Senior Network Engineer

About the team:

The Information Technology team at Rubrik influences business processes, employee experience, and technologies to scale our organization to $1B+. This team creates operational efficiency across the company by centralizing the management of Infrastructure, Technology, and Data. The IT team ensures all stages of the software development lifecycle in a secured environment and scrutinizes the deployment of proper processes along with governance. They champion Rubrik on Rubrik and are the first customers of the Engineering teams at Rubrik.

Rubrik Corp IT is constructed of 100% SaaS and 0% on-premises. The IT team caters to accelerated enhancement of business value and multiple day-to-day business processes through our varied SaaS applications like Salesforce.com, Oracle Netsuite, Workday, Snowflake, Etrade, jitterbit, Allocadia, etc. This team also delivers high-paced business outcomes with 100% system uptime backed by agile, nimble, simple, but cohesive Cloud architectures.

About the role:

We are seeking an experienced and hands-on Senior Cloud Network Engineer to design, implement, and operate resilient, secure, and scalable networking solutions across Rubrik’s hybrid multi-cloud environment (GCP, AWS, Azure, and OCI). This role includes responsibilities for FedRAMP-compliant network infrastructure supporting Rubrik’s federal and public sector cloud offerings.

As part of our Global Infrastructure & Platform Services organization, you will serve as a senior technical contributor for cloud networking, enabling seamless and secure service connectivity across global regions and cloud platforms — including isolated, compliance-boundary environments required for FedRAMP Moderate and High authorization.

This role combines strong hands-on technical depth with collaborative cross-functional execution. You will work closely with security, platform engineering, and application teams to improve how our services connect, scale, and operate.

What you’ll do:

• Design and implement cloud networking solutions across GCP, AWS, Azure, and OCI.
• Build and maintain hybrid multi-cloud connectivity, including VPC/VNet design, peering, transit gateways, interconnects, ExpressRoute, Direct Connect, and secure tunneling.
• Support and maintain FedRAMP authorization boundaries, including network segmentation, traffic isolation, and control documentation aligned with NIST SP 800-53.
• Contribute to a unified connectivity fabric supporting multi-tenant onboarding, service segmentation, traffic routing, and policy enforcement across clouds — including dedicated GovCloud or sovereign regions.
• Implement network observability (end-to-end traffic visibility, flow tracing, correlation ID propagation) to enable diagnostics and performance analysis.
• Apply network security controls including micro-segmentation, zero trust network access (ZTNA), identity-aware routing, firewall policies, and encryption in transit — mapped to FedRAMP and NIST 800-53 baselines.
• Support service-to-service communication, protocol translation, and traffic mediation across diverse environments.
• Partner with security, SRE, and developer teams to onboard services securely and efficiently to the networking fabric.
• Collaborate with the GRC and FedRAMP compliance team to support continuous monitoring, POA&M remediation, and ATO (Authority to Operate) maintenance.
• Apply automation-first principles using Infrastructure-as-Code (Terraform, Pulumi) and CI/CD pipelines.
• Follow and contribute to networking standards, best practices, and reusable templates for consistent, scalable, and secure deployments.
• Stay current on emerging networking technologies and contribute recommendations for improving Rubrik’s infrastructure.

Experience you’ll need:

• 5+ years of experience in network engineering, with hands-on experience in multi-cloud networking.
• Experience in managing Palo Alto Network VM Series firewalls, Palo Alto Prisma
• Experience with Arista and Cisco Network Devices
• Experience with EVPN-VxLan, Arista AVD, CVP, and GitOps workflows
• Solid understanding of cloud-native networking concepts across major CSPs: AWS (VPC, TGW, Direct Connect, GovCloud), GCP (VPC, Interconnect), Azure (VNet, ExpressRoute, Azure Government), OCI.
• Experience designing and operating hybrid/multi-cloud environments with high availability and low latency.
• Strong command of load balancing, DNS, NAT, TLS termination, L7 routing, HTTP/1.1–HTTP/3, and protocol translation.
• Experience architecting or supporting FedRAMP Moderate or High environments, including network boundary definition, segmentation, and NIST SP 800-53 control implementation.
• Experience with zero trust networking and modern network security design.
• Expertise in IaC tools such as Terraform, CloudFormation, or Pulumi.
• Strong scripting skills (Python, Bash, or similar) for automation.
• Experience with observability and telemetry tools (OpenTelemetry, FluentBit, Prometheus, Grafana, Datadog).
• Excellent communication and leadership skills; ability to collaborate and influence across engineering and infrastructure teams.

Preferred qualifications:

• Cloud networking certifications (e.g., AWS Advanced Networking, GCP Professional Cloud Network Engineer, Azure Network Engineer Associate).
• Familiarity with FedRAMP authorization processes, System Security Plans (SSPs), and continuous monitoring frameworks.
• Experience with service mesh technologies (e.g., Istio, Consul, Linkerd).
• Familiarity with HAProxy, NGINX, Envoy, or other L7 proxies/load balancers.
• Experience with compliance-driven or regulated environments, particularly FedRAMP, DoD IL2/IL4, or StateRAMP, is a strong plus.

Day 1 Expectations:

• Perform a deep-dive assessment of existing multi-cloud networking landscape and identify gaps and opportunities.
• Define a future-state architecture for unified, secure, and scalable cloud networking.
• Begin prototyping connectivity improvements, observability pipelines, and onboarding workflows.

Long-Term Ownership:

• Contribute to and execute cloud networking modernization efforts.
• Become a go-to technical resource for cloud networking systems, standards, and troubleshooting.
• Support the expansion and optimization of connectivity across Rubrik’s global infrastructure footprint.
• Help develop and maintain scalable design patterns to support future growth and product evolution.

Security and Privacy Responsibilities: 

This position carries special Security and Privacy Responsibilities for protecting the U.S. Federal Government’s interests:

• Know, acknowledge, and follow system-specific security policies and procedures;
• Protect data and individual privacy per requirements and regulations;
• Perform ongoing activities in compliance with service and contractual obligations;
• Participate in role-based training, completing assignments on a timely basis; 
• Report security issues promptly, and aid investigation when needed;
• Support controlled changes and vulnerability remediation activities; and
• Work collaboratively with Information Security in designing, implementing, assessing or enhancing system-specific security and privacy controls. 

Position Risk Designation:

This position carries duties and responsibilities involving the U.S. Federal Government’s interests. The selected incumbent may be subject to one or both of the additional background checks with periodic re-screening as noted below:

Position Risk Designation: Non-Sensitive, Low Risk, Tier 1

Incumbents without access to U.S. Government data may be required to complete Standard Form 85 and undergo a Tier 1 Investigation (T1) for non-sensitive positions of Low Risk. (Baseline screening; formerly National Agency Check and Inquiries (NACI)).

Position Risk Designation: Non-Sensitive, Moderate Risk, Tier 2 (Public Trust)

Incumbents with access to U.S. Government data may be required to complete Standard Form 85P and undergo Tier 2 (T2) Investigation for non-sensitive positions designated Moderate Risk.

Position Risk Designation:Moderate Risk Law Enforcement (CJIS)

When hired for a position where access to Moderate Risk criminal justice information is required, the employee must complete a fingerprint-based national criminal history background check within 30 days after the employee’s start date.