Job Description

Responsibilities :

• Own hybrid connectivity: Design, implement, perform capacity-planning and evolve AWS Direct Connect, GCP Dedicated/Partner Interconnect, Cloud Router/BGP, and IPSec/HA VPN for multi region, multi VPC/VPC hub and spoke topologies.
• Proof-Of-Concepts: Carry out proof-of-concepts (PoCs) to validate new greenfield solutions/design options.
• Engineer cloud network platforms: AWS: GCP: Kubernetes (EKS/GKE):
• Integrate with on prem MPLS (L3VPN): route design, import/export policies, VRFs, inter-AS options, and traffic engineering to DCs and sites.
• BGP Routing policy & control: eBGP/iBGP best path, communities, MED, local pref, AS path policy; graceful failover between Interconnect, VPNv4/VPNv6; BFD where applicable.
• Encrypted overlays & tunnels: Architect IPSec (IKEv2), DMVPN/FlexVPN, GRE for intra cloud and hybrid use-cases; handle overlapping IP with NAT strategies.
• Reliability & performance: High-availability designs, multi-region DR, ECMP, QoS and capacity planning; minimise egress costs and hair pinning.
• Troubleshooting authority: Lead deep dive analysis across TCP/IP, DNS, HTTP/TLS, and app flows using flow logs, packet captures (tcpdump/Wireshark), and cloud monitoring tools.
• Security & segmentation: Work with security architecture team to align designs with zero-trust least-privilege principals, security groups/NACLs/firewall policies, centralised inspection via GWLB/GWLBE or PSC, and DNS egress controls.

Additional Responsibilities :

• HashiCorp Vault. OIDC with Keycloak.
• Experience with Catalyst 8000v/IOS-XE, or Cisco Nexus/NX-OS, ACI (or equivalent)
• Observability: CloudWatch/Cloud Logging and Monitoring, VPC Flow Logs analytics, NetFlow/sFlow or similar.
• Scripting/automation: Terraform or any IaC equivalent. Python/Bash, Ansible.
• Exposure to security controls (cloud firewalls, IDS/IPS) and zero-trust network design.
• IPv6 design and migration experience.

Technical and Professional Requirements :

• 5+ years hands on experience designing and operating hybrid cloud environments with on-prem integration in a large-scale enterprise or service provider networks.
• Solid hands-on knowledge of EKS and GKE networking: CNI models, pod/node CIDR and IP address planning, load balancers and Ingress, private/public clusters, control plane access, and troubleshooting cluster connectivity to on prem and across clouds.
• Strong expertise in MPLS L3VPNs, BGP (eBGP/iBGP), route policy, and traffic engineering.
• Deep knowledge of IPSec and DMVPN/FlexVPN, GRE, and site-to-site VPN.

Preferred Skills :
Technology->Container Platform->Kubernetes,Technology->Cloud Security->AWS - Infrastructure Security->AWS Virtual Private Cloud (VPCs),Technology->Cloud Platform->GCP Devops
Educational Requirements :
Bachelor of Engineering,Bachelor Of Technology,Bachelor Of Comp. Applications,Bachelor Of Science,Master Of Engineering,Master Of Technology,Master Of Science,Master Of Comp. Applications
Service Line :
Engineering Services

Skills Required