments following industry best practices and internal security policies and standards
• Provide infrastructure design, implementation planning, deployment support, software strategy, system troubleshooting, performance engineering and optimization, maintenance strategy.
• Provide technical guidance, knowledge-transfer and mentorship to State Fund internal engineering peers as required and lead technical staff responsibilities.
• Establishes networking environment by designing system configuration; directing system installation; defining, documenting, and enforcing system standards.
• Maximizes network performance by monitoring performance; troubleshooting network problems and outages; scheduling upgrades; collaborating with other team on network optimization.
• Secures network and server systems by establishing and enforcing policies; defining and monitoring access.
• Accomplishes information systems and organization mission by completing related results as needed.
• Maintain AWS cloud network infrastructure in optimal configuration from both technical and budgetary perspectives.
• Provide 24 by 7 support
• Be able to collaborate well with cross functional teams in order to ensure timely delivery of solutions that drive successful business outcomes

TECHNICAL KNOWLEDGE AND SKILLS:

• Deep knowledge of cloud IAM and how to configure least-privilege. Knowledge of cloud networking and how to securely interconnect multiple cloud accounts, on-prem servers, etc.
• Experience with IAM, SAML, AWS control Tower customization and SSO implementations
• Working experience in containerization and orchestration using Docker, Kubernetes, or EKS/ECS.
• Prociency in architecting and deploying security best practices across the AWS technology stack.
• A working understanding of AWS sizing and pricing regarding AWS compute storage and database services.
• Working experience with AWS security, identity, & COMPLIANCE RESOURCES, AND SECURE ARCHITECTING. SOLID UNDERSTANDING AND HANDS-ON EXPERIENCE OF AWS SERVICES INCLUDING VPC, ELB, IAM, KMS, EC2, SSM, RDS, S3, AWS CONFIG, CLOUDTRAIL, SCP, CLOUDWATCH, CLOUDFORMATION, VPC FLOW LOG, SECURITY HUB, FIREWALL MANAGER, ROUTE53, API GATEWAY, LAMBDA, AND OTHERS
• Experience in the design, development, and implementation of AWS-based infrastructure solutions using AWS APIs, and Python with boto3.
• Strong experience with AWS network topology and services (Multi account/VPC environments that are integrated via AWS transit gateway, Direct Connects/VPNs connecting to physical locations)
• Cloud specific security controls experience, including API security experience
• Thorough understanding of networking technologies, including administration of enterprise routers, switches, firewalls, IDS/IPS, and load-balancers (OSI layers 4-7)
• Minimum 2 years of experience with on-premise networking products (Cisco ASA, Firepower, Client, and Palo Alto).
• Minimum 2 to 4 years of experience design and implement cloud network security infrastructure services in AWS, including monitoring, vulnerability management, and data protection.
• Expertise with various routing protocols (BGP, OSPF, EIGRP)
• Understanding of network security methodologies as a whole, including but not limited to: ACLs, Stateful firewalls, VPNs (tunneling, IPsec, SSL, etc.)
• Fluency with common network admin and monitoring tools such as Nagios, Opmanager, Wireshark, Nmap, Nessus, Netflow, Sflow etc.
• Knowledge of Cisco IOS, NX-OS, both Cisco Nexus 1K, 2K, 5K 7K, 9K and non-Nexus series switches, Cisco routers and other Cisco networking gear.
• Solid understanding of data center related technology and collocation environment.
• Working knowledge of MPLS network.
• Advanced knowledge of Cisco, F5, Palo Alto Firewall, Websense/Focepoint, Juniper and other vendor equipment and configuration
• In-depth knowledge and hands-on experience on Cisco Network Devices automation
• Expertise and Hands-on experience with Ansible or Python scripting for Network automation
• Deep domain expertise in networking, network security and public/private clouds
• Familiarity with SIEM

PREFERRED SKILLS:

• 3+ years of experience in Infrastructure automation using Cloud Formation, Ansible, Powershell, or Terraform
• 3+ YEARS IN DESIGNING AND BUILDING WITH ALL ASPECTS OF HYBRID CLOUD NETWORK INFRASTRUCTURE DESIGN, DEVELOPMENT, AND IMPLEMENTATION
• 3+ years of experience with AWS environment, operations and automation
• Experience with security in the cloud: Intrusion, penetration, and vulnerability scanning
• AWS certification required, AWS Certified Solutions Architect
• CCNP or CCIE is a plus.
• Project Management Experience
• Experience with Scripting and Automation technologies
• Ability to think and operate as a team player
• Extremely strong communication skills, BOTH WRITTEN AND VERBAL
• Experience managing network service and similar support providers in a client/vendor relationship
• Ability to operate as independently or as part of collaborative effort
• Demonstrate strong project leadership and ability to develop strong working relationships with customer technical personnel.
• Strong troubleshooting skills and ability to apply them during business impacting incidents.
• Capable of mentor others and lead by example.

DESIRED QUALIFICATIONS AND CERTIFICATIONS:
Bachelor's degree in a technical field (e.g. Computer Science, IT, or similar disciplines).
Equivalent work experience implementing and operating enterprise level data center and/or office networks.
Experience operating in a modern cloud environment such as AWS, GCP, or Azure or large scale data centers is a plus
CCNP is the very minimum requirement. CCIE R&S, or CCIE data center certifications and AWS certified solutions architect is a big plus