Senior Cloud Network Engineer (remote-only, worldwide remote)

CloudLinux and TuxCare build Linux, security, and enterprise infrastructure products used by hosting providers, software vendors, and engineering teams around the world. The Infrastructure team runs the platforms behind that work: data centers, public cloud providers, OpenNebula, Kubernetes/Talos, Ceph, CI/CD, observability, identity and access systems, and internal services.

We are hiring a hands-on Senior Cloud Network Engineer to own and evolve the network layer of our hybrid infrastructure. This is an engineering role with real architecture ownership: you will design, implement, monitor, document, automate, secure, and troubleshoot production networking across data centers, cloud regions, Kubernetes/Talos clusters, OpenNebula environments, and bare metal.

This is a technical ownership role. It is not a diagrams-only architecture position, and it is not a people-management role. You will define technical solutions, ship production changes, verify behavior, support incidents, and leave behind the runbooks, diagrams, and automation that make the next change safer.

How We Work:

We are a remote-first Infrastructure team organized into small senior cells. You will work with one existing network engineer, core infrastructure engineers, and adjacent Infrastructure teams. Networking is a high-impact shared dependency, so we value calm incident work and automation that reduces repeat pressure. The value of this role is turning complex demand into reliable systems, clear ownership, safer changes, and observable operations.

This role is a strong fit if you enjoy moving between architecture, packet captures, production configuration, monitoring, runbooks, rollback plans, and failure drills. You should want real ownership of cross-DC, on-prem, private cloud, and public/provider infrastructure.

It is probably not the right fit if you are looking for a pure architecture role, a large dedicated network team, only planned project work, no incident participation, or manual CLI-only changes without documentation, review, automation, and validation.

What You Will Own:

• Design and operate reliable cross-DC and hybrid connectivity across IPsec, BGP, routing policy, firewalling, DNS, Cloudflare, provider networking, and cloud connectivity.
• Build highly available network paths across data centers, public cloud providers, OpenNebula, Kubernetes/Talos, and bare-metal infrastructure.
• Own network changes end to end: design, risk assessment, peer review, rollout, monitoring, validation, rollback, and post-change notes.
• Replace fragile manual patterns with documented, observable, repeatable services using Git review, automation, scripts, source-of-truth data, and monitoring.
• Debug and resolve production incidents involving Linux networking, BIRD/FRR, strongSwan, Juniper JunOS, firewalls, Cloudflare, DNS, MTU/MSS, asymmetric routing, NAT/conntrack, packet loss, Kubernetes CNI behavior, and provider constraints.
• Maintain architecture documents, topology diagrams, HLD/LLD specs, runbooks, disaster recovery procedures, configuration snapshots, IPAM/source-of-truth data, and operational handoff material.
• Work closely with IaaS, SRE/Observability, Security, Automation/Data, Platform, Service Delivery, and product teams.

What Success Looks Like:

• Critical cross-DC and provider network paths are easier to understand, monitor, change, and recover.
• Manual or one-off network changes are reduced through documented workflows, automation, review, and validation.
• Network observability improves: alert quality, synthetic checks, flow or telemetry data, and practical SLO thinking become part of normal operations.
• IPAM, routing intent, firewall rule lifecycle, and ownership data are clearer in the source of truth.
• Incidents and maintenance windows have calm execution, clear communication, and useful follow-up notes.

Requirements

What You Bring:

• Senior production networking experience in environments where availability matters.

• Strong BGP and routing fundamentals: prefix filtering, communities, route policy, failover, BFD or similar mechanisms, asymmetric routing, traffic steering, and debugging.
• Strong IPsec, VPN, and site-to-site connectivity experience, ideally with strongSwan or similar tooling.
• Deep Linux networking knowledge: iproute2, tcpdump, nftables/iptables, conntrack, system networking, DNS behavior, NIC/offload basics, and MTU/MSS troubleshooting.
• Datacenter networking fundamentals: VLANs, LACP, switching, firewalls, optics/cabling awareness, maintenance windows, and backup/recovery practices.
• Cloud and provider networking experience: VPC/VNet-style networks, CIDR planning, route tables, security groups/NACLs/firewalls, NAT/egress, VPN, load balancers, DNS, and provider limitations.
• Kubernetes networking fundamentals: CNI, Services, Ingress, NetworkPolicy, node/pod/service paths, egress control, DNS, load balancing, and packet-level troubleshooting.
• Network observability and performance mindset: telemetry, flow logs, synthetic checks, bandwidth and latency analysis, packet loss, jitter, saturation, and provider or appliance limits.
• Network security operations: segmentation, firewall rule lifecycle, least privilege, AAA concepts, secrets handling, and safe maintenance-window discipline.
• Comfort with infrastructure automation using scripting, APIs, Ansible, Terraform/OpenTofu, Git-based reviews, repeatable rollouts, and configuration validation.
• Clear written communication in remote and asynchronous teams: change plans, incident updates, runbooks, risk statements, rollback plans, and owner/date commitments.
• Sound judgment under uncertainty: you can make bounded decisions, but you verify production impact and blast radius before acting.

Nice to Have:

These capabilities are beneficial but not mandatory for every candidate.

• Juniper JunOS, QFX/EX/SRX platforms, EVPN/VXLAN, MLAG/MC-LAG, ECMP, or leaf-spine network topologies.
• BIRD/FRR, anycast routing, RPKI/ROA/ROV validation, IRR, bogon filtering, route-leak mitigation, or public BGP routing operations.
• Network automation and documentation platforms such as NetBox/Nautobot, Oxidized, GitLab CI/CD, Batfish, containerlab, pyATS, NAPALM, or SuzieQ.
• Hetzner, Cloudflare Zero Trust/DNS/LB/WAF, AWS Transit Gateway, Direct Connect concepts, PrivateLink/VPC endpoints, or Route 53.
• Cilium, Calico, MetalLB, Gateway API, service mesh concepts, OpenNebula networking, Ceph/storage networking, IPv6/dual-stack, DDoS-aware design, SLOs, postmortems, or safe firewall governance.

Benefits

What's in it for you?

• A focus on professional development.
• Interesting and challenging projects.
• Fully remote work with flexible working hours, that allows you to schedule your day and work from any location worldwide.
• Paid 24 days of vacation per year, 10 days of national holidays, and unlimited sick leaves.
• Compensation for private medical insurance.
• Co-working and gym/sports reimbursement.
• Budget for education.
• The opportunity to receive a reward for the most innovative idea that the company can patent.

By applying for this position, you consent to the processing of your personal data as described in our Privacy Policy (https://cloudlinux.com/candidate-privacy-notice ), which provides detailed information on how we maintain and handle your data.