Key skills
AWSAzureiOSCloudflareLoad BalancingNetwork SecurityWAFFirewall
About this role
Vesta is a company that helps wireless providers enhance their payment systems to reduce fraud and increase successful transactions. They are seeking a Senior Network Engineer to lead the design and implementation of their global enterprise network, ensuring security and compliance across multiple sites and cloud environments.
Responsibilities:
- Design, implement, and maintain scalable, secure network infrastructure across data centers, remote sites, and cloud environments (AWS and Azure)
- Architect and operate routing and switching infrastructure including BGP, NAT, VLANs, Spanning Tree, IPsec VPNs, PBR, and HSRP
- Manage and tune enterprise firewall platforms (Cisco, pfSense, Check Point) in alignment with PCI DSS segmentation and access control requirements
- Administer and optimize F5 BIG-IP LTM/GTM for application delivery, load balancing, and traffic steering across production environments
- Manage Cloudflare DNS, WAF, and network security policies for internet-facing properties
- Maintain network security policy management via FireMon; contribute to access path analysis and rule lifecycle management
- Evaluate, deploy, and operationalize free open-source software (FOSS) as replacements for commercial products where appropriate (e.g., network monitoring, IPAM, configuration backup)
- Manage Proxmox-based virtualization as it relates to network-adjacent workloads and VM/LXC networking
- Coordinate with vendors and carriers to manage WAN circuits, resolve outages, and drive cost optimization
- Maintain comprehensive documentation for network topology, configurations, and operational runbooks; support PCI DSS and SOC 1 Type 2 audit evidence collection
- Participate in on-call rotation and be available for after-hours work including unscheduled incidents
- Travel to domestic data center and office locations as needed to support deployments or incidents
Requirements:
- 10+ years of hands-on enterprise networking experience in large-scale, multi-site environments
- Expert-level Cisco routing and switching: IOS/NX-OS, BGP, OSPF, EIGRP, VLANs, STP
- Enterprise firewall administration: Cisco ASA/FTD, pfSense, and Check Point — rule management, segmentation strategy, and change control
- F5 BIG-IP LTM/GTM: virtual servers, pools, iRules, traffic policies, GTM topology records
- Cloudflare: DNS management, WAF rulesets, and security policy administration
- FireMon: policy analysis, rule review workflows, access path validation
- Deep understanding of TCP/IP, DNS, DHCP, routing/switching protocols, and secure remote access
- Experience operating in PCI DSS-compliant environments including control implementation and audit evidence collection
- Strong troubleshooting capabilities with the ability to resolve complex outages under time pressure
- Demonstrated ability to work independently and drive projects to completion without heavy oversight
- Strong vendor management skills — able to coordinate service delivery and incident resolution with carriers, ISPs, and hardware vendors
- Proven ability to document infrastructure for audits, incident response, and operational continuity
- Willingness and ability to travel domestically as needed (estimated low frequency; valid driver's license required)
- Available for on-call rotation and after-hours support windows
- Bachelor's degree in Information Technology, Computer Science, or a related field, or equivalent professional experience
- Proxmox VE: VM/LXC provisioning, cluster management, and software-defined networking
- Experience deploying FOSS tools to replace commercial networking or monitoring products (e.g., Oxidized, NetBox, or similar)
- Hybrid cloud networking: AWS Direct Connect, Azure ExpressRoute, site-to-site VPN, cloud-native security groups
- Zero-trust / overlay VPN concepts and implementation (e.g., Tailscale or equivalent)
- Structured cabling standards, rack design, and power management in physical data center environments
- Vendor management: circuit provisioning, carrier escalations, hardware lifecycle coordination
- AWS Certified Advanced Networking Specialty, AWS Solutions Architect, or equivalent
- Microsoft Azure Network Engineer Associate or equivalent Azure networking certification
- Cisco CCNP (or higher) — Enterprise, Data Center, or Security track
- Check Point CCSE or equivalent firewall platform certification
- CCIE (any track), F5 Certified BIG-IP Administrator, or other advanced certifications are a strong differentiator