Key skills
GoAWSTerraformCloudWatchCDNCloudflarePerformance OptimizationCommunicationNetwork Security
About this role
BILL is a rapidly growing fintech company focused on empowering businesses through innovative financial tools. They are seeking a Staff Cloud Network Engineer to lead the design and evolution of their AWS network platform, ensuring performance, reliability, and growth across the BILL application ecosystem.
Responsibilities:
- Lead the design and evolution of our AWS network platform
- Set standards, influence architecture, and drive scalable, secure networking solutions across the BILL application ecosystem
- Act as the go-to expert for cloud networking, partnering closely with infrastructure, security, and product engineering teams
- Design and implement hub-and-spoke and multi-region topologies using AWS Transit Gateways and AWS Cloud WAN for high availability, scalability, and cost optimization
- Design inter-VPC and inter-account connectivity patterns, including segmentation strategies for production, staging, and non-production workloads
- Automate network configuration using Terraform or similar Infrastructure as Code (IaC) tools
- Manage Amazon Route 53 hosted zones and Cloudflare DNS/CDN configurations
- Apply network security principles and best practices at the VPC, Transit Gateway, and Cloud WAN layers
- Collaborate effectively with cross-functional teams to translate application and business requirements into resilient AWS network architectures
- Troubleshoot and resolve complex network issues across various environments
- Design and implement scalable and resilient network solutions, including multi-region failover and disaster recovery connectivity patterns
Requirements:
- Minimum of 7 years of relevant experience in network engineering, with a significant portion of that experience specifically focused on designing, implementing, and managing network infrastructure in AWS or similar cloud environments
- Proven experience architecting and operating large-scale AWS network environments, including the design and implementation of hub-and-spoke and multi-region topologies using AWS Transit Gateways and AWS Cloud WAN for high availability, scalability, and cost optimization
- Hands-on experience designing inter-VPC and inter-account connectivity patterns (e.g., VPC peering, Transit Gateway attachments, Cloud WAN core networks, and routing domains), including segmentation strategies for production, staging, and non-production workloads
- Proficiency in Terraform or similar Infrastructure as Code (IaC) tools for automating network configuration, including reusable modules for VPCs, Transit Gateways, Cloud WAN segments, route tables, and security policies
- In-depth knowledge of networking protocols, including TCP/IP, BGP, OSPF, VLANs, VPNs, and DNS, with specialized experience managing Amazon Route 53 hosted zones and Cloudflare DNS/CDN configurations, and the ability to apply these in cloud-based architectures (e.g., dynamic routing over Direct Connect or site-to-site VPN integrated with Transit Gateway / Cloud WAN)
- Strong understanding of network security principles and best practices, including firewalls, IDS/IPS, encryption, access control, and the application of these controls at the VPC, Transit Gateway, and Cloud WAN layers to enforce least-privilege and zero-trust patterns
- Experience with network monitoring and performance optimization tools such as CloudWatch, VPC Flow Logs, and AWS Direct Connect, including baselining, capacity planning, and proactive detection of routing and latency issues in large-scale topologies
- Ability to collaborate effectively with cross-functional teams, including Systems Engineers, Developers, Security, and Architects, to translate application and business requirements into resilient AWS network architectures
- Excellent troubleshooting and problem-solving skills, with a focus on identifying and resolving complex network issues across on-premises, Direct Connect, VPN, Transit Gateway, Cloud WAN, and VPC boundaries
- Strong communication skills and the ability to articulate network architecture and design decisions to both technical and non-technical stakeholders, including clear documentation of routing policies, segmentation models, and connectivity patterns
- AWS certification(s) such as AWS Certified Solutions Architect – Associate or AWS Certified Advanced Networking – Specialty is preferred
- Proven track record of designing and implementing scalable and resilient network solutions in a production environment, including multi-region failover, disaster recovery connectivity patterns, and change-managed rollouts using IaC