Company:
AHI agilon health, inc.
Job Posting Location:
Remote - USA
Job Title:
Cloud Network Engineer
Job Description:
Position Summary:
Own the design, reliability, and automation of enterprise network connectivity across on-prem and cloud. This role delivers secure, scalable network services (routing, segmentation, firewalling, VPN, DNS/IPAM, monitoring) with a platform mindset, enabling application teams and operations to move faster with guardrails. Success requires strong hands-on troubleshooting fundamentals plus the ability to implement repeatable patterns in AWS and Azure (hybrid connectivity, multi-account/subscription architectures, centralized inspection/egress, and network observability).
Provide resilient, secure, and automated connectivity as a service—reducing operational friction, improving time-to-delivery, and increasing network reliability through standard architectures and automation. Function as an engineer with a platform-oriented approach by standardizing best practices, minimizing manual effort through automation, and enhancing system reliability using telemetry data and insights from incident analysis.
Job Responsibilities:
Network Architecture & Engineering
- Design and operate enterprise LAN/WAN connectivity, including routing (BGP/OSPF), subnetting, segmentation, NAT, and high availability patterns.
- Build and maintain secure connectivity services: site-to-site VPN, remote access integration patterns, and encrypted transport where required.
- Partner with stakeholders to translate requirements into network designs that meet performance, resiliency, and security objectives.
Cloud Connectivity (AWS + Azure)
- Design and support cloud networking primitives and patterns in AWS and Azure (VPC/VNet, routing, segmentation, private connectivity, load-balancing integration, DNS considerations).
- Engineer secure hybrid connectivity between on-prem and cloud, including routing, failover strategy, and operational runbooks.
- Implement and operate multi-account/multi-subscription connectivity architectures (hub/spoke, shared services, centralized routing domains, and guardrails).
Security Controls, Segmentation, and Inspection
- Implement and manage network security controls in partnership with Security Engineering (firewall policy lifecycle, segmentation zones, secure egress).
- Deliver centralized inspection/egress patterns and ensure traffic flows are logged and traceable (flow logs, firewall logs) per requirements
- Ensures network designs and telemetry align to healthcare privacy/security expectations, including segmentation, encryption in transit where required, and audit-friendly logging for incident response.
Automation & Change Enablement
- Automate repeatable network deployments and changes using infrastructure-as-code and version-controlled workflows (peer review, drift management).
- Improve change reliability via validation (pre-checks/post-checks) and documentation-as-code where practical.
Reliability & Operations
- Maintain operational excellence through proactive monitoring, capacity awareness, and structured incident response participation.
- Lead troubleshooting using packet-level analysis and systematic fault isolation across cloud and on-prem dependencies.
- Continuously improve runbooks, diagrams, and reference architectures to reduce MTTR.
- Collaborate with global colleagues.
Vendor Governance
- Manage provider performance and cloud connectivity; support optimization initiatives and contract deliverables as applicable.
Experience
Minimum Qualifications
- 7-10 years of hands-on experience as a Network Engineer (or similar) in a complex, multi-protocol environment.
- Hands-on cloud networking experience in AWS and/or Azure (VPC/VNet design, routing, segmentation, hybrid connectivity).
- Strong fundamentals in enterprise networking: TCP/IP, routing (BGP/OSPF), VLANs, subnetting, NAT/PAT, VPN, and packet-level troubleshooting.
- Infrastructure-as-code exposure for networking (e.g., Terraform or equivalent) plus peer-reviewed change workflows.
- Demonstrated ability to operate network monitoring and analysis tooling; strong competence diagnosing latency/loss/route issues end-to-end.
- Experience operating perimeter and internal security controls (firewalls, segmentation principles, authentication/authorization integrations).
- Ability to produce and maintain clear network documentation (diagrams, standards, runbooks) and communicate effectively across technical and non-technical audiences.
- Bachelor’s Degree in an IT/engineering discipline or equivalent practical experience.
- Experience implementing centralized inspection/egress patterns and flow visibility (e.g., VPC Flow Logs, Network Watcher, firewall logging).
- Experience with multi-account/multi-subscription networking patterns (shared services hub, standardized guardrails, centralized routing/inspection).
Regulatory / Domain Context (Preferred)
- Familiarity with healthcare regulatory expectations and privacy/security best practices (e.g., HIPAA considerations) as they apply to network security and logging.
Certifications Preferred
- AWS Advanced Networking - Specialty and/or AWS Security - Specialty.
- Azure AZ-700 and/or AZ-500.
- CCNA/CCNP (or equivalent).
- Palo Alto certification (e.g., PCNSE) preferred; Palo Alto platform experience a plus.
Technology Areas
- WAN/LAN: MPLS, Metro Ethernet, SD-WAN, Wireless.
- Access/Security: NAC, RADIUS/LDAP/TACACS, segmentation, MFA integration patterns.
- VPN & Secure Edge: site-to-site and remote connectivity patterns; secure edge / zero-trust access patterns.
- Cloud Networking: AWS/Azure network constructs (e.g., VPC/VNet), hybrid connectivity (e.g., Direct Connect/ExpressRoute), routing, DNS, load balancing, cloud-native firewalling/inspection patterns.
- Infrastructure as Code (IaC) & Automation: Terraform (preferred), CI/CD for network changes, config automation and policy-as-code patterns.
Skills and Abilities:
Language Skills: Strong communication skills both written and verbal to work with multiple internal and external clients in a fast-paced environmentMathematical Skills: Ability to work with mathematical concepts such as probability and statistical inference. Ability to apply concepts such as fractions, percentages, ratios, and proportions to practical situations.Reasoning Ability: Ability to apply principles of logical or scientific thinking to a wide range of intellectual and practical problems.Computer Skills: Ability to create and maintain documents using Microsoft Office (Word, Excel, Outlook, PowerPoint)Other Skills and Abilities:
- Ability to create and maintain network documentation including standards, diagrams, implementation guides, and operational runbooks. Includes maintaining reference architectures, operational SLOs/runbooks, and automation artifacts where appropriate.
Travel:
- Ability to travel up to 20% of the time to assist with network components and projects in offices nationwide.
Location:
Columbus, OH
Pay Range:
$100,000.00 - $122,600.00
Salary range shown is a guideline. Individual compensation packages can vary based on factors unique to each candidate, such as skill set, experience, and qualifications.
