Cloud Engineer – Networking: AWS (IGT1)

The Cloud Engineer – Networking focuses on the design, operation, and troubleshooting of network services that underpin Rhapsody’s AWS‑hosted platforms (RaaS, CaaS, Envoy, Identity/NGS). You will build and support secure, resilient connectivity VPC/VPCe, Transit Gateway, Direct Connect, site‑to‑site VPNs (including Sophos XG or similar), routing, DNS, and load balancing while partnering with CloudOps/SRE, Security, Product Support, and customer teams across US/UK/APAC time zones. Success in this role requires strong networking fundamentals, hands‑on AWS networking, crisp incident handling, and a service‑oriented mindset.

Key Responsibilities

• Design, configure, and operate AWS networking: VPC/VPCe, Subnets, Route Tables, NACLs, Security Groups, Transit Gateway, PrivateLink, NAT, IGW, Route 53, and hybrid connectivity patterns.
• Build and maintain site‑to‑site VPNs (IPsec) and Direct Connect (with BGP), including failover and HA designs; administer Sophos XG (or equivalent) virtual firewalls.
• Manage Layer‑4/7 traffic using ALB/NLB, AWS WAF, TLS termination, and client/server certificate workflows (PKI).

• Lead deep‑dive troubleshooting for network connectivity (AWS ↔ customer DC/cloud), packet flow, NAT, routing asymmetry, MTU/fragmentation, TCP/TLS, DNS, and identity‑adjacent issues.
• Instrument and monitor network health (CloudWatch, VPC Flow Logs, Datadog, firewall logs); respond to alerts, drive rapid mitigation, and provide clear RCA inputs.

• Execute network changes and environment builds using Terraform and AWS CLI following change controls and maintenance windows.
• Develop scripts (Bash/Python/PowerShell) for validation checks, log parsing, and configuration hygiene; reduce toil via automation and golden patterns.

• Enforce least‑privilege network access, segmentation standards, and encryption in transit; collaborate with Security on detections and guardrails.
• Maintain auditable documentation (diagrams, SOPs/runbooks, firewall rulesets, cert inventories) and support patching/compliance activities.

• Work directly with customer IT/network teams to set up connectivity (VPN/DCX), perform cutovers, and resolve issues; explain decisions and trade‑offs clearly.
• Partner with SRE/Engineering to improve observability, resiliency, and performance; assist Support with network‑centric cases.

• Participate in the global on‑call rotation for P1/P2 incidents; own clean shift handoffs and accurate ticket hygiene.
• Contribute to post‑incident reviews, knowledge base articles, and continuous improvement initiatives.