Cloud Network Engineer

Cloud Network Engineer

Locations: Cambridge, Macclesfield, Luton (UK) | Chennai (India)

Hybrid/Onsite as required

The Role

We are seeking an experienced Cloud Network Engineer to design, build, and automate large-scale cloud networking solutions across complex enterprise environments. This role plays a critical part in delivering secure, cloud-native network architectures and driving automation-first ways of working across multi-account and hybrid landscapes.

You'll work closely with architecture, security, and operations teams to deliver scalable, resilient, and well-governed cloud network platforms that enable the wider business to move faster and more securely.

What You'll Be Doing

Cloud Network Architecture & Design

• Produce high- and low-level designs for cloud networking and security services across AWS (primary), with exposure to Azure and GCP
• Design multi-account landing zones, VPC architectures, segmentation models, routing strategies, and security controls
• Contribute to architectural governance and design assurance forums

Hybrid & Enterprise Integration

• Design and integrate hybrid connectivity between cloud, on-premises, end-user, and customer-facing environments
• Deliver solutions including AWS Direct Connect, IPSec VPN, hybrid DNS, and resilient routing patterns

Automation & DevOps

• Build and operate network automation using Infrastructure as Code, APIs, and CI/CD pipelines
• Use Git-based workflows as the system of record for network change
• Implement policy-as-code, automated testing, security scanning, and compliance gates
• Integrate automation into operational processes such as change management and CMDB updates

Security & Zero Trust

• Design and implement cloud-first Zero Trust and segmentation strategies
• Deliver cloud-native Firewalling, inspection, and secure egress solutions
• Work with identity-aware access controls and posture-based policies

Operationalisation & Enablement

• Transition new automation and platforms into production with operational teams
• Embed observability, logging, and compliance-by-design
• Promote best practices and automation capabilities across global network teams

Onsite & Field Work (when required)

• Plan and execute onsite network installations, cutovers, and upgrades
• Support racking, cabling, device staging, testing, and change execution
• Participate in maintenance windows and stakeholder communications

Essential Skills & Experience

• Strong background in enterprise and cloud networking, with AWS as a primary platform
• Deep experience with network automation, IaC, Scripting, APIs, and templating
• Production experience with GitHub (or equivalent) including:
• Branching strategies and code reviews
• CI/CD pipelines for network and IaC changes
• Secure secrets and identity management (OIDC, short-lived credentials)
• Policy-as-code and automated compliance
• Experience delivering cloud-centric network designs in large environments
• Solid understanding of routing, switching, TCP/IP, and network security fundamentals
• Confident communicator able to explain complex designs to technical and non-technical audiences

Desirable Experience

• Multi-account VPC design, Transit Gateway, PrivateLink, and advanced routing strategies
• Hybrid networking with Direct Connect (LAG, VIFs) and BGP-based VPNs
• Centralised egress and inspection patterns (NAT, secure service edge, traffic steering)
• Zscaler ZIA/ZPA architecture and operations
• Cloud-native load balancing (ALB/NLB, Gateway Load Balancer)
• Observability and compliance tooling (flow logs, traffic mirroring, SIEM integration)
• Exposure to Azure and GCP cloud networking patterns

Certifications

• AWS Advanced Networking - Specialty
• AWS Solutions Architect - Professional
• AWS Security or DevOps certifications
• Cloud or network security certifications (eg CISSP, Zscaler, GIAC)

Travel & Onsite Requirements

• Ability to travel domestically and internationally (up to ~25%, project-dependent)
• Willingness to work onsite for installations, cutovers, and troubleshooting
• Comfortable with hands-on physical network tasks when required