About Vesta 

Vesta helps wireless providers make more money by improving a part of their business most don’t think about — payments. Vesta works with major names like AT&T, Rogers, Telcel, and Vodafone, helping them stop fraud, reduce failed transactions, and make sure more transactions are successful. For MNOs, MVNOs and prepaid carriers, this can mean fewer lost customers and more revenue — all without adding friction to the checkout experience. With over 100 million transactions processed every year in 40+ countries, Vesta helps wireless providers turn their payment systems into a competitive advantage.

The Opportunity 

Location: Remote US/Travel as needed

Reports To: Director of Infrastructure & Network Security 

Job Type: Full-time 

Position Summary

Vesta Corporation is seeking a Senior Network Engineer to lead the design, implementation, and ongoing operations of our global enterprise network. This is a senior individual-contributor role that operates at the intersection of complex multi-site networking, hybrid cloud infrastructure, and PCI compliance. The ideal candidate brings 10+ years of hands-on enterprise networking experience, deep familiarity with both commercial and open-source tooling, and the ability to drive infrastructure modernization initiatives with limited oversight.

Key Responsibilities

•     Design, implement, and maintain scalable, secure network infrastructure across data centers, remote sites, and cloud environments (AWS and Azure).

•     Architect and operate routing and switching infrastructure including BGP, NAT, VLANs, Spanning Tree, IPsec VPNs, PBR, and HSRP.

•     Manage and tune enterprise firewall platforms (Cisco, pfSense, Check Point) in alignment with PCI DSS segmentation and access control requirements.

•     Administer and optimize F5 BIG-IP LTM/GTM for application delivery, load balancing, and traffic steering across production environments.

•     Manage Cloudflare DNS, WAF, and network security policies for internet-facing properties.

•     Maintain network security policy management via FireMon; contribute to access path analysis and rule lifecycle management.

•     Evaluate, deploy, and operationalize free open-source software (FOSS) as replacements for commercial products where appropriate (e.g., network monitoring, IPAM, configuration backup).

•     Manage Proxmox-based virtualization as it relates to network-adjacent workloads and VM/LXC networking.

•     Coordinate with vendors and carriers to manage WAN circuits, resolve outages, and drive cost optimization.

•     Maintain comprehensive documentation for network topology, configurations, and operational runbooks; support PCI DSS and SOC 1 Type 2 audit evidence collection.

•     Participate in on-call rotation and be available for after-hours work including unscheduled incidents.

•     Travel to domestic data center and office locations as needed to support deployments or incidents.

Technical Expertise & Core Competencies

Required

•     10+ years of hands-on enterprise networking experience in large-scale, multi-site environments.

•     Expert-level Cisco routing and switching: IOS/NX-OS, BGP, OSPF, EIGRP, VLANs, STP.

•     Enterprise firewall administration: Cisco ASA/FTD, pfSense, and Check Point — rule management, segmentation strategy, and change control.

•     F5 BIG-IP LTM/GTM: virtual servers, pools, iRules, traffic policies, GTM topology records.

•     Cloudflare: DNS management, WAF rulesets, and security policy administration.

•     FireMon: policy analysis, rule review workflows, access path validation.

•     Deep understanding of TCP/IP, DNS, DHCP, routing/switching protocols, and secure remote access.

•     Experience operating in PCI DSS-compliant environments including control implementation and audit evidence collection.

•     Strong troubleshooting capabilities with the ability to resolve complex outages under time pressure.

Preferred / Nice to Have

•     Proxmox VE: VM/LXC provisioning, cluster management, and software-defined networking.

•     Experience deploying FOSS tools to replace commercial networking or monitoring products (e.g., Oxidized, NetBox, or similar).

•     Hybrid cloud networking: AWS Direct Connect, Azure ExpressRoute, site-to-site VPN, cloud-native security groups.

•     Zero-trust / overlay VPN concepts and implementation (e.g., Tailscale or equivalent).

•     Structured cabling standards, rack design, and power management in physical data center environments.

•     Vendor management: circuit provisioning, carrier escalations, hardware lifecycle coordination.

Qualifications

•     10+ years of enterprise networking experience in complex, multi-site or global environments.

•     Demonstrated ability to work independently and drive projects to completion without heavy oversight.

•     Strong vendor management skills — able to coordinate service delivery and incident resolution with carriers, ISPs, and hardware vendors.

•     Proven ability to document infrastructure for audits, incident response, and operational continuity.

•     Willingness and ability to travel domestically as needed (estimated low frequency; valid driver’s license required).

•     Available for on-call rotation and after-hours support windows.

Education & Certifications

Education

•     Bachelor’s degree in Information Technology, Computer Science, or a related field, or equivalent professional experience.

 Preferred Certifications

•     AWS Certified Advanced Networking Specialty, AWS Solutions Architect, or equivalent.

•     Microsoft Azure Network Engineer Associate or equivalent Azure networking certification.

•     Cisco CCNP (or higher) — Enterprise, Data Center, or Security track.

•     Check Point CCSE or equivalent firewall platform certification.

•     CCIE (any track), F5 Certified BIG-IP Administrator, or other advanced certifications are a strong differentiator.