Summary: The AWS Cloud Network Architect is responsible for designing and implementing complex network architectures on AWS, focusing on security, compliance, and connectivity. This role involves developing multi-account network patterns, managing network security controls, and automating infrastructure using Infrastructure as Code. The architect will also lead troubleshooting efforts and collaborate with various teams to ensure effective cloud-native solutions. Strong expertise in AWS networking services and extensive experience in network engineering are essential for success in this position.
Key Responsibilities:
- Design and implement VPC architectures, multi VPC topologies, and network segmentation strategies.
- Architect hybrid connectivity solutions using Direct Connect, Site to Site VPN, SD WAN, and BGP routing.
- Develop and maintain multi account network patterns aligned with AWS Control Tower and Landing Zone frameworks.
- Build secure ingress/egress architectures using NAT gateways, Firewalls, and inspection VPCs.
- Design high availability, multi AZ, and multi region network architectures.
- Produce a detailed Low-Level Design (LLD) document including network designs.
- Design AWS networking components (VPCs, subnets, TGW attachments, etc.).
- Define secure network connectivity patterns for all integrations.
- Implement and manage network security controls (Security Groups, NACLs, AWS WAF, Network Firewall).
- Ensure compliance with enterprise security frameworks (CIS, ISO, SOC, PCI).
- Integrate network monitoring and threat detection services (VPC Flow Logs, CloudWatch, GuardDuty, Security Hub).
- Define and enforce network governance, segmentation, and least privilege access models.
- Architect routing domains using Transit Gateway, route tables, and advanced routing strategies.
- Integrate AWS networking with On-premises data centers and third-party SaaS providers.
- Implement Private Link, VPC endpoints, and service to service connectivity patterns.
- Build and manage network infrastructure using Terraform, CloudFormation, or CDK.
- Automate provisioning, configuration, and compliance checks for network components.
- Develop CI/CD pipelines for network deployments and drift detection.
- Lead troubleshooting and root cause analysis for complex AWS and hybrid network issues.
- Optimize network performance, reliability, and cost efficiency.
- Provide escalation support for critical network incidents and outages.
- Conduct workshops to define the AWS account and VPC strategy to integrate SPOG infrastructure.
- Define the strategy for environment separation for the new platforms.
- Partner with engineering, security, and platform teams to deliver cloud native solutions.
- Participate in architecture reviews, design sessions, and cloud governance boards.
- Mentor engineers on AWS networking best practices and cloud architecture principles.
Key Skills:
- 12+ years of relevant experience in network engineering, with strong cloud networking expertise.
- Deep knowledge of AWS networking services: VPC, TGW, DX, Route 53, ALB/NLB, Global Accelerator, Private Link.
- Strong understanding of routing protocols (BGP, OSPF), DNS, load balancing, and network security.
- Hands-on experience with Terraform and Infrastructure as Code workflows.
- Experience with multi account AWS environments, Control Tower, and enterprise governance.
Salary (Rate): undetermined
City: London
Country: UK
Working Arrangements: undetermined
IR35 Status: undetermined
Seniority Level: undetermined
Industry: IT
Detailed Description From Employer:
AWS Cloud Network Architect
JD for AWS Cloud Network Architect
Key Responsibilities:
Architecture & Design
- Design and implement VPC architectures, multi VPC topologies, and network segmentation strategies.
- Architect hybrid connectivity solutions using Direct Connect, Site to Site VPN, SD WAN, and BGP routing.
- Develop and maintain multi account network patterns aligned with AWS Control Tower and Landing Zone frameworks.
- Build secure ingress/egress architectures using NAT gateways, Firewalls, and inspection VPCs.
- Design high availability, multi AZ, and multi region network architectures.
- Produce a detailed Low-Level Design (LLD) document including network designs.
- Design AWS networking components (VPCs, subnets, TGW attachments, etc.).
- Define secure network connectivity patterns for all integrations. [This is our current understanding of the required integrations but it's subject to change as part of the Design phase.)
- CNI Geo SCADA Solace EKS (AWS side of the connection)
- Technolog GasCore Solace EKS
- Solace EKS AVEVA PI
- CNI Geo SCADA AVEVA PI (for data historian purposes - TBC in Design, again AWS side of the connection)
- Technolog GasCore AVEVA PI (for data historian purposes - TBC in Design)
- Solace EKS SAP BTP/Advanced Event Mesh
- Solace EKS SAP Datasphere
- Solace EKS Databricks
- Solace EKS Enterprise Globalscape
- Solace EKS SAP PO
- Solace EKS Solace SaaS cloud for Images and Mission Control
- AVEVA PI S3 Databricks
- Design the AWS infrastructure for the Solace EKS cluster.
- Design the AWS infrastructure for the AVEVA PI multi-tier environment (web, app and data).
- Provide design oversight and governance for the build.
Security & Compliance
- Implement and manage network security controls (Security Groups, NACLs, AWS WAF, Network Firewall).
- Ensure compliance with enterprise security frameworks (CIS, ISO, SOC, PCI).
- Integrate network monitoring and threat detection services (VPC Flow Logs, CloudWatch, GuardDuty, Security Hub).
- Define and enforce network governance, segmentation, and least privilege access models.
Connectivity & Routing
- Architect routing domains using Transit Gateway, route tables, and advanced routing strategies.
- Integrate AWS networking with On-premises data centers and third-party SaaS providers.
- Implement Private Link, VPC endpoints, and service to service connectivity patterns.
Automation & Infrastructure as Code
- Build and manage network infrastructure using Terraform, CloudFormation, or CDK.
- Automate provisioning, configuration, and compliance checks for network components.
- Develop CI/CD pipelines for network deployments and drift detection.
Operations & Troubleshooting
- Lead troubleshooting and root cause analysis for complex AWS and hybrid network issues.
- Optimize network performance, reliability, and cost efficiency.
- Provide escalation support for critical network incidents and outages.
Collaboration & Leadership
- Conduct workshops to define the AWS account and VPC strategy to integrate SPOG infrastructure ie, Solace EKS and AVEVA PI into the existing Enterprise AWS Cloud.
- Define the strategy for environment separation ie, non-production vs production for the new platforms.
- Partner with engineering, security, and platform teams to deliver cloud native solutions.
- Participate in architecture reviews, design sessions, and cloud governance boards.
- Mentor engineers on AWS networking best practices and cloud architecture principles.
Required Skills & Experience
- 12+ years of relevant experience in network engineering, with strong cloud networking expertise.
- Deep knowledge of AWS networking services: VPC, TGW, DX, Route 53, ALB/NLB, Global Accelerator, Private Link.
- Strong understanding of routing protocols (BGP, OSPF), DNS, load balancing, and network security.
- Hands-on experience with Terraform and Infrastructure as Code workflows.
- Experience with multi account AWS environments, Control Tower, and enterprise governance.
Preferred certifications:
- AWS Certified Advanced Networking - Specialty
- AWS Solutions Architect - Professional
Rate:
Negotiable
Location:
London, UK
IR35 Status:
Undetermined
Remote Status:
Undetermined
Industry:
IT
Seniority Level:
Not Specified
