Consultant system Engineering - Cloud Networks

We are seeking a Cloud Network Consultant -AWS to lead the design, implementation, governance, and security of enterprise-grade cloud networking solutions. This role requires deep technical expertise in Cisco routing, AWS networking and security services, Skyhigh Proxy, and automation with Terraform, combined with strong leadership to enforce robust security controls and drive strategic initiatives.

You will apply your strong Cisco routing/switching and security skills as your base to own and oversee topics related to routing(Cisco), AWS network services (Firewall) to strategize AWS Firewall controls, optimize AWS CDN & AWS Front Door, secure web access by administer Squid and Skyhigh Secure Web Gateway/Proxy, manage allow/deny lists, and oversee operational lifecycle tasks such as TLS certificate renewals and AMI/image upgrades for network/security appliances. You will bring in ideas to codify everything possible with Terraform and drive resilient, observable, and compliant operations. You will also implement monitoring and alerting frameworks and enforce AWS Policy and Governance for compliance

Mandatory Skills - Squid proxy, AWS front door, CDN, AWS Firewall and terraform (IaC), Cisco Routing and switching

Secondary skills - Network security knowledge, WAF, Squid Proxy, FortiNet, CheckPoint.

Key Responsibilities

Strategic Leadership & Governance

Define and own the cloud network architecture roadmap aligned with business objectives.

Establish network security governance, compliance frameworks, and enforce zero-trust principles.

Lead cloud networking strategy across hybrid environments, ensuring scalability, resilience, and cost optimization.

Act as a trusted advisor for network security best practices, risk assessments, and audit readiness.

Technical Design & Implementation

Architect and oversee Cisco routing (BGP, OSPF, MPLS, VPNs) for hybrid connectivity.

Collaborate with cloud architects, security, and DevOps teams to ensure secure and scalable network designs.

Design and implement AWS Firewall, AWS Front Door (with WAF), and AWS CDN for secure and optimized traffic delivery.

Design cloud and hybrid network topologies (hubandspoke/vWAN), IP addressing, UDRs/route tables, and peering aligned to zerotrust principles.

Design, implement, and support hybrid/cloud network architectures with Cisco routing (BGP, OSPF, route redistribution, ECMP, VRFs).

Define egress/ingress patterns with AWS Firewall, NSGs, and route control; standardize segmentation and inspection points. Build/Maintain AWS networking: VPC, subnets, route tables, UDRs, NSGs/ASGs, Private Links, Load Balancers, and ExpressRoute/SD-WAN connectivity.

Architect AWS Front Door for global load balancing, path-based routing, health probes, origin groups, and custom domains; align AWS CDN caching strategies (TTL, rules engine, compression) to app patterns.

Design, deploy, and maintain AWS virtual networks (VPC), subnets, network security groups, and route table

Design and implement application delivery services (traffic manager, load balancer etc)

Design and implement AWS application GW (rewrite sets, conf. TLS, HTTP settings etc

Implement AWS Firewall, Application Gateway, Front Door, and Load Balancers for high availability and security.

Troubleshoot connectivity, routing, and latency issues in AWS, Data centre and hybrid networks.

Troubleshoot L3-L7 issues using packet captures, flow logs, WAF/Firewall/Front Door/CDN telemetry, and SIEM dashboards.

Manage DNS zones, Private Endpoints, and Network Peering in AWS

Establish secure internet access patterns via Squid and Skyhigh Proxy (SWG) including SSL inspection, category policies, PAC files, and exceptions.

Implement a strategy for whitelisting/blacklisting strategies for domains, IPs, and applications.

Oversee certificate lifecycle management (issuance, renewal, rotation, automation).

Govern AMI upgrades, patching cadence, and image hardening standards.

Automation & Infrastructure as Code

Drive Terraform adoption for network provisioning, policy-as-code, and compliance guardrails.

Implement CI/CD pipelines for network/security automation and drift detection.

Automate certificate renewals, AMI pipelines, Squid and Skyhigh policy updates.

Security Controls & Compliance

Enforce network segmentation, least privilege access, and deny-by-default posture.

Implement WAF/IDPS, threat intelligence filtering, and DDoS protection strategies.

Maintain runbooks, diagrams, inventories, and deliver L3 support and knowledge transfer.

Ensure compliance with ISO 27001, SOC 2, GDPR, PCI-DSS and maintain audit-ready documentation.

Monitoring & Incident Response

Define observability strategy and traffic analytics.

Lead troubleshooting for complex L3/L7 issues across Data centre, hybrid and multi-cloud environments.

Establish incident response playbooks and conduct periodic tabletop exercises.