Senior Cloud Network Engineer

About Business Unit:

At the core of all that Epsilon does is a team that sets the foundation of our IT infrastructure. The team drives innovation and efficiency through pioneering technology across Epsilon's platforms and business verticals. From being the first point of contact for infrastructure needs to final deployment, the team provides end-to-end solutions for our client-facing platforms. ETS supports all aspects of revenue-generating platforms for Epsilon and sets the architectural direction for our enterprise deployments. By adopting the newest technologies, such as Cloud, Automation, and Artificial Intelligence, the team is at the front of redefining our digital business and capturing new opportunities.

How You'll Make an Impact:

As a Senior Cloud Network Engineer, you will own the design, implementation, and operational excellence of Epsilon's cloud-native and hybrid network fabric across AWS, GCP, and Azure. You will translate business and security requirements into scalable, automated network architecturesreplacing legacy datacenter patterns with modern cloud equivalents such as Transit Gateway and VPC Lattice, Private Service Connect, Route 53 Resolver endpoints, cloud WAF/CDN edge controls, and zero-trust connectivity models.

In this role, you partner with Cloud Engineering, Security, Platform, and Application teams to deliver reliable connectivity for multi-account, multi-region workloads. You drive incident resolution for complex hybrid and cloud network issues, establish observability and SLOs for network services, and mentor peers on cloud networking best practices. Your work directly improves uptime, security posture, cost efficiency, and developer velocity across internal and client-facing platforms operating in 24x7x365 environments.

This role is ideal for a senior practitioner who combines deep networking fundamentals with hands-on multi-cloud expertise, infrastructure-as-code field, and a passion for building secure, observable, and automatable network platforms.

Click here to view how Epsilon transforms marketing with 1 View, 1 Vision and 1 Voice.

Responsibilities

• Design, implement, and operate cloud network architectures across AWS, GCP, and Azureincluding hub-and-spoke and mesh connectivity (e.g., AWS Transit Gateway, GCP VPC Network Connectivity Center, Azure Virtual WAN).
• Build and maintain hybrid connectivity using Direct Connect, ExpressRoute, Cloud Interconnect, VPN, and modern overlay patterns; optimize for resilience, latency, and cost.
• Own DNS strategy and operations in the cloud: Route 53 hosted zones and Resolver endpoints/rules, Private DNS, split-horizon resolution, forwarding to on-premises, and GCP Cloud DNS / Private DNS zones integrated with Private Service Connect.
• Implement and tune edge and application-layer security controls including AWS WAF, AWS Shield, CloudFront, GCP Cloud Armor, Azure Front Door / Application Gateway WAF, and integration with security tooling and SIEM.
• Design private service access patterns: AWS VPC Lattice / PrivateLink, GCP Private Service Connect, Azure Private Linkenabling secure east-west and north-south traffic without exposing services to the public internet.
• Define and enforce network segmentation, micro-segmentation, and zero-trust patterns using security groups, NACLs, cloud firewall policies (e.g., AWS Network Firewall, GCP Firewall Policies, Azure Firewall), and identity-aware access where applicable.
• Develop infrastructure-as-code (Terraform, CloudFormation, or equivalent) for repeatable, auditable network provisioning; participate in CI/CD pipelines for network changes.
• Establish monitoring, logging, and tracing for network paths using cloud-native and third-party observability (Flow Logs, VPC Reachability Analyzer, Cloud Monitoring, NetFlow/IPFIX, synthetic probes, and alerting tied to SLOs).
• Lead incident response and root-cause analysis for complex connectivity, DNS, TLS, and performance issues across hybrid and multi-cloud environments; drive problem management and blameless postmortems.
• Partner with Security on DDoS mitigation, TLS/certificate lifecycle, egress filtering, threat detection integration, and compliance requirements (e.g., segmentation, logging retention).
• Maintain network documentation, architecture diagrams, runbooks, and standards; contribute to architecture reviews and well-architected assessments.
• Mentor network and cloud engineers; champion automation, self-service patterns, and operational maturity (ITIL-aligned change, incident, and problem management).
• Evaluate emerging cloud networking capabilities and recommend adoption aligned to business outcomes.
• Participate in on-call rotation and provide after-hours support as required.
• Additional responsibilities as assigned.

Qualifications

Who You Are:

What you'll bring with you:

• 7+ years of experience in network engineering or infrastructure roles, with at least 3+ years focused on cloud networking in production environments.
• Expert-level understanding of TCP/IP, routing, switching concepts, BGP, VPN, DNS, TLS, and load balancingapplied in cloud and hybrid contexts.
• Hands-on experience designing and operating AWS networking (VPC, Transit Gateway, Direct Connect, Route 53 / Resolver, PrivateLink, VPC Lattice, Network Firewall, WAF, CloudFront) and comparable services in GCP and/or Azure.
• Practical experience with GCP Private Service Connect, Cloud DNS, Cloud Armor, and VPC peering/shared VPCor Azure Virtual WAN, Private Link, and Application Gateway WAF.
• Strong proficiency with infrastructure-as-code (Terraform preferred) and version-controlled network change workflows.
• Experience with network observability, flow analysis, capacity planning, and defining operational metrics for highly available services.
• Ability to troubleshoot complex issues across layers (DNS, TLS, routing, NAT, firewall policy, application) and communicate clearly to technical and non-technical partners.
• Demonstrated success working in regulated or security-sensitive environments with change management, least-privilege access, and audit-ready documentation.
• Self-directed with strong prioritization skills in high-volume, 24x7 operational contexts.
• Willingness to participate in after-hours on-call rotation.

Why you might stand out from other talent:

• Multi-cloud certifications (e.g., AWS Advanced Networking, GCP Professional Cloud Network Engineer, Azure Network Engineer Associate) or equivalent demonstrated expertise.
• Experience operating large-scale multi-account landing zones (AWS Organizations, GCP folders/projects, Azure Management Groups) with centralized egress and shared services.
• Background implementing zero-trust network access (ZTA), SASE, or identity-aware proxy patterns alongside traditional network controls.
• Scripting and automation skills (Python, Bash, or Go) for network operations, validation, and drift detection.
• Experience with service mesh, container networking (EKS/GKE/AKS CNI), or platform networking for Kubernetes workloads.
• Familiarity with FinOps practices for network cost optimization (NAT gateway, data transfer, egress, and interconnect planning).
• Prior NOC or SRE-adjacent experience with strong incident command and operational rigor.
• Contributions to internal standards, training, or cross-team platform initiatives that improved reliability or developer experience.