Key skills
Cloud networking - AWSCloud networking - GCPCloud networking - AzureCloud networking - OCIFedRAMP complianceNIST SP 800-53Palo Alto Network VM Series firewallsPalo Alto PrismaArista Network DevicesCisco Network DevicesEVPN-VxLANArista AVDGitOps workflowsHybrid multi-cloud networkingLoad balancingDNSNATTLS terminationL7 routingHTTP/1.1–HTTP/3 protocolsZero trust networkingTerraformPulumiCloudFormationPython scriptingBash scriptingOpenTelemetryFluentBitPrometheusGrafanaDatadogPythonBashAWSAzureGCPConsulNGINXEnvoyPrismaGitOpsIstioLinkerdService MeshLoad BalancingCI/CDLeadershipCommunicationNetwork SecurityZero TrustFirewall
About this role
Rubrik is a leading company in data protection and cyber resilience, and they are seeking a Senior Cloud Network Engineer to design and implement secure networking solutions across their hybrid multi-cloud environment. The role involves ensuring FedRAMP compliance and collaborating with various teams to enhance service connectivity and infrastructure resilience.
Responsibilities:
- Design and implement cloud networking solutions across GCP, AWS, Azure, and OCI
- Build and maintain hybrid multi-cloud connectivity, including VPC/VNet design, peering, transit gateways, interconnects, ExpressRoute, Direct Connect, and secure tunneling
- Support and maintain FedRAMP authorization boundaries, including network segmentation, traffic isolation, and control documentation aligned with NIST SP 800-53
- Contribute to a unified connectivity fabric supporting multi-tenant onboarding, service segmentation, traffic routing, and policy enforcement across clouds — including dedicated GovCloud or sovereign regions
- Implement network observability (end-to-end traffic visibility, flow tracing, correlation ID propagation) to enable diagnostics and performance analysis
- Apply network security controls including micro-segmentation, zero trust network access (ZTNA), identity-aware routing, firewall policies, and encryption in transit — mapped to FedRAMP and NIST 800-53 baselines
- Support service-to-service communication, protocol translation, and traffic mediation across diverse environments
- Partner with security, SRE, and developer teams to onboard services securely and efficiently to the networking fabric
- Collaborate with the GRC and FedRAMP compliance team to support continuous monitoring, POA&M remediation, and ATO (Authority to Operate) maintenance
- Apply automation-first principles using Infrastructure-as-Code (Terraform, Pulumi) and CI/CD pipelines
- Follow and contribute to networking standards, best practices, and reusable templates for consistent, scalable, and secure deployments
- Stay current on emerging networking technologies and contribute recommendations for improving Rubrik’s infrastructure
Requirements:
- 5+ years of experience in network engineering, with hands-on experience in multi-cloud networking
- Experience in managing Palo Alto Network VM Series firewalls, Palo Alto Prisma
- Experience with Arista and Cisco Network Devices
- Experience with EVPN-VxLan, Arista AVD, CVP, and GitOps workflows
- Solid understanding of cloud-native networking concepts across major CSPs: AWS (VPC, TGW, Direct Connect, GovCloud), GCP (VPC, Interconnect), Azure (VNet, ExpressRoute, Azure Government), OCI
- Experience designing and operating hybrid/multi-cloud environments with high availability and low latency
- Strong command of load balancing, DNS, NAT, TLS termination, L7 routing, HTTP/1.1–HTTP/3, and protocol translation
- Experience architecting or supporting FedRAMP Moderate or High environments, including network boundary definition, segmentation, and NIST SP 800-53 control implementation
- Experience with zero trust networking and modern network security design
- Expertise in IaC tools such as Terraform, CloudFormation, or Pulumi
- Strong scripting skills (Python, Bash, or similar) for automation
- Experience with observability and telemetry tools (OpenTelemetry, FluentBit, Prometheus, Grafana, Datadog)
- Excellent communication and leadership skills; ability to collaborate and influence across engineering and infrastructure teams
- Cloud networking certifications (e.g., AWS Advanced Networking, GCP Professional Cloud Network Engineer, Azure Network Engineer Associate)
- Familiarity with FedRAMP authorization processes, System Security Plans (SSPs), and continuous monitoring frameworks
- Experience with service mesh technologies (e.g., Istio, Consul, Linkerd)
- Familiarity with HAProxy, NGINX, Envoy, or other L7 proxies/load balancers
- Experience with compliance-driven or regulated environments, particularly FedRAMP, DoD IL2/IL4, or StateRAMP, is a strong plus