Senior NetDevOps Engineer

We are an AI-native data and technology partner for private capital and healthcare, founded in 2010 and headquartered in Warsaw. We work with leading PE firms, VC funds, and healthcare organizations to build proprietary data infrastructure, deploy AI solutions, and drive AI-native transformation. Our clients manage a cumulative $1.2T+ in assets, and our average engagement runs five years.

• Deep hands-on experience with AWS VPC fundamentals including subnets, route tables, security groups, NAT/Internet gateways, Transit Gateway, and PrivateLink.
• Production experience with AWS CloudWAN, including core network policy documents, segments, tag-based routing, and multi-region/multi-account topologies.
• Experience with AWS Network Firewall, including stateful and stateless rule groups and centralized policy management.
• Operational experience with Palo Alto NGFW and Gateway Load Balancer insertion model.
• Experience with Palo Alto Prisma SD-WAN deployments and Cloud WAN tunnelless attachment mode.
• Knowledge of Direct Connect, BGP routing, failover design, and monitoring for high availability.
• Experience managing Route 53, inbound resolvers, hybrid DNS with Active Directory, and hosted zone management.
• Proficiency in Terraform at scale, including module design, state management, workspace patterns, remote backends, and versioning.
• Ability to analyze VPC Flow Logs in S3 using Athena, Python/pandas, or equivalent to translate traffic patterns into firewall rule changes.
• Familiarity with CI/CD pipelines for infrastructure, including plan/apply automation, drift detection, and policy-as-code tools.
• Comfortable working across DevOps and traditional Networking disciplines.
• Experience with multi-account AWS environments and network security governance.
• Change management discipline for operating centralized firewall programs.

Nice to have:

• AWS certifications such as Advanced Networking Specialty or Solutions Architect Professional.
• Experience with AWS Control Tower or Landing Zone Accelerator.
• Exposure to ZScaler client access integration.
• Familiarity with GitOps workflows like Atlantis or ArgoCD.
• Background in financial services or regulated industries with compliance requirements.
• Exposure to VPC Lattice and its maturity trajectory.

• Drive the active Transit Gateway to AWS CloudWAN migration, including phased TGW decommission.
• Lead the centralized firewall program replacing the NACL model, analyzing VPC Flow Logs to derive firewall rules and managing change control.
• Operate and evolve a hybrid firewall architecture using AWS Network Firewall and Palo Alto NGFW via Gateway Load Balancers.
• Manage and extend Palo Alto Prisma SD-WAN deployments at sites and in cloud.
• Build and maintain a Terraform module library for network provisioning consumed across the organization.
• Own IP address management via AWS IPAM at scale, maintaining hygiene and supporting account vending workflows.
• Manage DNS infrastructure including Route 53 and inbound resolvers to Active Directory, participating in migration to public hosted zones.
• Operate Direct Connect from NY with failover, understanding BGP, failover paths, and monitoring.
• Act as the primary technical bridge between Platform Engineering and Networking, translating routing requirements, security standards, and network architecture into infrastructure as code.

Informujemy, że administratorem danych jest Sunscrapers Sp. z o. o. z siedzibą w Warszawie, ul. Tadeusza Czackiego 15/17. Masz prawo do żądania dostępu do swoich danych osobowych, ich sprostowania, usunięcia lub ograniczenia przetwarzania, prawo do wniesienia sprzeciwu wobec przetwarzania, a także prawo do przenoszenia danych oraz wniesienia skargi do organu nadzorczego. Dane osobowe przetwarzane będą w celu realizacji procesu rekrutacji. Podanie danych obowiązkowych jest wymagane. Administrator przetwarza dane na podstawie obowiązku prawnego oraz zgody. Dane będą przetwarzane do zakończenia rekrutacji i przez okres możliwości dochodzenia roszczeń. Zgoda na przetwarzanie danych może zostać wycofana w dowolnym momencie. Odbiorcą danych jest serwis Just Join IT oraz inne podmioty powiązane z rekrutacją.

Mając na względzie wymóg wynikający z art. 24 ust. 6 Ustawy o ochronie sygnalistów z dnia 14 czerwca 2024 r., informujemy o obowiązującej procedurze zgłoszeń wewnętrznych w SUNSCRAPERS Sp. z o.o.