Senior Cloud Network Engineer

Philip Morris International
16, October 2025
Redes e infra-estruturas
Tempo inteiro

Descrição do trabalho

Be a part of a revolutionary change - find your future in our future

At PMI, we’ve chosen to do something incredible. We’re transforming our business and building our future with one clear purpose – to deliver a smoke-free future. We're disrupting our company from the inside out. Our transformation is redefining every area of our business. From where and how we make and sell our products, to how we engage our consumers and society.

To support this vision, PMI is evolving into a science and technology-based, consumer-facing, multi-category company, and Information Technology (IT) is a vital partner in helping to lead the way. As we accelerate PMI's vision, we get to dream big too.

With unique and transformative IT projects matching all levels of skill and ambition, we've taken on the spirit of a start-up, with the freedom to craft and define our digital future, but with the support and scope of a vast global business

Role Overview

Join our team in PMI as a Senior Cloud Network Engineer, where you’ll lead the design and implementation of secure, scalable, and highly available cloud networking solutions across AWS and hybrid environments. This role is pivotal to evolving our Landing Zone architecture and integrating future-proof and secure network connectivity.

You’ll work at the intersection of network engineering, security, and automation, contributing to strategic initiatives that enhance compliance with PMI Infosec policies and support the modernization of our cloud footprint. Your expertise will directly influence how we build resilient, policy-driven network architectures that support mission-critical workloads.

Key Responsibilities

  • Architecture & Design
  • Architect multi-region, multi-account AWS network topologies using VPCs, Transit Gateways, Cloud WAN, and Direct Connect.
  • Design Secure Zero Trust hybrid connectivity between on-premises and cloud environments using VPN, eBGP, ECMP, and high-availability routing strategies.
  • Define and enforce segmentation policies leveraging Cloud WAN segments, policy-based routing, and service insertion models.
  • Lead the evolution of Landing Zones to support scalable onboarding, compliance, and operational excellence.
  • Security & Compliance
  • Integrate Prisma Access (SPNs, CANs) for secure remote access, traffic inspection, and policy enforcement.
  • Ensure all network designs and routing patterns comply with PMI Infosec policies, AWS Foundational Security Best Practices, and CIS benchmarks.
  • Collaborate with InfoSec to isolate sensitive traffic, enforce least privilege access, and support zero-trust network principles.
  • Automation & Operations
  • Automate network provisioning and configuration using Terraform, CloudFormation, and Python-based tooling.
  • Monitor, analyze, and optimize network performance using CloudWatch and other monitoring tools
  • Implement route filtering, prefix-list controls, and dynamic routing policies to prevent route leaks and ensure deterministic traffic flows.
  • Collaboration & Leadership
  • Partner with platform, security, and application teams to align network architecture with business and compliance goals.
  • Lead design reviews, provide technical mentorship, and contribute to knowledge-sharing across engineering teams.
  • Influence roadmap planning for PMI Network initiatives such as secure access between different corporate networks, Onboarding of different VPC types, Cross-Region Traffic Flow and TGW upgrades.
  • Required Qualifications
  • 6+ years of experience in cloud networking, with deep hands-on expertise in AWS.
  • Proven experience with:
  • AWS VPC, Transit Gateway, Cloud WAN, Route 53, Direct Connect
  • Prisma Access (GlobalProtect, SPNs, CANs)
  • Routing protocols: BGP, CMP
  • Infrastructure as Code: Terraform, CloudFormation
  • Security: AWS Network Firewall, WAF, IAM, VPN encryption standards
  • Proficiency in Python for automation and tooling.
  • Strong understanding of hybrid cloud models and segmentation strategies.
  • Excellent communication skills in English, with the ability to articulate complex technical concepts to diverse audiences.
  • Preferred Qualifications
  • Familiarity with TGW, Cloud WAN policy-based routing, and service insertion.
  • Background in regulated environments with strong compliance requirements.
  • Familiarity with Service mesh projects such as Istio and Linkerd
  • Relevant certifications such as AWS Advanced Networking, Palo Alto Networks (PCNSE), or equivalent

Ultimately, personality means more to us than skills. If you have the passion and mindset, we’d urge you to apply: we will help you develop the skills.

WHY SHOULD YOU JOIN US?

    <
Voltar para homepage