Senior Network Engineer

Vesta

$120K — $150K *
US-AnywhereRemote in Atlanta, GA
Information Technology
8 - 10 years of experience
Job Overview by Ladders

Qualifications

  • 10+ years of enterprise networking experience in multi-site, global environments.
  • Hands-on expertise with AWS networking and security services in production.
  • Capability to independently drive projects to completion with minimal oversight.
  • Strong vendor management with experience coordinating with carriers and ISPs.
  • Ability to document infrastructure for compliance and operational continuity.

Responsibilities

  • Design and maintain secure, scalable network infrastructure across multiple sites and cloud environments.
  • Architect routing and switching infrastructures including BGP, VLANs, and IPsec VPNs.
  • Administer enterprise firewalls aligned with PCI DSS requirements.
  • Optimize load balancing and traffic steering with F5 BIG-IP administration.
  • Manage AWS VPC setups and hybrid connectivity with Site-to-Site VPNs.
  • Enforce AWS security controls and monitor through CloudTrail and GuardDuty.
  • Contribute to infrastructure automation and documentation for compliance audits.

Benefits

  • Opportunity to lead in a cutting-edge global networking environment.
  • Engagement with both commercial and open-source networking tools.
  • Hands-on role with a focus on infrastructure modernization initiatives.
  • Possibility of travel to data centers and offices for project support.
  • Participation in on-call rotation for incident management.
Full Job Description
Position Summary

Vesta Corporation is seeking a Senior Network Engineer to lead the design, implementation, and ongoing operations of our global enterprise network. This is a senior individual-contributor role operating at the intersection of complex multi-site networking, hybrid cloud infrastructure, and PCI compliance. The ideal candidate brings 10+ years of hands-on enterprise networking experience, deep fluency with AWS network architecture and security services, strong familiarity with both commercial and open-source tooling, and the ability to drive infrastructure modernization initiatives with limited oversight.

Key Responsibilities

On-Premises & Hybrid Network Infrastructure
• Design, implement, and maintain scalable, secure network infrastructure across data centers, remote sites, and AWS/Azure cloud environments.
• Architect and operate routing and switching infrastructure including BGP, NAT, VLANs, Spanning Tree, IPsec VPNs and HSRP.
• Manage and tune enterprise firewall platforms (Cisco, pfSense, Check Point) in alignment with PCI DSS segmentation and access control requirements.
• Administer and optimize F5 BIG-IP LTM/GTM for application delivery, load balancing, and traffic steering across production environments.
• Manage Cloudflare DNS, WAF, and network security policies for internet-facing properties.
• Maintain network security policy management via FireMon; contribute to access path analysis and rule lifecycle management.
• Manage Proxmox-based virtualization as it relates to network-adjacent workloads and VM/LXC networking.
• Coordinate with vendors and carriers to manage WAN circuits, resolve outages, and drive cost optimization.

AWS Network Design & Operations
• Design, deploy, and maintain AWS Virtual Private Clouds (VPCs) including subnet design, CIDR allocation, route tables, internet gateways, and NAT gateways across multi-account and multi-region environments.
• Architect and manage VPC-to-VPC connectivity via VPC Peering, AWS Transit Gateway, and PrivateLink to support secure, scalable inter-service communication.
• Configure and maintain AWS Site-to-Site VPN and Direct Connect circuits for hybrid connectivity between on-premises data centers and AWS environments.
• Design and enforce AWS Security Group and Network ACL policies as network-layer access controls, aligned with PCI DSS segmentation requirements.
• Manage DNS architecture within AWS using Route 53 for private hosted zones, resolver endpoints, conditional forwarding, and DNS failover across hybrid environments.
• Configure and manage AWS NAT Gateways, Elastic IPs, and Elastic Load Balancers (ALB/NLB) for workload exposure and traffic routing.
• Maintain AWS network connectivity for partner data and compute workloads migrated into cloud environments, including GDPR and data sovereignty considerations.

AWS Security & Compliance
• Implement and maintain AWS security controls at the network layer including Security Groups, NACLs, VPC Flow Logs, and WAF rulesets on CloudFront and ALB.
• Enable and manage AWS CloudTrail across accounts to ensure comprehensive API activity logging; integrate with centralized SIEM for alerting and audit evidence.
• Configure and maintain AWS GuardDuty for threat detection; triage findings and drive remediation in coordination with the security team.
• Manage AWS Security Hub to aggregate and prioritize findings from GuardDuty, Inspector, Macie, and third-party integrations; produce compliance posture reports for PCI DSS and SOC 1 Type 2 audits.
• Administer AWS IAM policies, roles, and permission boundaries as they relate to network resource access; enforce least-privilege principles across VPC, Direct Connect, and Transit Gateway configurations.
• Use AWS Config rules and AWS Organizations SCPs to enforce network security standards and detect drift across multi-account environments.

Monitoring, Observability & Automation
• Monitor AWS network health using VPC Flow Logs, CloudWatch metrics and alarms, Transit Gateway Network Manager, and Reachability Analyzer.
• Build and maintain CloudWatch dashboards and alarms for network throughput, latency, NAT gateway utilization, VPN tunnel status, and Direct Connect metrics.
• Evaluate, deploy, and operationalize FOSS tools as replacements for commercial products where appropriate (e.g., Oxidized, NetBox)
• Contribute to Infrastructure as Code for network resources using automation; enforce configuration consistency across environments.
• Maintain comprehensive documentation for network topology, configurations, and operational runbooks; support PCI DSS and SOC 1 Type 2 audit evidence collection.
• Participate in on-call rotation and be available for after-hours work including unscheduled incidents.
• Travel to domestic data center and office locations as needed to support deployments or incidents.

Technical Expertise & Core Competencies

Required On-Premises
• 10+ years of hands-on enterprise networking experience in large-scale, multi-site environments.
• Expert-level Cisco routing and switching: IOS/NX-OS, BGP, OSPF, EIGRP, VLANs, STP, QoS.
• Enterprise firewall administration: Cisco ASA/FTD, pfSense, and Check Point. Rule management, segmentation strategy, and change control.
• F5 BIG-IP LTM/GTM: virtual servers, pools, iRules, traffic policies, and GTM topology records.
• Cloudflare: DNS management, WAF rulesets, and security policy administration.
• FireMon: policy analysis, rule review workflows, and access path validation.
• Deep understanding of TCP/IP, DNS, DHCP, routing/switching protocols, and secure remote access.
• Experience operating in PCI DSS compliant environments including control implementation and audit evidence collection.

Required AWS Networking & Security:
• VPC architecture: subnet design and CIDR planning, route tables, internet gateways, NAT gateways, and VPC endpoints.
• VPC connectivity: VPC Peering, Transit Gateway, and AWS PrivateLink for inter-VPC and cross-account routing.
• Hybrid connectivity: Site-to-Site VPN and Direct Connect configuration, BGP peering, and failover design.
• Security controls: Security Groups, Network ACLs, and VPC Flow Logs for traffic visibility and PCI segmentation enforcement.
• DNS: Route 53 private hosted zones, resolver endpoints, conditional forwarding rules, and health-check-based failover.
• Load balancing and exposure: Application Load Balancer (ALB), Network Load Balancer (NLB), and Elastic IP management.
• Monitoring and observability: CloudWatch metrics, alarms, dashboards; VPC Flow Logs analysis; Transit Gateway Network Manager.
• Security and compliance services: CloudTrail, GuardDuty, Security Hub, AWS Config, IAM policy review, and ACM.
• Multi-account governance: AWS Organizations, SCPs, and Control Tower network guardrails.

Preferred / Nice to Have
• Proxmox VE: VM/LXC provisioning, cluster management, and software-defined networking.
• Infrastructure as Code: Terraform or CloudFormation for network resource provisioning and drift detection.
• Experience deploying FOSS tools to replace commercial networking or monitoring products (e.g., Oxidized, NetBox).
• Azure networking: Azure Firewall, NSGs, and Azure DNS private zones.
• Zero-trust / overlay VPN concepts and implementation (e.g., Tailscale or Wireguard).
• AWS advanced networking: CloudFront distributions, WAF on ALB/CloudFront, PrivateLink endpoint services, Network Firewall.
• Scripting or automation: Python, Bash, or Ansible for network task automation.
• Vendor management: circuit provisioning, carrier escalations, and hardware lifecycle coordination.

Qualifications
• 10+ years of enterprise networking experience in complex, multi-site or global environments.
• Demonstrated hands-on proficiency with AWS networking and security services in production environments.
• Demonstrated ability to work independently and drive projects to completion without heavy oversight.
• Strong vendor management skills, able to coordinate service delivery and incident resolution with carriers, ISPs, and hardware vendors.
• Proven ability to document infrastructure for audits, incident response, and operational continuity.
• Willingness and ability to travel domestically as needed (valid driver's license required).
• Available for on-call rotation and after-hours support windows.

Education & Certifications

Education
• Bachelor's degree in Information Technology, Computer Science, or a related field, or equivalent professional experience.

Required Certifications
• Cisco CCNP (or higher) Enterprise, Data Center, or Security track.

Preferred Certifications
• AWS Certified Advanced Networking, Specialty (ANS-C01) or AWS Solutions Architect | Professional.
• AWS Certified Security, Specialty (SCS) is a strong differentiator given the compliance posture of this role.
• Microsoft Azure Network Engineer Associate or equivalent Azure networking certification.
• Check Point CCSE or equivalent firewall platform certification.
• CCIE (any track), F5 Certified BIG-IP Administrator, HashiCorp Terraform Associate, or other advanced certifications.

Similar Jobs

More Jobs at Vesta

More Information Technology Jobs

Find similar Senior Network Engineer jobs: