Cypress HCM
About the Role
Our IT Network Engineering team designs, builds, and operates the enterprise network across offices, data centers, and AWS. As a Sr. Network Engineer, you’ll lead core network design and upgrades, deliver reliable AWS connectivity, automate with infrastructure as code, and mentor teammates. You’ll be accountable for availability, performance, and security across a multi‑vendor stack. On‑call is required.
Duties
Design and implement network changes across Bay Area sites and global locations (campus, data center, WAN / SD WAN, remote access, cloud interconnects).
Architect and operate AWS networking: multi‑account VPCs, Transit Gateway, Direct Connect, VPN, endpoints / PrivateLink, Route 53, ALB / NLB, security groups / NACLs, segmentation guardrails.
Build infrastructure as code (Terraform): reusable modules, CI / CD pipelines, automated pre / post change validation, drift detection.
Lead advanced L2–L7 troubleshooting; drive incidents to resolution and root cause across on‑prem and AWS.
Apply SRE practices: define SLIs / SLOs / alerts, participate in and lead on‑call, run incident response and postmortems, maintain runbooks and dashboards.
Partner with Security, SRE / Infra, Workplace, and other IT teams; lead design reviews and cross‑functional projects.
Document architectures and operational procedures; mentor junior engineers.
Primary Platforms
AWS
Palo Alto Networks (PAN OS, Panorama, GlobalProtect, URL / Threat, DNS Security)
Juniper Networks (EX / QFX, EVPN / VXLAN, Junos)
Cisco Meraki (MX / MS / MR, SD WAN)
Cisco Wi Fi (Catalyst / 9800, RF design), 802.1X
Infoblox (DNS / DHCP / IPAM, API automation)
Tooling: Terraform, Git / GitHub, Ansible / Nornir, Python / Go, CloudWatch, Datadog (or similar)
How you’ll measure success
Reliability: higher availability and lower MTTR for campus / core / AWS connectivity via defined SLIs / SLOs.
Safe velocity: automated, tested IaC pipelines; fewer change‑related incidents and less toil.
Delivery: on‑time multi‑site upgrades and AWS networking projects that move team OKRs.
Enablement: durable docs / runbooks and mentorship that uplevel the team.
Requirements
5+ years designing and operating large‑scale enterprise networks across hybrid environments (offices, data centers, AWS).
Deep L2 / L3: BGP, OSPF / IS IS, EVPN / VXLAN, routing policy, HA, QoS, NAT; strong packet‑level troubleshooting.
Hands‑on AWS networking (VPC, TGW, DX, VPN, Route 53, ALB / NLB, endpoints / PrivateLink, Flow Logs) and security guardrails.
Palo Alto Networks firewalls and Panorama: policy design, segmentation, GlobalProtect, threat services.
Juniper campus / data center and Cisco Meraki at scale; strong Cisco Wi Fi design / operations.
IaC and automation: Terraform modules, code reviews, CI / CD; Python or Go; Ansible / Nornir; device / cloud APIs.
Observability and SRE fundamentals: SLIs / SLOs, alerting, incident response / on‑call, postmortems, runbooks.
Clear communicator; strong ownership and accountability.
Preferred
Certifications: AWS Advanced Networking, PCNSE, JNCIP / JNCIE, CCNP / CCIE
Compensation
$90 – 100 / hr W—2
Req ID: 36534611
#J-18808-Ljbffr
Duties
Design and implement network changes across Bay Area sites and global locations (campus, data center, WAN / SD WAN, remote access, cloud interconnects).
Architect and operate AWS networking: multi‑account VPCs, Transit Gateway, Direct Connect, VPN, endpoints / PrivateLink, Route 53, ALB / NLB, security groups / NACLs, segmentation guardrails.
Build infrastructure as code (Terraform): reusable modules, CI / CD pipelines, automated pre / post change validation, drift detection.
Lead advanced L2–L7 troubleshooting; drive incidents to resolution and root cause across on‑prem and AWS.
Apply SRE practices: define SLIs / SLOs / alerts, participate in and lead on‑call, run incident response and postmortems, maintain runbooks and dashboards.
Partner with Security, SRE / Infra, Workplace, and other IT teams; lead design reviews and cross‑functional projects.
Document architectures and operational procedures; mentor junior engineers.
Primary Platforms
AWS
Palo Alto Networks (PAN OS, Panorama, GlobalProtect, URL / Threat, DNS Security)
Juniper Networks (EX / QFX, EVPN / VXLAN, Junos)
Cisco Meraki (MX / MS / MR, SD WAN)
Cisco Wi Fi (Catalyst / 9800, RF design), 802.1X
Infoblox (DNS / DHCP / IPAM, API automation)
Tooling: Terraform, Git / GitHub, Ansible / Nornir, Python / Go, CloudWatch, Datadog (or similar)
How you’ll measure success
Reliability: higher availability and lower MTTR for campus / core / AWS connectivity via defined SLIs / SLOs.
Safe velocity: automated, tested IaC pipelines; fewer change‑related incidents and less toil.
Delivery: on‑time multi‑site upgrades and AWS networking projects that move team OKRs.
Enablement: durable docs / runbooks and mentorship that uplevel the team.
Requirements
5+ years designing and operating large‑scale enterprise networks across hybrid environments (offices, data centers, AWS).
Deep L2 / L3: BGP, OSPF / IS IS, EVPN / VXLAN, routing policy, HA, QoS, NAT; strong packet‑level troubleshooting.
Hands‑on AWS networking (VPC, TGW, DX, VPN, Route 53, ALB / NLB, endpoints / PrivateLink, Flow Logs) and security guardrails.
Palo Alto Networks firewalls and Panorama: policy design, segmentation, GlobalProtect, threat services.
Juniper campus / data center and Cisco Meraki at scale; strong Cisco Wi Fi design / operations.
IaC and automation: Terraform modules, code reviews, CI / CD; Python or Go; Ansible / Nornir; device / cloud APIs.
Observability and SRE fundamentals: SLIs / SLOs, alerting, incident response / on‑call, postmortems, runbooks.
Clear communicator; strong ownership and accountability.
Preferred
Certifications: AWS Advanced Networking, PCNSE, JNCIP / JNCIE, CCNP / CCIE
Compensation
$90 – 100 / hr W—2
Req ID: 36534611
#J-18808-Ljbffr