Senior Cloud Network Engineer (remote-only, worldwide remote)

CloudLinux and TuxCare build Linux, security, and enterprise infrastructure products used by hosting providers, software vendors, and engineering teams around the world. The Infrastructure team runs the platforms behind that work: data centers, public cloud providers, OpenNebula, Kubernetes/Talos, Ceph, CI/CD, observability, identity and access systems, and internal services.

• Senior production networking experience in environments where availability matters.
• Strong BGP and routing fundamentals: prefix filtering, communities, route policy, failover, BFD or similar mechanisms, asymmetric routing, traffic steering, and debugging.
• Strong IPsec, VPN, and site-to-site connectivity experience, ideally with strongSwan or similar tooling.
• Deep Linux networking knowledge: iproute2, tcpdump, nftables/iptables, conntrack, system networking, DNS behavior, NIC/offload basics, and MTU/MSS troubleshooting.
• Datacenter networking fundamentals: VLANs, LACP, switching, firewalls, optics/cabling awareness, maintenance windows, and backup/recovery practices.
• Cloud and provider networking experience: VPC/VNet-style networks, CIDR planning, route tables, security groups/NACLs/firewalls, NAT/egress, VPN, load balancers, DNS, and provider limitations.
• Kubernetes networking fundamentals: CNI, Services, Ingress, NetworkPolicy, node/pod/service paths, egress control, DNS, load balancing, and packet-level troubleshooting.
• Network observability and performance mindset: telemetry, flow logs, synthetic checks, bandwidth and latency analysis, packet loss, jitter, saturation, and provider or appliance limits.
• Network security operations: segmentation, firewall rule lifecycle, least privilege, AAA concepts, secrets handling, and safe maintenance-window discipline.
• Comfort with infrastructure automation using scripting, APIs, Ansible, Terraform/OpenTofu, Git-based reviews, repeatable rollouts, and configuration validation.
• Clear written communication in remote and asynchronous teams: change plans, incident updates, runbooks, risk statements, rollback plans, and owner/date commitments.
• Sound judgment under uncertainty: ability to make bounded decisions and verify production impact and blast radius before acting.

Nice to Have:

• Juniper JunOS, QFX/EX/SRX platforms, EVPN/VXLAN, MLAG/MC-LAG, ECMP, or leaf-spine network topologies.
• BIRD/FRR, anycast routing, RPKI/ROA/ROV validation, IRR, bogon filtering, route-leak mitigation, or public BGP routing operations.
• Network automation and documentation platforms such as NetBox/Nautobot, Oxidized, GitLab CI/CD, Batfish, containerlab, pyATS, NAPALM, or SuzieQ.
• Hetzner, Cloudflare Zero Trust/DNS/LB/WAF, AWS Transit Gateway, Direct Connect concepts, PrivateLink/VPC endpoints, or Route 53.
• Cilium, Calico, MetalLB, Gateway API, service mesh concepts, OpenNebula networking, Ceph/storage networking, IPv6/dual-stack, DDoS-aware design, SLOs, postmortems, or safe firewall governance.

• Design and operate reliable cross-DC and hybrid connectivity across IPsec, BGP, routing policy, firewalling, DNS, Cloudflare, provider networking, and cloud connectivity.
• Build highly available network paths across data centers, public cloud providers, OpenNebula, Kubernetes/Talos, and bare-metal infrastructure.
• Own network changes end to end: design, risk assessment, peer review, rollout, monitoring, validation, rollback, and post-change notes.
• Replace fragile manual patterns with documented, observable, repeatable services using Git review, automation, scripts, source-of-truth data, and monitoring.
• Debug and resolve production incidents involving Linux networking, BIRD/FRR, strongSwan, Juniper JunOS, firewalls, Cloudflare, DNS, MTU/MSS, asymmetric routing, NAT/conntrack, packet loss, Kubernetes CNI behavior, and provider constraints.
• Maintain architecture documents, topology diagrams, HLD/LLD specs, runbooks, disaster recovery procedures, configuration snapshots, IPAM/source-of-truth data, and operational handoff material.
• Work closely with IaaS, SRE/Observability, Security, Automation/Data, Platform, Service Delivery, and product teams.