Networking Engineer Jobs in California (NOW HIRING)

Position Summary

We are seeking an experienced IT Networking Engineer to design, deploy, operate, and secure our global hybrid network environment. This role spans our corporate offices across the US (Santa Clara), China (Shanghai and Xi'an), and Europe (Germany and Romania), our collocated data-center at Telx, and our production and development environments in AWS. The network engineer will also own the network-security posture and the integration of two-factor authentication (2FA) with GM backend.

The ideal candidate is equally comfortable racking switches in a colo cage, troubleshooting BGP at 2 a.m., writing Terraform for AWS VPCs, coordinating with regional IT contacts across three continents, and tightening firewall rules to satisfy auditors.

Key Responsibilities

Corporate Network

• Design, deploy, and maintain corporate LAN, WLAN, and WAN - including switches, routers, wireless controllers, access points, and SD-WAN appliances.
• Manage office connectivity (ISP circuits, MPLS/SD-WAN, site-to-site VPNs) across all corporate locations.
• Administer DNS, DHCP, IPAM, NTP, and 802.1X/NAC for wired and wireless access.
• Support end-user connectivity issues escalated from the Help Desk and drive root-cause resolution.
• Plan capacity, lifecycle, and refresh cycles for corporate networking hardware.

Global Offices Networking

• US - Santa Clara (HQ): Operate the headquarters network as the global hub; maintain primary internet circuits, core/distribution switching, enterprise Wi-Fi, video-conferencing infrastructure, and the on-prem services that serve all regions.
• China - Shanghai & Xi'an: Engineer reliable connectivity into and out of mainland China, accounting for cross-border latency, the Great Firewall, and regional ISP behavior. Maintain compliant site-to-site VPN / SD-WAN links to HQ and to AWS regions used by China teams, and partner with local carriers and ICP-licensed providers as required.
• Europe - Germany & Romania: Operate office networks in compliance with GDPR and EU data-handling requirements. Maintain redundant WAN links to HQ and to the Telx data-center, and ensure consistent identity, Wi-Fi, and security policies across both sites.
• Establish a consistent global standard for switching, Wi-Fi, firewalls, and remote access across all offices, while allowing for region-specific carriers and regulatory constraints.
• Coordinate with regional IT contacts, MSPs, and on-site smart-hands for installations, moves/adds/changes, and incident response across multiple time zones.
• Optimize WAN performance for collaboration tools (Zoom, Teams, VoIP), code repositories, and engineering build/test traffic between regions.
• Maintain regional documentation, circuit inventories, vendor contacts, and escalation paths for every site.
• Participate in a follow-the-sun on-call model so that global users receive timely support regardless of region.

Data-Center (Telx Colocation)

• Own the physical and logical network at our Telx data-center, including top-of-rack and core/aggregation switching, routing, load balancers, and out-of-band management.
• Manage cross-connects, carrier circuits, and peering relationships at Telx; coordinate smart-hands work with the facility.
• Operate and tune dynamic routing (BGP, OSPF), VLANs/VXLAN, MLAG/stacking, and QoS.
• Maintain hybrid connectivity between the Telx data-center and AWS via AWS Direct Connect, IPsec VPNs, and Transit Gateway.
• Ensure environmental, power, and rack-level documentation is current; participate in DR and failover testing.

AWS Production & Development Networking

• Architect and operate AWS network constructs: VPCs, subnets, route tables, NAT/IGW, Transit Gateway, Direct Connect, VPC Peering, PrivateLink, Route 53, ELB/ALB/NLB, CloudFront, Global Accelerator.
• Segment and isolate production, staging, and development environments using a multi-account / Transit Gateway strategy.
• Codify network infrastructure with Terraform (or CloudFormation/CDK); enforce changes through CI/CD with peer review.
• Monitor performance and cost of network components; tune for latency, throughput, and spend.
• Partner with DevOps/SRE teams on service connectivity, Kubernetes/EKS networking (CNI, ingress, service mesh), and observability.

Network Security

• Design and enforce a defense-in-depth network security posture: next-gen firewalls, IDS/IPS, web filtering, DDoS protection (AWS Shield / WAF), and micro-segmentation.
• Manage perimeter, internal, and cloud security groups, NACLs, and firewall rule lifecycles with formal change control.
• Implement and maintain zero-trust principles for remote access (ZTNA / SASE), site-to-site, and admin access (jump hosts, bastion, SSM Session Manager).
• Maintain TLS/PKI for internal services, certificate lifecycle automation, and secrets handling for network devices.
• Support compliance efforts (SOC 2, PCI-DSS, ISO 27001, GDPR, and applicable China data-protection requirements) - including evidence collection, vulnerability remediation, and audit response.
• Lead incident response for network-related security events and conduct post-incident reviews.

Authentication & GM Backend Integration

• Own the two-factor authentication (2FA/MFA) integration between network access systems (VPN, admin consoles, Wi-Fi, jump hosts, AWS SSO) with GM backend authentication service.
• Configure RADIUS/TACACS+, SAML, and OIDC flows that delegate authentication and MFA challenges to the GM backend.
• Maintain device-trust, conditional access, and step-up authentication policies for all global offices.
• Work with the Identity team on user/group provisioning, role-based access control (RBAC), and break-glass procedures.
• Monitor authentication telemetry for anomalies and integrate logs into the SIEM.

Monitoring, Automation & Operations

• Build and maintain monitoring, alerting, and dashboards (e.g., SNMP, NetFlow/sFlow, syslog, Prometheus, Grafana, Datadog, CloudWatch, ELK).
• Automate repetitive tasks with Python, Ansible, or Terraform; reduce manual change windows.
• Participate in a global on-call rotation for Sev-1/Sev-2 network incidents; deliver clear RCAs and remediation plans.
• Produce and maintain accurate network documentation, diagrams (Visio/Lucid/Draw.io), and runbooks for every site and environment.

Required Qualifications

• Bachelor's degree in Computer Science, Information Technology, or equivalent practical experience.
• 5+ years of hands-on enterprise networking experience across corporate, data-center, and cloud environments.
• Strong knowledge of TCP/IP, BGP, OSPF, VLAN, VXLAN, MPLS, QoS, multicast, and IPv6.
• Proficiency with at least one major vendor stack (Cisco, Arista, Juniper, Palo Alto, Fortinet, F5).
• Production experience with AWS networking (VPC, Transit Gateway, Direct Connect, Route 53, ELB, security groups).
• Hands-on experience operating equipment in a colocation / data-center environment (Telx, Equinix, Digital Realty, or similar).
• Experience supporting multi-region / multi-country office networks, including site-to-site VPN, SD-WAN, and regional ISP coordination.
• Practical experience implementing MFA/2FA, RADIUS/TACACS+, SAML, and integrating with identity backends.
• Solid grounding in network security: firewalls, IDS/IPS, VPN, segmentation, and incident response.
• Scripting/automation skills (Python, Bash, Ansible, Terraform).
• Excellent troubleshooting skills and the ability to communicate clearly with both technical and non-technical stakeholders.

Preferred Qualifications

• Industry certifications: CCNP / CCIE, JNCIP, AWS Advanced Networking - Specialty, PCNSE, Palo Alto / Fortinet, CISSP.
• Experience with SD-WAN platforms (Cisco Meraki, Viptela, Versa, Fortinet) deployed across global offices.
• Experience with Kubernetes networking (CNI, Istio/Linkerd, ingress controllers).
• Familiarity with SOC 2 / PCI-DSS / ISO 27001 / GDPR controls related to network and access management.
• Experience integrating bespoke or in-house auth backends (similar to our GM backend) via standard protocols.
• Prior experience supporting offices in mainland China (cross-border connectivity, ICP licensing, MPLS into APAC).
• Working proficiency in Mandarin, German, or Romanian is a plus, but not required.

What Success Looks Like in the First 12 Months

• 30 days: Fluent in our global topology - corporate offices (Santa Clara, Shanghai, Xi'an, Germany, Romania), Telx data-center, and AWS - and on-call ready.
• 90 days: Owns at least one major domain (e.g., AWS networking, Telx data-center, or global office WAN) and has closed top operational pain points.
• 6 months: Delivered measurable improvements in network reliability, security posture, or automation coverage; 2FA/GM backend integration hardened and well-documented across all regions.
• 12 months: Recognized as the go-to authority for hybrid, global networking; has led at least one major project (e.g., Transit Gateway migration, data-center refresh, SD-WAN rollout to APAC/EMEA, or zero-trust deployment).