AWS Cloud Network Architect
Posted Today by 1768273587
Negotiable
Undetermined
Undetermined
London
Summary: The AWS Cloud Network Architect role involves designing and implementing complex network architectures on AWS, focusing on security, compliance, and automation. The position requires extensive experience in cloud networking, including hybrid connectivity solutions and infrastructure as code. The architect will collaborate with various teams to ensure effective integration of cloud-native solutions and provide oversight for network governance. This role demands a strong understanding of AWS networking services and best practices in cloud architecture.
Key Responsibilities:
- Design and implement VPC architectures, multi VPC topologies, and network segmentation strategies.
- Architect hybrid connectivity solutions using Direct Connect, Site to Site VPN, SD WAN, and BGP routing.
- Develop and maintain multi account network patterns aligned with AWS Control Tower and Landing Zone frameworks.
- Build secure ingress/egress architectures using NAT gateways, Firewalls, and inspection VPCs.
- Design high availability, multi AZ, and multi region network architectures.
- Produce a detailed Low-Level Design (LLD) document including network designs.
- Design AWS networking components (VPCs, subnets, TGW attachments, etc.).
- Define secure network connectivity patterns for all integrations.
- Implement and manage network security controls (Security Groups, NACLs, AWS WAF, Network Firewall).
- Ensure compliance with enterprise security frameworks (CIS, ISO, SOC, PCI).
- Integrate network monitoring and threat detection services (VPC Flow Logs, CloudWatch, GuardDuty, Security Hub).
- Define and enforce network governance, segmentation, and least privilege access models.
- Architect routing domains using Transit Gateway, route tables, and advanced routing strategies.
- Integrate AWS networking with On-premises data centers and third-party SaaS providers.
- Implement Private Link, VPC endpoints, and service to service connectivity patterns.
- Build and manage network infrastructure using Terraform, CloudFormation, or CDK.
- Automate provisioning, configuration, and compliance checks for network components.
- Develop CI/CD pipelines for network deployments and drift detection.
- Lead troubleshooting and root cause analysis for complex AWS and hybrid network issues.
- Optimize network performance, reliability, and cost efficiency.
- Provide escalation support for critical network incidents and outages.
- Conduct workshops to define the AWS account and VPC strategy to integrate SPOG infrastructure.
- Define the strategy for environment separation for the new platforms.
- Partner with engineering, security, and platform teams to deliver cloud native solutions.
- Participate in architecture reviews, design sessions, and cloud governance boards.
- Mentor engineers on AWS networking best practices and cloud architecture principles.
Key Skills:
- 12+ years of relevant experience in network engineering, with strong cloud networking expertise.
- Deep knowledge of AWS networking services: VPC, TGW, DX, Route 53, ALB/NLB, Global Accelerator, Private Link.
- Strong understanding of routing protocols (BGP, OSPF), DNS, load balancing, and network security.
- Hands-on experience with Terraform and Infrastructure as Code workflows.
- Experience with multi account AWS environments, Control Tower, and enterprise governance.
Salary (Rate): undetermined
City: London
Country: UK
Working Arrangements: undetermined
IR35 Status: undetermined
Seniority Level: undetermined
Industry: IT
Detailed Description From Employer:
AWS Cloud Network Architect
JD for AWS Cloud Network Architect
Key Responsibilities:
Architecture & Design
- Design and implement VPC architectures, multi VPC topologies, and network segmentation strategies.
- Architect hybrid connectivity solutions using Direct Connect, Site to Site VPN, SD WAN, and BGP routing.
- Develop and maintain multi account network patterns aligned with AWS Control Tower and Landing Zone frameworks.
- Build secure ingress/egress architectures using NAT gateways, Firewalls, and inspection VPCs.
- Design high availability, multi AZ, and multi region network architectures.
- Produce a detailed Low-Level Design (LLD) document including network designs.
- Design AWS networking components (VPCs, subnets, TGW attachments, etc.).
- Define secure network connectivity patterns for all integrations. [This is our current understanding of the required integrations but it's subject to change as part of the Design phase.)
- CNI Geo SCADA Solace EKS (AWS side of the connection)
- Technolog GasCore Solace EKS
- Solace EKS AVEVA PI
- CNI Geo SCADA AVEVA PI (for data historian purposes - TBC in Design, again AWS side of the connection)
- Technolog GasCore AVEVA PI (for data historian purposes - TBC in Design)
- Solace EKS SAP BTP/Advanced Event Mesh
- Solace EKS SAP Datasphere
- Solace EKS Databricks
- Solace EKS Enterprise Globalscape
- Solace EKS SAP PO
- Solace EKS Solace SaaS cloud for Images and Mission Control
- AVEVA PI S3 Databricks
- Design the AWS infrastructure for the Solace EKS cluster.
- Design the AWS infrastructure for the AVEVA PI multi-tier environment (web, app and data).
- Provide design oversight and governance for the build.
Security & Compliance
- Implement and manage network security controls (Security Groups, NACLs, AWS WAF, Network Firewall).
- Ensure compliance with enterprise security frameworks (CIS, ISO, SOC, PCI).
- Integrate network monitoring and threat detection services (VPC Flow Logs, CloudWatch, GuardDuty, Security Hub).
- Define and enforce network governance, segmentation, and least privilege access models.
Connectivity & Routing
- Architect routing domains using Transit Gateway, route tables, and advanced routing strategies.
- Integrate AWS networking with On-premises data centers and third-party SaaS providers.
- Implement Private Link, VPC endpoints, and service to service connectivity patterns.
Automation & Infrastructure as Code
- Build and manage network infrastructure using Terraform, CloudFormation, or CDK.
- Automate provisioning, configuration, and compliance checks for network components.
- Develop CI/CD pipelines for network deployments and drift detection.
Operations & Troubleshooting
- Lead troubleshooting and root cause analysis for complex AWS and hybrid network issues.
- Optimize network performance, reliability, and cost efficiency.
- Provide escalation support for critical network incidents and outages.
Collaboration & Leadership
- Conduct workshops to define the AWS account and VPC strategy to integrate SPOG infrastructure ie, Solace EKS and AVEVA PI into the existing Enterprise AWS Cloud.
- Define the strategy for environment separation ie, non-production vs production for the new platforms.
- Partner with engineering, security, and platform teams to deliver cloud native solutions.
- Participate in architecture reviews, design sessions, and cloud governance boards.
- Mentor engineers on AWS networking best practices and cloud architecture principles.
Required Skills & Experience
- 12+ years of relevant experience in network engineering, with strong cloud networking expertise.
- Deep knowledge of AWS networking services: VPC, TGW, DX, Route 53, ALB/NLB, Global Accelerator, Private Link.
- Strong understanding of routing protocols (BGP, OSPF), DNS, load balancing, and network security.
- Hands-on experience with Terraform and Infrastructure as Code workflows.
- Experience with multi account AWS environments, Control Tower, and enterprise governance.
Preferred certifications:
- AWS Certified Advanced Networking - Specialty
- AWS Solutions Architect - Professional