Cloud Engineer / Senior Cloud Engineer – Networking: AWS (IGT1)

Job Description

The Cloud Engineer – Networking focuses on the design, operation, and troubleshooting of network services that underpin Rhapsody’s AWS‑hosted platforms (RaaS, CaaS, Envoy, Identity/NGS). You will build and support secure, resilient connectivity VPC/VPCe, Transit Gateway, Direct Connect, site‑to‑site VPNs (including Sophos XG or similar), routing, DNS, and load balancing while partnering with CloudOps/SRE, Security, Product Support, and customer teams across US/UK/APAC time zones. Success in this role requires strong networking fundamentals, hands‑on AWS networking, crisp incident handling, and a service‑oriented mindset.

Key Responsibilities

• Design, configure, and operate AWS networking: VPC/VPCe, Subnets, Route Tables, NACLs, Security Groups, Transit Gateway, PrivateLink, NAT, IGW, Route 53, and hybrid connectivity patterns.
• Build and maintain site‑to‑site VPNs (IPsec) and Direct Connect (with BGP), including failover and HA designs; administer Sophos XG (or equivalent) virtual firewalls.
• Manage Layer‑4/7 traffic using ALB/NLB, AWS WAF, TLS termination, and client/server certificate workflows (PKI).

• Lead deep‑dive troubleshooting for network connectivity (AWS ↔ customer DC/cloud), packet flow, NAT, routing asymmetry, MTU/fragmentation, TCP/TLS, DNS, and identity‑adjacent issues.
• Instrument and monitor network health (CloudWatch, VPC Flow Logs, Datadog, firewall logs); respond to alerts, drive rapid mitigation, and provide clear RCA inputs.

• Execute network changes and environment builds using Terraform and AWS CLI following change controls and maintenance windows.
• Develop scripts (Bash/Python/PowerShell) for validation checks, log parsing, and configuration hygiene; reduce toil via automation and golden patterns.

• Enforce least‑privilege network access, segmentation standards, and encryption in transit; collaborate with Security on detections and guardrails.
• Maintain auditable documentation (diagrams, SOPs/runbooks, firewall rulesets, cert inventories) and support patching/compliance activities.

• Work directly with customer IT/network teams to set up connectivity (VPN/DCX), perform cutovers, and resolve issues; explain decisions and trade‑offs clearly.
• Partner with SRE/Engineering to improve observability, resiliency, and performance; assist Support with network‑centric cases.

• Participate in the global on‑call rotation for P1/P2 incidents; own clean shift handoffs and accurate ticket hygiene.
• Contribute to post‑incident reviews, knowledge base articles, and continuous improvement initiatives.

Qualifications

Required Qualifications

• 2-3 years for Cloud Engineer or 3-5 years for the Senior Cloud Engineer in Cloud/Network Engineering, Network Operations, or SRE with strong networking focus.
• Hands‑on AWS networking experience (VPC/TGW/Route 53/ALB‑NLB/PrivateLink/VPN/Direct Connect/BGP).
• Strong network fundamentals: TCP/IP, routing (static/BGP), NAT, ACLs, firewalls, DNS, TLS/PKI, IPsec; packet capture/flow analysis (e.g., tcpdump, Wireshark).
• Proficiency with Bash, Python, Terraform and AWS CLI; Git‑based workflows and change control discipline.
• Linux administration fundamentals; comfort reading system/app logs.
• Experience in follow‑the‑sun/24×7 environments with on‑call participation.
• Excellent written and verbal communication for global and customer‑facing work.

 

Preferred Qualifications

• Certifications (one or more): AWS Advanced Networking – Specialty, AWS Solutions Architect – Associate/Professional, CCNA/CCNP, Network+, or Fortinet/Sophos equivalents.
• Experience with Sophos XG (or similar virtual firewall), IPsec/IKEv2 tuning, and HA patterns.
• Exposure to observability/SIEM/EDR (Datadog, Rapid7, SentinelOne) and security best practices.
• Familiarity with healthcare integration engines (Rhapsody/Corepoint) or other enterprise SaaS workloads.
• Scripting beyond basics (Python/Bash) and CI/CD familiarity.

Shift & On‑Call Expectations

• Assigned shift coverage aligned with global operations; occasional shift adjustments for maintenance or projects.
• Participation in rotational on‑call for P1/P2 events per local policy
• Precise handoffs and status updates at shift boundaries.

Education

• College degree in Computer Science, Information Technology, or a closely related field preferred
• Demonstrated, relevant experience may be substituted for a degree
• AWS certification preferred (e.g., AWS Solutions Architect, AWS Advanced Networking – Specialty)

Additional Information