Job Overview:As the VP, Network Engineering, you lead the Network Engineering pod within the Foundations team in LPL's Cloud Center of Excellence (CCOE). You own the architecture, implementation, and operations of LPL's AWS network fabric across our multi-account landing zone, plus the hybrid connectivity and edge services that link cloud to on-premises. Network Engineering at LPL is tightly integrated with Security & Governance - a peer pod inside the same Foundations team - and a substantial portion of your team's work is the design, automation, and continuous hardening of network-layer security and compliance controls in deep partnership with the VP, Security & Governance. You also partner closely with LPL's separate enterprise Information Security organization, which acts as the watchdog for security risk and regulatory compliance. LPL is an AWS-first CCOE: a multi-account landing zone with 100+ private reusable Terraform modules that enable 60+ AWS services, all delivered through Terraform Cloud and GitHub Actions. You are both a people leader for a globally distributed team across the US and LPL's India GCC and a hands-on senior network engineer who contributes directly to network designs, Terraform code, and incident response.
Responsibilities:- Lead the Network Engineering pod within the Foundations team in CCOE: own AWS network architecture, implementation, and operations across LPL's multi-account landing zone
- Design, build, and operate Transit Gateway, VPCs, PrivateLink and private endpoints, hybrid connectivity over Direct Connect and Site-to-Site VPN with BGP-driven routing, edge services, network firewalls (AWS Network Firewall, Palo Alto, etc.), DNS (Route 53, Infoblox), and certificate management (ACM, ACM PCA)
- Partner deeply and continuously with the VP, Security & Governance to design, automate, and enforce network-layer security controls: segmentation and micro-segmentation, encryption in transit, ingress/egress inspection, WAF, Shield, GuardDuty, and network-detective controls
- Co-own and continuously harden the multi-account landing zone in partnership with the Security & Governance, FinOps, Monitoring, and Functional Design Engineering & Strategy pods (within Foundations) and the Platforms and Containers teams - delivering a secure-by-default network fabric
- Translate regulatory requirements (FINRA, SEC, PCI, SOX) into network and connectivity controls; partner with Security & Governance, the enterprise Information Security organization, and Internal Audit on evidence collection, attestation, and audit response
- Build and maintain the Terraform code that defines LPL's foundational network layer - VPCs, Transit Gateway, route tables, security groups, network firewalls, PrivateLink, DNS, and edge services - deployed through Account Factory for Terraform (AFT) at the foundational base layer, distinct from the private module library that application teams consume for self-service
- Drive the network strategy for new patterns: zero trust, PrivateLink, private endpoints, IPv6, and service-mesh integration
- Embed agentic AI capabilities into the team's engineering practice (e.g., Cursor, Claude Code, Bedrock, MCP servers, agentic IaC and review workflows) and into the platform's self-service experience for internal customers
- Embed agentic AI capabilities into network operations: automated change-impact analysis, network policy generation from intent, AI-assisted incident triage, and conversational self-service for common network change requests
- Recruit, develop, mentor, and retain a globally distributed team of senior cloud engineers across LPL's US offices and India Global Capability Center (GCC)
- Own all people-management responsibilities for the pod including hiring, onboarding, weekly 1:1s, performance management, compensation planning, career development, and certification-path execution per the CCOE certification matrix
- Operate as a player-coach: spend meaningful time hands-on in Terraform code, design reviews, peer reviews, and incident response while leading people and delivery
- Lead and personally participate in 24x7 on-call rotations as senior incident commander and technical escalation point for the pod
- Partner with peer VPs across the Cloud Center of Excellence - the leaders of the five CCOE teams (Foundations, Platforms, Containers, Support, Delivery) and the leaders of the pods within Foundations (Security & Governance, FinOps, Functional Design Engineering & Strategy, Network Engineering, Monitoring) - to align roadmaps and remove cross-team and cross-pod blockers
- Champion AWS Well-Architected Framework adoption across all six pillars and drive continuous improvement against operational, security, reliability, performance, cost, and sustainability outcomes
- Participate in Agile/Scrum ceremonies (sprint planning, standups, backlog grooming, retrospectives) and partner with the RTE and PMO on delivery commitments and dependencies
- Represent the pod in executive forums, architecture review boards, internal audit, and customer engagements; communicate technical risk and trade-offs to non-technical executives
What are we looking for?We're looking for strong collaborators who deliver exceptional client experiences and thrive in fast-paced, team-oriented environments. Our ideal candidates pursue greatness, act with integrity, and are driven to help our clients succeed. We value those who embrace creativity, continuous improvement, and contribute to a culture where we win together and create and share joy in our work.
Requirements:- 10+ years of progressive technical experience including 5+ years in cloud infrastructure or platform engineering leadership; Bachelor's degree in Computer Science, Engineering, or a related discipline (or equivalent work experience)
- 5+ years of hands-on production AWS at scale in a multi-account landing zone, with 4+ years of authoring production Terraform in a private module ecosystem delivered through Terraform Cloud and GitHub Actions
- 5+ years experience as a direct people manager of engineering teams of 5+ engineers, including hiring, performance management, compensation, and difficult personnel decisions
- 5+ years experience leading and personally participating in 24x7 production on-call rotations in a fast-paced, security-conscious, regulated environment (financial services strongly preferred)
- 10+ years experience running BGP for hybrid cloud-to-on-premises connectivity over Direct Connect and Site-to-Site VPN (eBGP/iBGP, route propagation, BGP communities, AS-path policy, route filtering); BGP fluency is required given LPL's hybrid network architecture
Core Competencies:- Strong partnership instincts with Security & Governance and the enterprise Information Security organization - operates as one team, not as a handoff
- Translates compliance requirements into pragmatic, automated, code-reviewed controls - every network change is a code change
- Player-coach who is comfortable in code reviews, architecture sessions, and people 1:1s in the same day
- Continuous learner, especially in cloud-native, IaC, platform engineering, and applied AI
- Sets vision and translates ambiguous strategy into executable engineering roadmaps
- Bias for self-service, automation, and reducing toil for downstream internal customers
- Builds high-trust relationships across the US and India organization and across functions (Architecture, Security, FinOps, Application Engineering, Network, Audit)
- Calm, decisive incident commander; fosters a strong post-incident learning culture
- Excellent written and verbal communication, executive presence, and ability to influence without direct authority
- Thrives in matrixed, fast-paced, regulated environments with imperfect information
Preferences:- Experience with zero-trust architecture, ZScaler, Netskope, or comparable solutions
- Experience with on-premises data-center networking (Cisco, Arista) for hybrid scenarios and cloud-to-DC connectivity
- Cisco networking certifications: CCNA, CCNP Enterprise, or CCIE (Enterprise Infrastructure or Service Provider)
- AWS Certified Advanced Networking - Specialty
- AWS Certified Security - Specialty
- Solid command of additional routing and connectivity fundamentals: OSPF, IPSec, TLS, DNS, and certificate management
- Master's degree in Computer Science, Engineering, or MBA
- Experience building, scaling, or leading globally distributed engineering teams across the US and India / GCC
- Experience integrating agentic AI / GenAI tooling (Cursor, Claude Code, Copilot, Bedrock, MCP) into platform, IaC, and engineering practice
- Strong scripting / programming proficiency in Python, Bash, or PowerShell
- AWS Solutions Architect - Professional
- AWS Certified Generative AI Developer - Associate
- HashiCorp Certified: Terraform Associate (004) or Authoring & Operations
- Open-source contributions, public technical writing, or conference speaking on cloud, IaC, or platform engineering topics
- Experience with FinOps practices and cloud cost management at scale
Pay Range: $149,350.00 - $248,848.00
Actual base salary varies based on factors, including but not limited to, relevant skill, prior experience, education, base salary of internal peers, demonstrated performance, and geographic location. Additionally, LPL Total Rewards package is highly competitive, designed to support your success at work, at home, and at play - such as 401K matching, health benefits, employee stock options, paid time off, volunteer time off, and more. Your recruiter will be happy to discuss all that LPL has to offer!
