Cloud Engineer / Senior Cloud Engineer - Networking: AWS (IGT1)

Responsibilities

• Design, configure, and operate AWS networking : VPC/VPCe, Subnets, Route Tables, NACLs, Security Groups, Transit Gateway , PrivateLink , NAT, IGW, Route 53 , and hybrid connectivity patterns.
• Build and maintain site‑to‑site VPNs (IPsec) and Direct Connect (with BGP), including failover and HA designs; administer Sophos XG (or equivalent) virtual firewalls.
• Manage Layer‑4/7 traffic using ALB/NLB , AWS WAF , TLS termination, and client/server certificate workflows (PKI).
• Lead deep‑dive troubleshooting for network connectivity (AWS ↔ customer DC/cloud), packet flow, NAT, routing asymmetry, MTU/fragmentation, TCP/TLS, DNS, and identity‑adjacent issues.
• Instrument and monitor network health (CloudWatch, VPC Flow Logs, Datadog, firewall logs); respond to alerts, drive rapid mitigation, and provide clear RCA inputs.
• Execute network changes and environment builds using Terraform and AWS CLI following change controls and maintenance windows.
• Develop scripts (Bash/Python/PowerShell) for validation checks, log parsing, and configuration hygiene; reduce toil via automation and golden patterns.
• Enforce least‑privilege network access, segmentation standards, and encryption in transit; collaborate with Security on detections and guardrails.
• Maintain auditable documentation (diagrams, SOPs/runbooks, firewall rulesets, cert inventories) and support patching/compliance activities.
• Work directly with customer IT/network teams to set up connectivity (VPN/DCX) , perform cutovers, and resolve issues; explain decisions and trade‑offs clearly.
• Partner with SRE/Engineering to improve observability, resiliency, and performance; assist Support with network‑centric cases.
• Participate in the global on‑call rotation for P1/P2 incidents; own clean shift handoffs and accurate ticket hygiene.
• Contribute to post‑incident reviews , knowledge base articles, and continuous improvement initiatives.
• Required Qualifications
• 2-3 years for Cloud Engineer or 3-5 years for the Senior Cloud Engineer in Cloud/Network Engineering, Network Operations, or SRE with strong networking focus.
• Hands‑on AWS networking experience (VPC/TGW/Route 53/ALB‑NLB/PrivateLink/VPN/Direct Connect/BGP).
• Strong network fundamentals : TCP/IP, routing (static/BGP), NAT, ACLs, firewalls, DNS, TLS/PKI, IPsec; packet capture/flow analysis (e.g., tcpdump, Wireshark).
• Proficiency with Bash, Python, Terraform and AWS CLI ; Git‑based workflows and change control discipline.
• Linux administration fundamentals; comfort reading system/app logs.
• Experience in follow‑the‑sun/24×7 environments with on‑call participation.
• Excellent written and verbal communication for global and customer‑facing work.

Requirements

• Certifications (one or more): AWS Advanced Networking - Specialty , AWS Solutions Architect - Associate/Professional , CCNA/CCNP , Network+ , or Fortinet/Sophos equivalents.
• Experience with Sophos XG (or similar virtual firewall), IPsec/IKEv2 tuning, and HA patterns.
• Exposure to observability/SIEM/EDR (Datadog, Rapid7, SentinelOne) and security best practices.
• Familiarity with healthcare integration engines (Rhapsody/Corepoint) or other enterprise SaaS workloads.
• Scripting beyond basics (Python/Bash) and CI/CD familiarity.
• Shift & On‑Call Expectations
• Assigned shift coverage aligned with global operations; occasional shift adjustments for maintenance or projects.
• Participation in rotational on‑call for P1/P2 events per local policy
• Precise handoffs and status updates at shift boundaries.
• Education
• College degree in Computer Science, Information Technology, or a closely related field preferred
• Demonstrated, relevant experience may be substituted for a degree
• AWS certification preferred (e.g., AWS Solutions Architect, AWS Advanced Networking - Specialty)

Benefits

Additional Information

The Cloud Engineer - Networking focuses on the design, operation, and troubleshooting of network services that underpin Rhapsody's AWS‑hosted platforms (RaaS, CaaS, Envoy, Identity/NGS). You will build and support secure, resilient connectivity VPC/VPCe, Transit Gateway, Direct Connect, site‑to‑site VPNs (including Sophos XG or similar), routing, DNS, and load balancing while partnering with CloudOps/SRE, Security, Product Support, and customer teams across US/UK/APAC time zones. Success in this role requires strong networking fundamentals , hands‑on AWS networking , crisp incident handling, and a service‑oriented mindset.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Ifs1? Share your experience