Senior Network Engineer

About VestaVesta helps wireless providers make more money byimprovinga part of theirbusinessmostdon’tthink about — payments. Vesta works with major names like AT&T, Rogers, Telcel, and Vodafone, helping them stop fraud, reduce failed transactions, and make sure moretransactions are successful. ForMNOs,MVNOs and prepaid carriers, this can mean fewer lost customers and more revenue — all without adding friction to the checkout experience. With over 100 million transactions processed every year in 40+ countries, Vestahelpswireless providers turn their payment systems into a competitive advantage.Position SummaryVesta Corporation is seeking a Senior Network Engineer to lead the design, implementation, and ongoing operations of our global enterprise network. This is a senior individual-contributor role operating at the intersection of complex multi-site networking, hybrid cloud infrastructure, and PCI compliance. The ideal candidate brings 10+ years of hands-on enterprise networking experience, deep fluency with AWS network architecture and security services, strong familiarity with both commercial and open-source tooling, and the ability to drive infrastructure modernization initiatives with limited oversight.Key ResponsibilitiesOn-Premises & Hybrid Network InfrastructureDesign, implement, and maintain scalable, secure network infrastructure across data centers, remote sites, and AWS/Azure cloud environments. Architect and operate routing and switching infrastructure including BGP, NAT, VLANs, Spanning Tree, IPsec VPNs and HSRP. Manage and tune enterprise firewall platforms (Cisco, pfSense, Check Point) in alignment with PCI DSS segmentation and access control requirements. Administer and optimize F5 BIG-IP LTM/GTM for application delivery, load balancing, and traffic steering across production environments. Manage Cloudflare DNS, WAF, and network security policies for internet-facing properties. Maintain network security policy management via FireMon; contribute to access path analysis and rule lifecycle management. Manage Proxmox-based virtualization as it relates to network-adjacent workloads and VM/LXC networking. Coordinate with vendors and carriers to manage WAN circuits, resolve outages, and drive cost optimization. AWS Network Design & OperationsDesign, deploy, and maintain AWS Virtual Private Clouds (VPCs) including subnet design, CIDR allocation, route tables, internet gateways, and NAT gateways across multi-account and multi-region environments. Architect and manage VPC-to-VPC connectivity via VPC Peering, AWS Transit Gateway, and PrivateLink to support secure, scalable inter-service communication. Configure and maintain AWS Site-to-Site VPN and Direct Connect circuits for hybrid connectivity between on-premises data centers and AWS environments. Design and enforce AWS Security Group and Network ACL policies as network-layer access controls, aligned with PCI DSS segmentation requirements. Manage DNS architecture within AWS using Route 53 for private hosted zones, resolver endpoints, conditional forwarding, and DNS failover across hybrid environments. Configure and manage AWS NAT Gateways, Elastic IPs, and Elastic Load Balancers (ALB/NLB) for workload exposure and traffic routing. Maintain AWS network connectivity for partner data and compute workloads migrated into cloud environments, including GDPR and data sovereignty considerations. AWS Security & ComplianceImplement and maintain AWS security controls at the network layer including Security Groups, NACLs, VPC Flow Logs, and WAF rulesets on CloudFront and ALB. Enable and manage AWS CloudTrail across accounts to ensure comprehensive API activity logging; integrate with centralized SIEM for alerting and audit evidence. Configure and maintain AWS GuardDuty for threat detection; triage findings and drive remediation in coordination with the security team. Manage AWS Security Hub to aggregate and prioritize findings from GuardDuty, Inspector, Macie, and third-party integrations; produce compliance posture reports for PCI DSS and SOC 1 Type 2 audits. Administer AWS IAM policies, roles, and permission boundaries as they relate to network resource access; enforce least-privilege principles across VPC, Direct Connect, and Transit Gateway configurations. Use AWS Config rules and AWS Organizations SCPs to enforce network security standards and detect drift across multi-account environments. Monitoring, Observability & AutomationMonitor AWS network health using VPC Flow Logs, CloudWatch metrics and alarms, Transit Gateway Network Manager, and Reachability Analyzer. Build and maintain CloudWatch dashboards and alarms for network throughput, latency, NAT gateway utilization, VPN tunnel status, and Direct Connect metrics. Evaluate, deploy, and operationalize FOSS tools as replacements for commercial products where appropriate (e.g., Oxidized, NetBox) Contribute to Infrastructure as Code for network resources using automation; enforce configuration consistency acr