Cloud Engineer / Senior Cloud Engineer – Networking: AWS (IGT1)

The Cloud Engineer – Networking focuses on the design, operation, and troubleshooting of network services that underpin Rhapsody’s AWS‑hosted platforms (RaaS, CaaS, Envoy, Identity/NGS). You will build and support secure, resilient connectivity VPC/VPCe, Transit Gateway, Direct Connect, site‑to‑site VPNs (including Sophos XG or similar), routing, DNS, and load balancing while partnering with CloudOps/SRE, Security, Product Support, and customer teams across US/UK/APAC time zones. Success in this role requires strong networking fundamentals, hands‑on AWS networking, crisp incident handling, and a service‑oriented mindset.

Key Responsibilities

• Design, configure, and operate AWS networking: VPC/VPCe, Subnets, Route Tables, NACLs, Security Groups, Transit Gateway, PrivateLink, NAT, IGW, Route 53, and hybrid connectivity patterns.
• Build and maintain site‑to‑site VPNs (IPsec) and Direct Connect (with BGP), including failover and HA designs; administer Sophos XG (or equivalent) virtual firewalls.
• Manage Layer‑4/7 traffic using ALB/NLB, AWS WAF, TLS termination, and client/server certificate workflows (PKI).

• Lead deep‑dive troubleshooting for network connectivity (AWS ↔ customer DC/cloud), packet flow, NAT, routing asymmetry, MTU/fragmentation, TCP/TLS, DNS, and identity‑adjacent issues.
• Instrument and monitor network health (CloudWatch, VPC Flow Logs, Datadog, firewall logs); respond to alerts, drive rapid mitigation, and provide clear RCA inputs.

• Execute network changes and environment builds using Terraform and AWS CLI following change controls and maintenance windows.
• Develop scripts (Bash/Python/PowerShell) for validation checks, log parsing, and configuration hygiene; reduce toil via automation and golden patterns.

• Enforce least‑privilege network access, segmentation standards, and encryption in transit; collaborate with Security on detections and guardrails.
• Maintain auditable documentation (diagrams, SOPs/runbooks, firewall rulesets, cert inventories) and support patching/compliance activities.

• Work directly with customer IT/network teams to set up connectivity (VPN/DCX), perform cutovers, and resolve issues; explain decisions and trade‑offs clearly.
• Partner with SRE/Engineering to improve observability, resiliency, and performance; assist Support with network‑centric cases.

• Participate in the global on‑call rotation for P1/P2 incidents; own clean shift handoffs and accurate ticket hygiene.
• Contribute to post‑incident reviews, knowledge base articles, and continuous improvement initiatives.

Required Qualifications

• 2-3 years for the Cloud Engineer - Networking or 3-5 years for the Senior Cloud Engineer in Cloud/Network Engineering, Network Operations, or SRE with strong networking focus.
• Hands‑on AWS networking experience (VPC/TGW/Route 53/ALB‑NLB/PrivateLink/VPN/Direct Connect/BGP).
• Strong network fundamentals: TCP/IP, routing (static/BGP), NAT, ACLs, firewalls, DNS, TLS/PKI, IPsec; packet capture/flow analysis (e.g., tcpdump, Wireshark).
• Proficiency with Bash, Python, Terraform and AWS CLI; Git‑based workflows and change control discipline.
• Linux administration fundamentals; comfort reading system/app logs.
• Experience in follow‑the‑sun/24×7 environments with on‑call participation.
• Excellent written and verbal communication for global and customer‑facing work.

 

Preferred Qualifications

• Certifications (one or more): AWS Advanced Networking – Specialty, AWS Solutions Architect – Associate/Professional, CCNA/CCNP, Network+, or Fortinet/Sophos equivalents.
• Experience with Sophos XG (or similar virtual firewall), IPsec/IKEv2 tuning, and HA patterns.
• Exposure to observability/SIEM/EDR (Datadog, Rapid7, SentinelOne) and security best practices.
• Familiarity with healthcare integration engines (Rhapsody/Corepoint) or other enterprise SaaS workloads.
• Scripting beyond basics (Python/Bash) and CI/CD familiarity.

Shift & On‑Call Expectations

• Assigned shift coverage aligned with global operations; occasional shift adjustments for maintenance or projects.
• Participation in rotational on‑call for P1/P2 events per local policy
• Precise handoffs and status updates at shift boundaries.

Education

• College degree in Computer Science, Information Technology, or a closely related field preferred
• Demonstrated, relevant experience may be substituted for a degree
• AWS certification preferred (e.g., AWS Solutions Architect, AWS Advanced Networking – Specialty)

We champion flexibility and hybrid work options to support varying lifestyles and personal needs. At the same time, we value the power of in-person collaboration to build community, spark innovation, and strengthen connections. Our approach ensures you can work in ways that suit you best while still engaging with colleagues to share ideas and grow together. #LI-Hybrid #LI-DNP