**Description** The Space Telescope Science Institute (STScI) is a multi-mission science and flight operations center for NASA’s flagship observatories- Hubble, Webb & Roman on the Johns Hopkins University Homewood campus in Baltimore, Maryland. Learn more about our missions (https://www.stsci.edu/what-we-do) . **_This position can support hybrid work and currently is mostly work from home. Candidates must reside in or be willing to relocate to our local market. (MD, DE, VA, PA, DC & WV)._** **This position requires US Citizenship or Permanent Residence in order to meet ITAR requirements.** **The annual salary range for this senior level role is $125,000 - $135,000.** The posted salary range represents a general guideline; however, STScI considers a number of factors when determining base salary offers, such as internal pay equity, the scope and responsibilities of the position, the candidate's experience, education, and skill, and current market conditions. The Information Technology Services Division (ITSD) is seeking a Senior Cloud Network Engineer. The primary responsibilities of the individual filling this position will be providing leadership, guidance and support of the Institute's Network Infrastructure both on-site and in the AWS cloud. Responsibilities include: + Work collaboratively with IT, vendors and STScI staff to evaluate and verify the design, installation, configuration and maintenance of the network infrastructure + Work with the AWS DevOps team to support ongoing cloud initiatives + Work directly with STScI staff to design and implement network solutions that support mission, science, and information security objectives + Work with information network and security staff to implement new network architectures, defensive technologies, and monitoring solutions + Assist in daily maintenance and problem resolution. Serve as a resource for Service Desk ticket support + Work in a collaborative team environment, sharing all knowledge and skills with other team members + Modify and update the configuration for all network infrastructure devices + Review, audit, and support all network systems Required Qualifications: + Minimum of 5-10 years of progressive technical expertise in the network domain + Experience with AWS Networking and Security + AppSec automation experience for embedding & supporting integrated security checks in build pipelines + Proficient in Docker, Kubernetes, and AWS ECS/EKS for container management and orchestration networking and security + Experience with developing IaC (Infrastructure as Code) modules for AWS multi-account framework & AWS organizations, with experience in AWS services such as VPC networking, Transit Gateway, Network Firewalls, Load Balancers, etc. + Knowledge of network performance, scalability best practices and disaster recovery processes + Knowledge of DevOps, and Automation, Ci/CD, Software Engineering best practices + Hands on experience with: + Cisco routing and switching hardware + DNS + Troubleshooting skills using various tools (command line, packet capturing, etc.) + SSL / IPSEC VPN (Cisco ASA) + WAN Protocols such as BGP (Border Gateway Protocol), IPsec (Internet Protocol Security), Open Shortest Patch First (OSPF), etc. + Securing both wired and wireless networks + Performance/flow monitoring statistics + Scripting skills required - shell scripts, Python preferred including familiarity with CloudFormation/Terraform, JSON, YAML + Demonstrated ability and knowledge of networking architectures + Experience supporting DevOps environments. A strong understanding of the SDLC, CI/CD, and the Agile software development methodology including experience with deployment automation + Significant experience in the configuration and management of routers, switches, DNS, and modern and secure network designs + Good understanding of applications such as L3 and L2 VPNs + Experience supporting a highly technical and/or research-based environment is preferred Desirable but Not Required Qualifications: + Experience managing and trouble-shooting proxy servers, virtual private networking, remote access solutions, and firewalls from Cisco, Check Point, etc. + Firewall management (Check Point preferred but not required) + Web Application Firewalls (WAF) + Web application security (for example OWASP top 10) + Security+, CISSP, GIAC, CCNA/CCNP, ITIL/PMP/PMI, AWS Security Specialty certification is a plus + AWS Advanced Networking Specialty Certification **Explore Our Benefits! (https://www.stsci.edu/opportunities/benefits)** + Employer retirement contribution – direct STScI contribution of 10% of your salary from your first day + 12 days sick leave, 24 days’ vacation, and 10 paid holidays your first year + Comprehensive medical/dental/vision/prescription plans, and more! **TO APPLY:** Please complete an on-line application by **March** **14, 2025** to receive full consideration. Applications received after this date will be considered until the position is filled. Individuals needing assistance with the employment process can contact us at careers@stsci.edu . \#LIHYBRID