agilon healthRemote
Cloud Network Engineer
United States
Full-time
1 week ago
$100,000 - $123,000 USD
H1B Sponsor Likely
Key skills
AWS networkingAzure networkingNetwork security controlsInfrastructure as CodeNetwork architecturePacket-level troubleshootingMulti-account networkingHealthcare regulatory knowledgeMathematical skillsReasoning abilityMicrosoft OfficeNetwork documentationcommunication skillsAWSAzureTerraformNetwork SecurityFirewall
About this role
Agilon health is a healthcare technology company focused on improving the delivery of care. They are seeking a Cloud Network Engineer to design and ensure the reliability and automation of enterprise network connectivity across on-prem and cloud environments. The role involves delivering secure and scalable network services while collaborating with application teams and operations.
Responsibilities:
- Design and operate enterprise LAN/WAN connectivity, including routing (BGP/OSPF), subnetting, segmentation, NAT, and high availability patterns
- Build and maintain secure connectivity services: site-to-site VPN, remote access integration patterns, and encrypted transport where required
- Partner with stakeholders to translate requirements into network designs that meet performance, resiliency, and security objectives
- Design and support cloud networking primitives and patterns in AWS and Azure (VPC/VNet, routing, segmentation, private connectivity, load-balancing integration, DNS considerations)
- Engineer secure hybrid connectivity between on-prem and cloud, including routing, failover strategy, and operational runbooks
- Implement and operate multi-account/multi-subscription connectivity architectures (hub/spoke, shared services, centralized routing domains, and guardrails)
- Implement and manage network security controls in partnership with Security Engineering (firewall policy lifecycle, segmentation zones, secure egress)
- Deliver centralized inspection/egress patterns and ensure traffic flows are logged and traceable (flow logs, firewall logs) per requirements
- Ensures network designs and telemetry align to healthcare privacy/security expectations, including segmentation, encryption in transit where required, and audit-friendly logging for incident response
- Automate repeatable network deployments and changes using infrastructure-as-code and version-controlled workflows (peer review, drift management)
- Improve change reliability via validation (pre-checks/post-checks) and documentation-as-code where practical
- Maintain operational excellence through proactive monitoring, capacity awareness, and structured incident response participation
- Lead troubleshooting using packet-level analysis and systematic fault isolation across cloud and on-prem dependencies
- Continuously improve runbooks, diagrams, and reference architectures to reduce MTTR
- Collaborate with global colleagues
- Manage provider performance and cloud connectivity; support optimization initiatives and contract deliverables as applicable
Requirements:
- 7-10 years of hands-on experience as a Network Engineer (or similar) in a complex, multi-protocol environment
- Hands-on cloud networking experience in AWS and/or Azure (VPC/VNet design, routing, segmentation, hybrid connectivity)
- Strong fundamentals in enterprise networking: TCP/IP, routing (BGP/OSPF), VLANs, subnetting, NAT/PAT, VPN, and packet-level troubleshooting
- Infrastructure-as-code exposure for networking (e.g., Terraform or equivalent) plus peer-reviewed change workflows
- Demonstrated ability to operate network monitoring and analysis tooling; strong competence diagnosing latency/loss/route issues end-to-end
- Experience operating perimeter and internal security controls (firewalls, segmentation principles, authentication/authorization integrations)
- Ability to produce and maintain clear network documentation (diagrams, standards, runbooks) and communicate effectively across technical and non-technical audiences
- Bachelor's Degree in an IT/engineering discipline or equivalent practical experience
- Experience implementing centralized inspection/egress patterns and flow visibility (e.g., VPC Flow Logs, Network Watcher, firewall logging)
- Experience with multi-account/multi-subscription networking patterns (shared services hub, standardized guardrails, centralized routing/inspection)
- Familiarity with healthcare regulatory expectations and privacy/security best practices (e.g., HIPAA considerations) as they apply to network security and logging
- AWS Advanced Networking - Specialty and/or AWS Security - Specialty
- Azure AZ-700 and/or AZ-500
- CCNA/CCNP (or equivalent)
- Palo Alto certification (e.g., PCNSE) preferred; Palo Alto platform experience a plus