Vesta.io Careers

Senior Network Engineer

About Vesta 


Vesta helps wireless providers make more money by improving a part of their business most don’t think about — payments. Vesta works with major names like AT&T, Rogers, Telcel, and Vodafone, helping them stop fraud, reduce failed transactions, and make sure more transactions are successful. For MNOs, MVNOs and prepaid carriers, this can mean fewer lost customers and more revenue — all without adding friction to the checkout experience. With over 100 million transactions processed every year in 40+ countries, Vesta helps wireless providers turn their payment systems into a competitive advantage.


Position Summary

Vesta Corporation is seeking a Senior Network Engineer to lead the design, implementation, and ongoing operations of our global enterprise network. This is a senior individual-contributor role operating at the intersection of complex multi-site networking, hybrid cloud infrastructure, and PCI compliance. The ideal candidate brings 10+ years of hands-on enterprise networking experience, deep fluency with AWS network architecture and security services, strong familiarity with both commercial and open-source tooling, and the ability to drive infrastructure modernization initiatives with limited oversight.

Key Responsibilities

On-Premises & Hybrid Network Infrastructure

     Design, implement, and maintain scalable, secure network infrastructure across data centers, remote sites, and AWS/Azure cloud environments.

     Architect and operate routing and switching infrastructure including BGP, NAT, VLANs, Spanning Tree, IPsec VPNs and HSRP.

     Manage and tune enterprise firewall platforms (Cisco, pfSense, Check Point) in alignment with PCI DSS segmentation and access control requirements.

     Administer and optimize F5 BIG-IP LTM/GTM for application delivery, load balancing, and traffic steering across production environments.

     Manage Cloudflare DNS, WAF, and network security policies for internet-facing properties.

     Maintain network security policy management via FireMon; contribute to access path analysis and rule lifecycle management.

     Manage Proxmox-based virtualization as it relates to network-adjacent workloads and VM/LXC networking.

     Coordinate with vendors and carriers to manage WAN circuits, resolve outages, and drive cost optimization.

 

AWS Network Design & Operations

     Design, deploy, and maintain AWS Virtual Private Clouds (VPCs) including subnet design, CIDR allocation, route tables, internet gateways, and NAT gateways across multi-account and multi-region environments.

     Architect and manage VPC-to-VPC connectivity via VPC Peering, AWS Transit Gateway, and PrivateLink to support secure, scalable inter-service communication.

     Configure and maintain AWS Site-to-Site VPN and Direct Connect circuits for hybrid connectivity between on-premises data centers and AWS environments.

     Design and enforce AWS Security Group and Network ACL policies as network-layer access controls, aligned with PCI DSS segmentation requirements.

     Manage DNS architecture within AWS using Route 53 for private hosted zones, resolver endpoints, conditional forwarding, and DNS failover across hybrid environments.

     Configure and manage AWS NAT Gateways, Elastic IPs, and Elastic Load Balancers (ALB/NLB) for workload exposure and traffic routing.

     Maintain AWS network connectivity for partner data and compute workloads migrated into cloud environments, including GDPR and data sovereignty considerations.

 

AWS Security & Compliance

     Implement and maintain AWS security controls at the network layer including Security Groups, NACLs, VPC Flow Logs, and WAF rulesets on CloudFront and ALB.

     Enable and manage AWS CloudTrail across accounts to ensure comprehensive API activity logging; integrate with centralized SIEM for alerting and audit evidence.

     Configure and maintain AWS GuardDuty for threat detection; triage findings and drive remediation in coordination with the security team.

     Manage AWS Security Hub to aggregate and prioritize findings from GuardDuty, Inspector, Macie, and third-party integrations; produce compliance posture reports for PCI DSS and SOC 1 Type 2 audits.

     Administer AWS IAM policies, roles, and permission boundaries as they relate to network resource access; enforce least-privilege principles across VPC, Direct Connect, and Transit Gateway configurations.

     Use AWS Config rules and AWS Organizations SCPs to enforce network security standards and detect drift across multi-account environments.

 

Monitoring, Observability & Automation

     Monitor AWS network health using VPC Flow Logs, CloudWatch metrics and alarms, Transit Gateway Network Manager, and Reachability Analyzer.

     Build and maintain CloudWatch dashboards and alarms for network throughput, latency, NAT gateway utilization, VPN tunnel status, and Direct Connect metrics.

     Evaluate, deploy, and operationalize FOSS tools as replacements for commercial products where appropriate (e.g., Oxidized, NetBox)

     Contribute to Infrastructure as Code for network resources using automation; enforce configuration consistency across environments.

     Maintain comprehensive documentation for network topology, configurations, and operational runbooks; support PCI DSS and SOC 1 Type 2 audit evidence collection.

     Participate in on-call rotation and be available for after-hours work including unscheduled incidents.

     Travel to domestic data center and office locations as needed to support deployments or incidents.

 

Technical Expertise & Core Competencies

Required On-Premises

     10+ years of hands-on enterprise networking experience in large-scale, multi-site environments.

     Expert-level Cisco routing and switching: IOS/NX-OS, BGP, OSPF, EIGRP, VLANs, STP, QoS.

     Enterprise firewall administration: Cisco ASA/FTD, pfSense, and Check Point. Rule management, segmentation strategy, and change control.

     F5 BIG-IP LTM/GTM: virtual servers, pools, iRules, traffic policies, and GTM topology records.

     Cloudflare: DNS management, WAF rulesets, and security policy administration.

     FireMon: policy analysis, rule review workflows, and access path validation.

     Deep understanding of TCP/IP, DNS, DHCP, routing/switching protocols, and secure remote access.

     Experience operating in PCI DSS compliant environments including control implementation and audit evidence collection.

 

Required AWS Networking & Security:

     VPC architecture: subnet design and CIDR planning, route tables, internet gateways, NAT gateways, and VPC endpoints.

     VPC connectivity: VPC Peering, Transit Gateway, and AWS PrivateLink for inter-VPC and cross-account routing.

     Hybrid connectivity: Site-to-Site VPN and Direct Connect configuration, BGP peering, and failover design.

     Security controls: Security Groups, Network ACLs, and VPC Flow Logs for traffic visibility and PCI segmentation enforcement.

     DNS: Route 53 private hosted zones, resolver endpoints, conditional forwarding rules, and health-check-based failover.

     Load balancing and exposure: Application Load Balancer (ALB), Network Load Balancer (NLB), and Elastic IP management.

     Monitoring and observability: CloudWatch metrics, alarms, dashboards; VPC Flow Logs analysis; Transit Gateway Network Manager.

     Security and compliance services: CloudTrail, GuardDuty, Security Hub, AWS Config, IAM policy review, and ACM.

     Multi-account governance: AWS Organizations, SCPs, and Control Tower network guardrails.

 

Preferred / Nice to Have

     Proxmox VE: VM/LXC provisioning, cluster management, and software-defined networking.

     Infrastructure as Code: Terraform or CloudFormation for network resource provisioning and drift detection.

     Experience deploying FOSS tools to replace commercial networking or monitoring products (e.g., Oxidized, NetBox).

     Azure networking: Azure Firewall, NSGs, and Azure DNS private zones.

     Zero-trust / overlay VPN concepts and implementation (e.g., Tailscale or Wireguard).

     AWS advanced networking: CloudFront distributions, WAF on ALB/CloudFront, PrivateLink endpoint services, Network Firewall.

     Scripting or automation: Python, Bash, or Ansible for network task automation.

     Vendor management: circuit provisioning, carrier escalations, and hardware lifecycle coordination.


 

Qualifications

     10+ years of enterprise networking experience in complex, multi-site or global environments.

     Demonstrated hands-on proficiency with AWS networking and security services in production environments.

     Demonstrated ability to work independently and drive projects to completion without heavy oversight.

     Strong vendor management skills, able to coordinate service delivery and incident resolution with carriers, ISPs, and hardware vendors.

     Proven ability to document infrastructure for audits, incident response, and operational continuity.

     Willingness and ability to travel domestically as needed (valid driver’s license required).

     Available for on-call rotation and after-hours support windows.

 

Education & Certifications

Education

     Bachelor’s degree in Information Technology, Computer Science, or a related field, or equivalent professional experience.

 

Required Certifications

     Cisco CCNP (or higher) Enterprise, Data Center, or Security track.

 

Preferred Certifications

     AWS Certified Advanced Networking, Specialty (ANS-C01) or AWS Solutions Architect | Professional.

     AWS Certified Security, Specialty (SCS) is a strong differentiator given the compliance posture of this role.

     Microsoft Azure Network Engineer Associate or equivalent Azure networking certification.

     Check Point CCSE or equivalent firewall platform certification.

     CCIE (any track), F5 Certified BIG-IP Administrator, HashiCorp Terraform Associate, or other advanced certifications.

Tech Operations

Remote (Atlanta, Georgia, US)

Share on:

Terms of servicePrivacyCookiesPowered by Rippling