AWS Cloud Network Engineer

[Job Requirements] 1. Network Architecture and Automation Plan multi-account and multi-VPC architecture based on Landing Zone, optimize TGW Hub-Spoke model, manage cross-account interconnection and network segmentation policies. Design high availability architecture for internet boundaries (NAT Gateway, NLB/ALB), manage PrivateLink and VPC Endpoint for private access. Build multi-AZ active-active/primary-backup network paths for core transactions, API gateways, and other low-latency services. Implement declarative management and version control of network resources (VPC, TGW, firewall policies, etc.) using Terraform/CloudFormation. 2. Network Security Protection Operate AWS Network Firewall or third-party firewalls (Fortinet/Palo Alto) for traffic management and policies under TGW architecture. Configure security groups and network ACLs to achieve least privilege access control. Deploy edge security: Cloudflare WAF/DDoS (L3/L7) and AWS Shield Advanced for coordinated defense. Utilize VPC Flow Logs and Traffic Mirroring for traffic collection, DPI, and anomaly analysis. Collaborate with the security team to optimize DDoS protection and IDS/IPS policies. 3. Performance Monitoring and Cost Establish an end-to-end monitoring system, integrating CloudWatch and Cloudflare Analytics, to analyze performance from edge to origin (cache hit rate, TLS handshake, origin traffic) and identify bottlenecks. Conduct regular capacity planning and monitor key components such as TGW, NAT Gateway, and VPC Endpoint. [Job Requirements] Basic Abilities 3-5 years of AWS cloud network design and operation experience, with capabilities in large-scale multi-account and cross-region architecture. In-depth knowledge of core components such as VPC, TGW, VPC Peering, PrivateLink/Endpoint, NAT Gateway, and Network Firewall. Thorough understanding of Cloudflare core products: CDN, WAF, DDoS protection, Bot Management, Tunnel, Spectrum, Load Balancing, Access, DNS. Network Performance and Monitoring Experience in network performance analysis and tuning, proficient in using tools like tcpdump, Wireshark, Flow Logs, CloudWatch Logs Insights, etc. Familiar with Cloudflare Analytics and Logpush, able to conduct end-to-end link analysis in conjunction with AWS monitoring. Security and Compliance Familiar with centralized management and traffic design of cloud-native and third-party virtual firewalls (e.g., TGW + Firewall VPC). Experience in traffic mirroring and tuning IDS/IPS policies. Ability to design edge WAF policies, tuning Cloudflare rules engine based on business threat models (high-frequency APIs, bot mitigation, DDoS variants). Automation and Tools Proficient in using Terraform for network resource orchestration, with experience in writing reusable modules. Bonus Points Experience in network architecture for Web3 and financial industry trading systems. Holds AWS Advanced Networking Specialty or Security Specialty certification. Familiar with Kubernetes networking (CNI, Cilium, Network Policy) and cloud underlying network collaboration.