HiringCafe
Posted 3mo ago

Cloud Network Engineer

@ agilon health
View All Jobs
Westerville or Columbus
$100k-$123k/yrRemoteFull Time
Responsibilities:Design, Operate, Automate
Requirements Summary:7-10 yrs network engineer; cloud networking in AWS/Azure; enterprise networking fundamentals; IaC (Terraform); security controls; multi-account patterns; strong documentation and communication; bachelor's degree.
Technical Tools Mentioned:Terraform, AWS, Azure, VPC/VNet, Network Watcher, Flow Logs, Cloud Networking, IaC, VPN, Firewalling, DNS/IPAM, BGP, OSPF, NAT, NAT/PAT
Save
Mark Applied
Hide Job
Report & Hide
Job Description

Company:

AHI agilon health, inc.

Job Posting Location:

Remote - USA

Job Title:

Cloud Network Engineer

Job Description:

Position Summary:

Own the design, reliability, and automation of enterprise network connectivity across on-prem and cloud. This role delivers secure, scalable network services (routing, segmentation, firewalling, VPN, DNS/IPAM, monitoring) with a platform mindset, enabling application teams and operations to move faster with guardrails. Success requires strong hands-on troubleshooting fundamentals plus the ability to implement repeatable patterns in AWS and Azure (hybrid connectivity, multi-account/subscription architectures, centralized inspection/egress, and network observability). Provide resilient, secure, and automated connectivity as a service—reducing operational friction, improving time-to-delivery, and increasing network reliability through standard architectures and automation. Function as an engineer with a platform-oriented approach by standardizing best practices, minimizing manual effort through automation, and enhancing system reliability using telemetry data and insights from incident analysis.

Job Responsibilities:

Network Architecture & Engineering

  • Design and operate enterprise LAN/WAN connectivity, including routing (BGP/OSPF), subnetting, segmentation, NAT, and high availability patterns.

  • Build and maintain secure connectivity services: site-to-site VPN, remote access integration patterns, and encrypted transport where required.

  • Partner with stakeholders to translate requirements into network designs that meet performance, resiliency, and security objectives.

Cloud Connectivity (AWS + Azure)

  • Design and support cloud networking primitives and patterns in AWS and Azure (VPC/VNet, routing, segmentation, private connectivity, load-balancing integration, DNS considerations).

  • Engineer secure hybrid connectivity between on-prem and cloud, including routing, failover strategy, and operational runbooks.

  • Implement and operate multi-account/multi-subscription connectivity architectures (hub/spoke, shared services, centralized routing domains, and guardrails).

Security Controls, Segmentation, and Inspection

  • Implement and manage network security controls in partnership with Security Engineering (firewall policy lifecycle, segmentation zones, secure egress).

  • Deliver centralized inspection/egress patterns and ensure traffic flows are logged and traceable (flow logs, firewall logs) per requirements

  • Ensures network designs and telemetry align to healthcare privacy/security expectations, including segmentation, encryption in transit where required, and audit-friendly logging for incident response.

Automation & Change Enablement

  • Automate repeatable network deployments and changes using infrastructure-as-code and version-controlled workflows (peer review, drift management).

  • Improve change reliability via validation (pre-checks/post-checks) and documentation-as-code where practical.

Reliability & Operations

  • Maintain operational excellence through proactive monitoring, capacity awareness, and structured incident response participation.

  • Lead troubleshooting using packet-level analysis and systematic fault isolation across cloud and on-prem dependencies.

  • Continuously improve runbooks, diagrams, and reference architectures to reduce MTTR.

  • Collaborate with global colleagues.

Vendor Governance

  • Manage provider performance and cloud connectivity; support optimization initiatives and contract deliverables as applicable.

Experience

Minimum Qualifications

  • 7-10 years of hands-on experience as a Network Engineer (or similar) in a complex, multi-protocol environment.

  • Hands-on cloud networking experience in AWS and/or Azure (VPC/VNet design, routing, segmentation, hybrid connectivity).

  • Strong fundamentals in enterprise networking: TCP/IP, routing (BGP/OSPF), VLANs, subnetting, NAT/PAT, VPN, and packet-level troubleshooting.

  • Infrastructure-as-code exposure for networking (e.g., Terraform or equivalent) plus peer-reviewed change workflows.

  • Demonstrated ability to operate network monitoring and analysis tooling; strong competence diagnosing latency/loss/route issues end-to-end.

  • Experience operating perimeter and internal security controls (firewalls, segmentation principles, authentication/authorization integrations).

  • Ability to produce and maintain clear network documentation (diagrams, standards, runbooks) and communicate effectively across technical and non-technical audiences.

  • Bachelor’s Degree in an IT/engineering discipline or equivalent practical experience.

  • Experience implementing centralized inspection/egress patterns and flow visibility (e.g., VPC Flow Logs, Network Watcher, firewall logging).

  • Experience with multi-account/multi-subscription networking patterns (shared services hub, standardized guardrails, centralized routing/inspection).

Regulatory / Domain Context (Preferred)

  • Familiarity with healthcare regulatory expectations and privacy/security best practices (e.g., HIPAA considerations) as they apply to network security and logging.

Certifications Preferred

  • AWS Advanced Networking - Specialty and/or AWS Security - Specialty.

  • Azure AZ-700 and/or AZ-500.

  • CCNA/CCNP (or equivalent).

  • Palo Alto certification (e.g., PCNSE) preferred; Palo Alto platform experience a plus.

Technology Areas

  • WAN/LAN: MPLS, Metro Ethernet, SD-WAN, Wireless.

  • Access/Security: NAC, RADIUS/LDAP/TACACS, segmentation, MFA integration patterns.

  • VPN & Secure Edge: site-to-site and remote connectivity patterns; secure edge / zero-trust access patterns.

  • Cloud Networking: AWS/Azure network constructs (e.g., VPC/VNet), hybrid connectivity (e.g., Direct Connect/ExpressRoute), routing, DNS, load balancing, cloud-native firewalling/inspection patterns.

  • Infrastructure as Code (IaC) & Automation: Terraform (preferred), CI/CD for network changes, config automation and policy-as-code patterns.

Skills and Abilities:

Language Skills: Strong communication skills both written and verbal to work with multiple internal and external clients in a fast-paced environment

Mathematical Skills:  Ability to work with mathematical concepts such as probability and statistical inference. Ability to apply concepts such as fractions, percentages, ratios, and proportions to practical situations.

Reasoning Ability:  Ability to apply principles of logical or scientific thinking to a wide range of intellectual and practical problems.

Computer Skills:  Ability to create and maintain documents using Microsoft Office (Word, Excel, Outlook, PowerPoint)

Other Skills and Abilities:

  • Ability to create and maintain network documentation including standards, diagrams, implementation guides, and operational runbooks. Includes maintaining reference architectures, operational SLOs/runbooks, and automation artifacts where appropriate.

Travel:

  • Ability to travel up to 20% of the time to assist with network components and projects in offices nationwide.

Location:

Columbus, OH

Pay Range:

$100,000.00 - $122,600.00

Salary range shown is a guideline. Individual compensation packages can vary based on factors unique to each candidate, such as skill set, experience, and qualifications.