Cloud Network Engineer

Agilon Health•Westerville, OH

1d•$100,000 - $122,600•Remote

About The Position

Position Summary: Own the design, reliability, and automation of enterprise network connectivity across on-prem and cloud. This role delivers secure, scalable network services (routing, segmentation, firewalling, VPN, DNS/IPAM, monitoring) with a platform mindset, enabling application teams and operations to move faster with guardrails. Success requires strong hands-on troubleshooting fundamentals plus the ability to implement repeatable patterns in AWS and Azure (hybrid connectivity, multi-account/subscription architectures, centralized inspection/egress, and network observability). Provide resilient, secure, and automated connectivity as a service—reducing operational friction, improving time-to-delivery, and increasing network reliability through standard architectures and automation. Function as an engineer with a platform-oriented approach by standardizing best practices, minimizing manual effort through automation, and enhancing system reliability using telemetry data and insights from incident analysis.

Requirements

7-10 years of hands-on experience as a Network Engineer (or similar) in a complex, multi-protocol environment.
Hands-on cloud networking experience in AWS and/or Azure (VPC/VNet design, routing, segmentation, hybrid connectivity).
Strong fundamentals in enterprise networking: TCP/IP, routing (BGP/OSPF), VLANs, subnetting, NAT/PAT, VPN, and packet-level troubleshooting.
Infrastructure-as-code exposure for networking (e.g., Terraform or equivalent) plus peer-reviewed change workflows.
Demonstrated ability to operate network monitoring and analysis tooling; strong competence diagnosing latency/loss/route issues end-to-end.
Experience operating perimeter and internal security controls (firewalls, segmentation principles, authentication/authorization integrations).
Ability to produce and maintain clear network documentation (diagrams, standards, runbooks) and communicate effectively across technical and non-technical audiences.
Bachelor’s Degree in an IT/engineering discipline or equivalent practical experience.
Experience implementing centralized inspection/egress patterns and flow visibility (e.g., VPC Flow Logs, Network Watcher, firewall logging).
Experience with multi-account/multi-subscription networking patterns (shared services hub, standardized guardrails, centralized routing/inspection).
Ability to create and maintain network documentation including standards, diagrams, implementation guides, and operational runbooks.
Ability to work with mathematical concepts such as probability and statistical inference.
Ability to apply concepts such as fractions, percentages, ratios, and proportions to practical situations.
Ability to apply principles of logical or scientific thinking to a wide range of intellectual and practical problems.
Ability to create and maintain documents using Microsoft Office (Word, Excel, Outlook, PowerPoint)

Nice To Haves

Familiarity with healthcare regulatory expectations and privacy/security best practices (e.g., HIPAA considerations) as they apply to network security and logging.
AWS Advanced Networking - Specialty and/or AWS Security - Specialty.
Azure AZ-700 and/or AZ-500.
CCNA/CCNP (or equivalent).
Palo Alto certification (e.g., PCNSE) preferred; Palo Alto platform experience a plus.

Responsibilities

Network Architecture & Engineering Design and operate enterprise LAN/WAN connectivity, including routing (BGP/OSPF), subnetting, segmentation, NAT, and high availability patterns.
Build and maintain secure connectivity services: site-to-site VPN, remote access integration patterns, and encrypted transport where required.
Partner with stakeholders to translate requirements into network designs that meet performance, resiliency, and security objectives.
Cloud Connectivity (AWS + Azure) Design and support cloud networking primitives and patterns in AWS and Azure (VPC/VNet, routing, segmentation, private connectivity, load-balancing integration, DNS considerations).
Engineer secure hybrid connectivity between on-prem and cloud, including routing, failover strategy, and operational runbooks.
Implement and operate multi-account/multi-subscription connectivity architectures (hub/spoke, shared services, centralized routing domains, and guardrails).
Security Controls, Segmentation, and Inspection Implement and manage network security controls in partnership with Security Engineering (firewall policy lifecycle, segmentation zones, secure egress).
Deliver centralized inspection/egress patterns and ensure traffic flows are logged and traceable (flow logs, firewall logs) per requirements
Ensures network designs and telemetry align to healthcare privacy/security expectations, including segmentation, encryption in transit where required, and audit-friendly logging for incident response.
Automation & Change Enablement Automate repeatable network deployments and changes using infrastructure-as-code and version-controlled workflows (peer review, drift management).
Improve change reliability via validation (pre-checks/post-checks) and documentation-as-code where practical.
Reliability & Operations Maintain operational excellence through proactive monitoring, capacity awareness, and structured incident response participation.
Lead troubleshooting using packet-level analysis and systematic fault isolation across cloud and on-prem dependencies.
Continuously improve runbooks, diagrams, and reference architectures to reduce MTTR.
Collaborate with global colleagues.
Vendor Governance Manage provider performance and cloud connectivity; support optimization initiatives and contract deliverables as applicable.