5+ years hands on experience designing and operating hybrid cloud environments with on-prem integration in a large-scale enterprise or service provider networks.
Solid hands-on knowledge of EKS and GKE networking: CNI models, pod/node CIDR and IP address planning, load balancers and Ingress, private/public clusters, control plane access, and troubleshooting cluster connectivity to on prem and across clouds.
Strong expertise in MPLS L3VPNs, BGP (eBGP/iBGP), route policy, and traffic engineering.
Deep knowledge of IPSec and DMVPN/FlexVPN, GRE, and site-to-site VPN.
Own hybrid connectivity: Design, implement, perform capacity-planning and evolve AWS Direct Connect, GCP Dedicated/Partner Interconnect, Cloud Router/BGP, and IPSec/HA VPN for multi region, multi VPC/VPC hub and spoke topologies.
Proof-Of-Concepts: Carry out proof-of-concepts (PoCs) to validate new greenfield solutions/design options.
Integrate with on prem MPLS (L3VPN): route design, import/export policies, VRFs, inter-AS options, and traffic engineering to DCs and sites.
BGP Routing policy & control: eBGP/iBGP best path, communities, MED, local pref, AS path policy; graceful failover between Interconnect, VPNv4/VPNv6; BFD where applicable.
Encrypted overlays & tunnels: Architect IPSec (IKEv2), DMVPN/FlexVPN, GRE for intra cloud and hybrid use-cases; handle overlapping IP with NAT strategies.
Reliability & performance: High-availability designs, multi-region DR, ECMP, QoS and capacity planning; minimise egress costs and hair pinning.
Troubleshooting authority: Lead deep dive analysis across TCP/IP, DNS, HTTP/TLS, and app flows using flow logs, packet captures (tcpdump/Wireshark), and cloud monitoring tools.
Security & segmentation: Work with security architecture team to align designs with zero-trust least-privilege principals, security groups/NACLs/firewall policies, centralised inspection via GWLB/GWLBE or PSC, and DNS egress controls.
HashiCorp Vault. OIDC with Keycloak.
Experience with Catalyst 8000v/IOS-XE, or Cisco Nexus/NXOS, ACI (or equivalent)
Observability: CloudWatch/Cloud Logging and Monitoring, VPC Flow Logs analytics, NetFlow/sFlow or similar.
Scripting/automation: Terraform or any IaC equivalent. Python/Bash, Ansible.
Exposure to security controls (cloud firewalls, IDS/IPS) and zerotrust network design.
