Full-time
Los Angeles, CA
Job description
Position Name: Senior Network & Cloud Engineer
Position Type: Full Time / Exempt
Salary: Competitive, based on experience
Job Overview:
We are a growing professional services company that designs, builds, and supports reliable networks and secure cloud foundations. We’re looking for a hands‑on Senior Network & Cloud Engineer who can translate sound architectural principles into working solutions across on‑prem and Azure environments. You’ll collaborate directly with clients and internal teams to plan, implement, troubleshoot, and document systems that are resilient, secure, and cost‑effective.
Responsibilities:
· Design and implement campus, datacenter, and branch networks (L2/L3, WAN/SD‑WAN) and hybrid Azure connectivity (VPN/ExpressRoute).
· Own end‑to‑end troubleshooting across network and cloud layers; isolate faults using packet captures, flow logs, and telemetry; drive permanent fixes.
· Plan and deploy load balancers, reverse proxies, and application gateways (SSL/TLS offload, health checks, L7 routing, WAF when required).
· Architect Azure landing zones and VNet topologies (hub‑and‑spoke/Virtual WAN), including NSGs/ASGs, UDRs, private endpoints, and firewall policies.
· Implement and manage identity‑centric access (Entra ID, Conditional Access, PIM) for users, admins, services, and applications.
· Automate builds, configuration, and changes using Infrastructure as Code and scripting; maintain source‑controlled runbooks and pipelines.
· Produce clear diagrams and documentation; provide knowledge transfer and act as on‑site/remote liaison with customers and account teams.
Key Requirements:
Networking
· L2/L3 Switching & Routing: VLANs, STP/RSTP/MST, EtherChannel/LAG; OSPF/BGP/ECMP design and operations.
· Troubleshooting Mastery: Wireshark/tcpdump, traceroute/Path MTU, asymmetric routing, loop detection/mitigation, convergence analysis.
· Datacenter & Campus Design: Leaf‑spine fundamentals; EVPN/VXLAN awareness; QoS shaping/queuing; redundancy (VRRP/HSRP).
· Segmentation & Access Control: ACLs, micro‑segmentation patterns, 802.1X/NAC basics, secure device onboarding.
· WAN & Edge: IPsec/GRE, SD‑WAN concepts, BGP at the edge, high‑availability edge patterns, remote access VPNs.
· Load Balancing & Proxies: L4/L7 load balancers, reverse proxies, health probes, canary/blue‑green patterns, TLS cert lifecycle.
· Observability & Capacity: NetFlow/sFlow, SNMP/telemetry, performance baselining, capacity planning, change impact assessments.
Cloud Administration
· Azure Networking: VNets/subnets, UDRs, NSG/ASG policies, Private Link/Endpoints, Virtual WAN, Azure Firewall, Application Gateway/Front Door.
· Identity & Access: Entra ID (Azure AD), Conditional Access, PIM, hybrid identity (AD DS + Entra Connect), managed identities/service principals.
· Infra as Code & Automation: Bicep/Terraform and PowerShell/Azure CLI for repeatable builds; Git‑based workflows and CI/CD pipelines.
· Security & Governance: Azure RBAC, Policy/Initiatives, blueprints/landing zones, Key Vault for secrets and certificates, baseline hardening.
· Connectivity & Hybrid: Site‑to‑site VPN/ExpressRoute, name resolution (Private DNS), private service access for PaaS, NVA patterns.
· Platform & Compute: VM/VMSS, AVD basics, container/AKS networking (CNI), image management, scaling and availability sets/zones.
· Monitoring & Cost: Azure Monitor/Log Analytics (KQL), NSG flow logs, Connection Monitor; right‑sizing and cost guardrails.
Characteristics of Success:
· A team player, able to collaborate with and inspire colleagues across all levels of the organization.
· A proactive self-starter with the expertise to identify necessary changes, the drive to execute these changes independently, the experience to know when to seek approval, and the humility to follow established processes.
Benefits:
· Birds-of-a-Feather: Work with the best engineers in the industry
· Competitive salary and bonus structure.
· Comprehensive health and wellness benefits.
· Opportunities for professional development and growth.
· A collaborative and dynamic work environment.
How to Apply
Please complete the Predictive Index Assessment here: https://assessment.predictiveindex.com/bo/9MYC/Vizius_Senior_Security_Engineer
as well as the follow-up assessment you will receive via e-mail afterwards. Then, submit your resume through Indeed.
Job Type: Full-time
Pay: $89,197.37 - $137,420.48 per year
Work Location: Hybrid remote in Greenville, SC 29611
