Senior Network Engineer, Cloud & Private Cloud

Role Overview

• Design hybrid network architectures across datacenter, private cloud (VMware), and public cloud (AWS/Azure/GCP), including L2/L3 segmentation, routing domains/VRFs, overlays, and interconnect.
• Define and implement SDN architectures (e.g., VMware NSX-T) including micro-segmentation, DFW policies, T0/T1 routing, NAT, Load Balancing (L4–L7), and edge services.
• Architect multi-site solutions: EVPN/VXLAN fabrics, DC interconnect, cloud on-ramps, and zero-downtime migration patterns (e.g., HCX).
• Design hybrid connectivity: Direct Connect / ExpressRoute, site-to-site VPN, SD-WAN (e.g., VMware VeloCloud), and BGP-based redundancy.
• Implement NSX-T components (Managers, Edges, Transport Zones, Segment profiles), overlay networks (VXLAN/GENEVE), Tier-0/Tier-1 routing, and micro-seg rules.
• Configure and maintain datacenter switching (Cisco NX-OS, ACI; Arista EOS; Juniper) including BGP/OSPF/IS-IS, EVPN, MLAG/vPC, QoS, SPT, MST.
• Integrate identity and access (e.g., Entra ID/Azure AD, Okta, AWS IAM) with network policies (zero trust, group-based policy, NAC/802.1X where applicable).
• Support VMware vSphere (ESXi, vCenter), physical-to-virtual networking mapping, and L4–L7 services (Palo Alto / Check Point / F5 BIG‑IP / NGINX).
• Build and maintain cloud networking: VPC/VNet design, subnetting, IGW/NATGW, peering, Transit Gateway/Hub-Spoke, NACLs/NSGs/Security Groups, private endpoints, and Kubernetes (CNI) networking.
• Automate with Terraform, Ansible, and scripts (Python, PowerShell); manage configuration via Git and CI/CD.
• Troubleshoot complex packet flow issues using Traceflow, vRNI/Aria Ops for Networks, pcap/Wireshark, NetFlow/IPFIX, and cloud-native tools.
• Define and enforce micro-segmentation and zero-trust network access; partner with security for policy definition (app identity, tags, security posture).

Requirements

• 10+ years architecting and operating enterprise/hyperscale networks across datacenter and cloud.
• Deep VMware networking: NSX‑T (overlay networking, Tier‑0/Tier‑1, DFW micro-segmentation, NAT, LB, Edge clusters, Federation/site DR).
• vSphere networking (VDS, port groups, teaming/policies) and physical-to-virtual integration patterns.
• Routing & Switching: Protocol expertise: BGP, OSPF, EVPN, VRF, ECMP, Anycast, IGP/BFD, Multicast (nice to have), MPLS (awareness).
• Datacenter switching: Cisco (NX‑OS/ACI), Arista EOS, or Juniper at scale.
• Overlays & SDN: VXLAN/GENEVE, VTEPs, route reflectors, fabric underlay/overlay separation, SDN control-plane concepts.
• Strong hands-on expertise in SDN & Overlay Protocols: Deep knowledge of VxLAN, EVPN, STP, LACP, vPC/MLAG and OSF/BGP, ACLs for building the scalable fabric that securely connects Private cloud infrastructure stack and platform and external environments
• Cloud Networking (one or more): AWS: VPC, TGW, DX, PrivateLink, Route 53, GWLB, NLB/ALB, Security Groups/NACLs.
• Azure: VNet, vWAN/Hub-Spoke, ER, Private Link, Azure Firewall, App GW, NSGs/UDRs, Route Server.
• GCP: VPC, Shared VPC, Cloud Router, Interconnect, Private Service Connect, GLB.
• Security & IAM: micro-segmentation frameworks, network security policies, IAM fundamentals (Azure AD/Entra, AWS IAM, Okta), RBAC.
• Automation & IaC: Terraform, Ansible, Git, and scripting (Python or PowerShell) for repeatable network builds and policy as code.
• Troubleshooting: Expert packet and control-plane debugging; able to isolate underlay/overlay issues, asymmetric routing, MTU/fragmentation, ECMP/blackhole, and cloud egress nuances.

Tech Stack

• Ansible
• AWS
• Azure
• Cloud
• Google Cloud Platform
• Kubernetes
• NGINX
• Python
• Switching
• Terraform
• VMware

Benefits

• Health & Wellbeing
• Personal & Professional Development
• Unconditional Inclusion