Senior Cloud Network Engineer

This is a fully remote position, open to applicants in Poland.

📋 Description

• **Your Responsibilities Will Include:**

• - Designing and managing dependable cross-data center and hybrid connectivity that encompasses IPsec, BGP, routing policies, firewalls, DNS, Cloudflare, provider networking, and cloud connectivity.

• - Creating highly available network paths across data centers, public cloud providers, OpenNebula, Kubernetes/Talos, and bare-metal infrastructure.

• - Taking ownership of network changes throughout the entire process: design, risk assessment, peer review, implementation, monitoring, validation, rollback, and documentation of post-change outcomes.

• - Transitioning fragile manual processes into documented, observable, and repeatable services through Git review, automation, scripts, source-of-truth data, and monitoring practices.

• - Troubleshooting and resolving production incidents related to Linux networking, BIRD/FRR, strongSwan, Juniper JunOS, firewalls, Cloudflare, DNS, MTU/MSS, asymmetric routing, NAT/conntrack, packet loss, Kubernetes CNI behavior, and provider limitations.

• - Maintaining architecture documents, topology diagrams, high-level and low-level design specifications, runbooks, disaster recovery protocols, configuration snapshots, IPAM/source-of-truth data, and operational handoff materials.

• - Collaborating closely with IaaS, SRE/Observability, Security, Automation/Data, Platform, Service Delivery, and product teams.

⛳️ Requirements

• **What You Will Bring to the Role:**

• - Extensive experience in senior production networking within environments where uptime is critical.

• - Strong foundational knowledge of BGP and routing: prefix filtering, communities, route policies, failover, BFD or similar mechanisms, asymmetric routing, traffic steering, and debugging.

• - Significant experience with IPsec, VPN, and site-to-site connectivity, preferably using strongSwan or similar tools.

• - Profound understanding of Linux networking: iproute2, tcpdump, nftables/iptables, conntrack, system networking, DNS behavior, NIC/offload basics, and troubleshooting MTU/MSS issues.

• - Fundamental knowledge of datacenter networking: VLANs, LACP, switching, firewalls, optics/cabling awareness, maintenance windows, and backup/recovery practices.

• - Experience with cloud and provider networking: VPC/VNet-style networks, CIDR planning, route tables, security groups/NACLs/firewalls, NAT/egress, VPN, load balancers, DNS, and provider limitations.

• - Understanding of Kubernetes networking: CNI, Services, Ingress, NetworkPolicy, node/pod/service paths, egress control, DNS, load balancing, and packet-level troubleshooting.

• - A mindset focused on network observability and performance: telemetry, flow logs, synthetic checks, bandwidth and latency analysis, packet loss, jitter, saturation, and provider or appliance limitations.

• - Experience in network security operations: segmentation, firewall rule lifecycle, least privilege practices, AAA concepts, secrets management, and disciplined maintenance-window protocols.

• - Proficiency in infrastructure automation using scripting, APIs, Ansible, Terraform/OpenTofu, Git-based reviews, repeatable rollouts, and configuration validation.

• - Excellent written communication skills for remote and asynchronous teams: change plans, incident updates, runbooks, risk assessments, rollback strategies, and commitments regarding ownership and timelines.

• - Sound decision-making skills in uncertain situations: you can make informed decisions while evaluating production impact and blast radius before proceeding.

• **Desirable Qualifications:**

• - Familiarity with Juniper JunOS, QFX/EX/SRX platforms, EVPN/VXLAN, MLAG/MC-LAG, ECMP, or leaf-spine network architectures.

• - Knowledge of BIRD/FRR, anycast routing, RPKI/ROA/ROV validation, IRR, bogon filtering, route-leak mitigation, or public BGP routing operations.

• - Experience with network automation and documentation tools such as NetBox/Nautobot, Oxidized, GitLab CI/CD, Batfish, containerlab, pyATS, NAPALM, or SuzieQ.

• - Experience with Hetzner, Cloudflare Zero Trust/DNS/LB/WAF, AWS Transit Gateway, Direct Connect concepts, PrivateLink/VPC endpoints, or Route 53.

• - Familiarity with Cilium, Calico, MetalLB, Gateway API, service mesh concepts, OpenNebula networking, Ceph/storage networking, IPv6/dual-stack, DDoS-aware design, SLOs, postmortems, or secure firewall governance.

🏝️ Benefits

• **What We Offer You:**

• - A strong emphasis on professional development.

• - Engaging and challenging projects.

• - Fully remote work with flexible hours, allowing you to organize your schedule and work from any location around the globe.

• - Paid vacation of 24 days annually, 10 national holidays, and unlimited sick leave.

• - Coverage for private medical insurance.

• - Reimbursement for co-working spaces and gym/sports activities.

• - A budget allocated for educational pursuits.

• - The chance to earn rewards for innovative ideas that the company can patent.