About Vesta
Vesta helps wireless providers make more money byimprovinga part of theirbusinessmostdon’tthink about — payments. Vesta works with major names like AT&T, Rogers, Telcel, and Vodafone, helping them stop fraud, reduce failed transactions, and make sure moretransactions are successful. ForMNOs,MVNOs and prepaid carriers, this can mean fewer lost customers and more revenue — all without adding friction to the checkout experience. With over 100 million transactions processed every year in 40+ countries, Vestahelpswireless providers turn their payment systems into a competitive advantage.
Position Summary
Vesta Corporation is seeking a Senior Network Engineer to lead the design, implementation, and ongoing operations of our global enterprise network. This is a senior individual-contributor role operating at the intersection of complex multi-site networking, hybrid cloud infrastructure, and PCI compliance. The ideal candidate brings 10+ years of hands-on enterprise networking experience, deep fluency with AWS network architecture and security services, strong familiarity with both commercial and open-source tooling, and the ability to drive infrastructure modernization initiatives with limited oversight.
Key Responsibilities
On-Premises & Hybrid Network Infrastructure
- Design, implement, and maintain scalable, secure network infrastructure across data centers, remote sites, and AWS/Azure cloud environments.
- Architect and operate routing and switching infrastructure including BGP, NAT, VLANs, Spanning Tree, IPsec VPNs and HSRP.
- Manage and tune enterprise firewall platforms (Cisco, pfSense, Check Point) in alignment with PCI DSS segmentation and access control requirements.
- Administer and optimize F5 BIG-IP LTM/GTM for application delivery, load balancing, and traffic steering across production environments.
- Manage Cloudflare DNS, WAF, and network security policies for internet-facing properties.
- Maintain network security policy management via FireMon; contribute to access path analysis and rule lifecycle management.
- Manage Proxmox-based virtualization as it relates to network-adjacent workloads and VM/LXC networking.
- Coordinate with vendors and carriers to manage WAN circuits, resolve outages, and drive cost optimization.
AWS Network Design & Operations
- Design, deploy, and maintain AWS Virtual Private Clouds (VPCs) including subnet design, CIDR allocation, route tables, internet gateways, and NAT gateways across multi-account and multi-region environments.
- Architect and manage VPC-to-VPC connectivity via VPC Peering, AWS Transit Gateway, and PrivateLink to support secure, scalable inter-service communication.
- Configure and maintain AWS Site-to-Site VPN and Direct Connect circuits for hybrid connectivity between on-premises data centers and AWS environments.
- Design and enforce AWS Security Group and Network ACL policies as network-layer access controls, aligned with PCI DSS segmentation requirements.
- Manage DNS architecture within AWS using Route 53 for private hosted zones, resolver endpoints, conditional forwarding, and DNS failover across hybrid environments.
- Configure and manage AWS NAT Gateways, Elastic IPs, and Elastic Load Balancers (ALB/NLB) for workload exposure and traffic routing.
- Maintain AWS network connectivity for partner data and compute workloads migrated into cloud environments, including GDPR and data sovereignty considerations.
AWS Security & Compliance
- Implement and maintain AWS security controls at the network layer including Security Groups, NACLs, VPC Flow Logs, and WAF rulesets on CloudFront and ALB.
- Enable and manage AWS CloudTrail across accounts to ensure comprehensive API activity logging; integrate with centralized SIEM for alerting and audit evidence.
- Configure and maintain AWS GuardDuty for threat detection; triage findings and drive remediation in coordination with the security team.
- Manage AWS Security Hub to aggregate and prioritize findings from GuardDuty, Inspector, Macie, and third-party integrations; produce compliance posture reports for PCI DSS and SOC 1 Type 2 audits.
- Administer AWS IAM policies, roles, and permission boundaries as they relate to network resource access; enforce least-privilege principles across VPC, Direct Connect, and Transit Gateway configurations.
- Use AWS Config rules and AWS Organizations SCPs to enforce network security standards and detect drift across multi-account environments.
Monitoring, Observability & Automation
- Monitor AWS network health using VPC Flow Logs, CloudWatch metrics and alarms, Transit Gateway Network Manager, and Reachability Analyzer.
- Build and maintain CloudWatch dashboards and alarms for network throughput, latency, NAT gateway utilization, VPN tunnel status, and Direct Connect metrics.
- Evaluate, deploy, and operationalize FOSS tools as replacements for commercial products where appropriate (e.g., Oxidized, NetBox)
- Contribute to Infrastructure as Code for network resources using automation; enforce configuration consistency across environments.
- Maintain comprehensive documentation for network topology, configurations, and operational runbooks; support PCI DSS and SOC 1 Type 2 audit evidence collection.
- Participate in on-call rotation and be available for after-hours work including unscheduled incidents.
- Travel to domestic data center and office locations as needed to support deployments or incidents.
Technical Expertise & Core Competencies
Required On-Premises
- 10+ years of hands-on enterprise networking experience in large-scale, multi-site environments.
- Expert-level Cisco routing and switching: IOS/NX-OS, BGP, OSPF, EIGRP, VLANs, STP, QoS.
- Enterprise firewall administration: Cisco ASA/FTD, pfSense, and Check Point. Rule management, segmentation strategy, and change control.
- F5 BIG-IP LTM/GTM: virtual servers, pools, iRules, traffic policies, and GTM topology records.
- Cloudflare: DNS management, WAF rulesets, and security policy administration.
- FireMon: policy analysis, rule review workflows, and access path validation.
- Deep understanding of TCP/IP, DNS, DHCP, routing/switching protocols, and secure remote access.
- Experience operating in PCI DSS compliant environments including control implementation and audit evidence collection.
Required AWS Networking & Security:
- VPC architecture: subnet design and CIDR planning, route tables, internet gateways, NAT gateways, and VPC endpoints.
- VPC connectivity: VPC Peering, Transit Gateway, and AWS PrivateLink for inter-VPC and cross-account routing.
- Hybrid connectivity: Site-to-Site VPN and Direct Connect configuration, BGP peering, and failover design.
- Security controls: Security Groups, Network ACLs, and VPC Flow Logs for traffic visibility and PCI segmentation enforcement.
- DNS: Route 53 private hosted zones, resolver endpoints, conditional forwarding rules, and health-check-based failover.
- Load balancing and exposure: Application Load Balancer (ALB), Network Load Balancer (NLB), and Elastic IP management.
- Monitoring and observability: CloudWatch metrics, alarms, dashboards; VPC Flow Logs analysis; Transit Gateway Network Manager.
- Security and compliance services: CloudTrail, GuardDuty, Security Hub, AWS Config, IAM policy review, and ACM.
- Multi-account governance: AWS Organizations, SCPs, and Control Tower network guardrails.
Preferred / Nice to Have
- Proxmox VE: VM/LXC provisioning, cluster management, and software-defined networking.
- Infrastructure as Code: Terraform or CloudFormation for network resource provisioning and drift detection.
- Experience deploying FOSS tools to replace commercial networking or monitoring products (e.g., Oxidized, NetBox).
- Azure networking: Azure Firewall, NSGs, and Azure DNS private zones.
- Zero-trust / overlay VPN concepts and implementation (e.g., Tailscale or Wireguard).
- AWS advanced networking: CloudFront distributions, WAF on ALB/CloudFront, PrivateLink endpoint services, Network Firewall.
- Scripting or automation: Python, Bash, or Ansible for network task automation.
- Vendor management: circuit provisioning, carrier escalations, and hardware lifecycle coordination.
Qualifications
- 10+ years of enterprise networking experience in complex, multi-site or global environments.
- Demonstrated hands-on proficiency with AWS networking and security services in production environments.
- Demonstrated ability to work independently and drive projects to completion without heavy oversight.
- Strong vendor management skills, able to coordinate service delivery and incident resolution with carriers, ISPs, and hardware vendors.
- Proven ability to document infrastructure for audits, incident response, and operational continuity.
- Willingness and ability to travel domestically as needed (valid driver’s license required).
- Available for on-call rotation and after-hours support windows.
Education & Certifications
Education
- Bachelor’s degree in Information Technology, Computer Science, or a related field, or equivalent professional experience.
Required Certifications
- Cisco CCNP (or higher) Enterprise, Data Center, or Security track.
Preferred Certifications
- AWS Certified Advanced Networking, Specialty (ANS-C01) or AWS Solutions Architect | Professional.
- AWS Certified Security, Specialty (SCS) is a strong differentiator given the compliance posture of this role.
- Microsoft Azure Network Engineer Associate or equivalent Azure networking certification.
- Check Point CCSE or equivalent firewall platform certification.
- CCIE (any track), F5 Certified BIG-IP Administrator, HashiCorp Terraform Associate, or other advanced certifications.
Originally posted on