Cloud Platform Engineer II (Network)

Lennar•Miami, FL

1d•Onsite

About The Position

We are Lennar, one of the nation's leading homebuilders, dedicated to making an impact and creating an extraordinary experience for our Homeowners, Communities, and Associates. We are seeking a Cloud Platform Engineer focused on network and identity infrastructure in AWS and Cloudflare to join our Cloud Platform team. In this role, you will implement and maintain cloud networking and identity services through a fully code-driven infrastructure model. Using Terraform, GitHub Actions, and DevOps practices, you will build and operate scalable, well-governed platform services in a multi-account AWS environment. While AWS is the primary platform and the target for all new development, the organization maintains a legacy Azure presence that may require occasional support.

Requirements

2-3 years of experience working with AWS platform and infrastructure services.
Hands-on experience with Terraform for infrastructure as code.
Working knowledge of GitHub and GitHub Actions for CI/CD.
Solid understanding of AWS networking services: VPC, Transit Gateway, Direct Connect, Route 53, Elastic Load Balancing, and VPC endpoints.
Familiarity with AWS identity and access management: IAM roles and policies, IAM Identity Center, Permission Sets, and trust policies.
Understanding of network security constructs: Security Groups, NACLs, and VPC endpoint policies.
Ability to read and interpret network diagrams, routing tables, and packet flows.
Strong communication skills and the ability to work collaboratively in a team environment.

Nice To Haves

Bachelor's degree in Computer Science, Information Technology, or a related field preferred.
Experience with or exposure to Cloudflare services such as DNS, CDN, WAF, or Zero Trust is a plus.
Familiarity with Microsoft Azure networking and identity services is a plus but not required.
Exposure to AWS Network Firewall concepts is a plus.
AWS Certifications such as Cloud Practitioner or Solutions Architect Associate preferred; AWS Advanced Networking Specialty is a plus.
Traditional networking certifications such as Cisco CCNA are not required but will supplement cloud certifications.

Responsibilities

Design, implement, and own AWS networking constructs such as VPCs, subnets, route tables, and internet/NAT gateways using IaC and CI/CD workflows, with accountability for reliability and standards compliance.
Lead Transit Gateway configurations to support multi-account and multi-region connectivity, including architecture decisions and ongoing optimization through infrastructure as code.
Implement and own AWS Direct Connect configurations for hybrid connectivity, including troubleshooting complex routing issues between on-premises and cloud environments.
Design and enforce network security controls including Security Groups, Network ACLs, and VPC endpoint policies through reusable, well-documented IaC modules.
Own and administer AWS Network Firewall configurations, including policy development and integration with broader platform security controls.
Lead the design and implementation of Cloudflare services including DNS, CDN, WAF, and traffic management through infrastructure as code, serving as a subject matter expert for the team.
Develop, maintain, and establish standards for reusable IaC modules for network and identity infrastructure deployments across teams.
Build, own, and improve GitHub Actions workflows for infrastructure CI/CD pipelines across networking, identity, and platform services, including pipeline reliability and security controls.
Design and implement IAM roles, policies, and trust relationships as code, establishing least-privilege access patterns and guardrails across AWS accounts.
Lead deployment and management of IAM Identity Center (IAM IC) configurations, Permission Sets, and account assignments through IaC, including lifecycle management and compliance reviews.
Independently troubleshoot and resolve complex network connectivity, latency, and routing issues across AWS and Cloudflare environments, and document root cause findings.
Serve as an escalation point during sprint-based support rotations for platform issues, and drive improvements to reduce recurring incidents.
Partner with cloud engineering, security, and application teams to translate approved architectures into production-ready networking and identity solutions, taking ownership from design through delivery.
Lead documentation efforts for runbooks, architecture decisions, and knowledge-sharing; mentor Level I engineers on team standards and best practices.
Own and improve account vending processes using enterprise automation tools, driving consistency and reducing manual steps.
Maintain, enhance, and proactively improve automated provisioning pipelines for infrastructure hosting.
Define and enforce account guardrails through infrastructure as code policies, contributing to the broader governance framework.
Drive continuous improvement initiatives in cloud usage, automation coverage, and operational efficiency across the platform.