# Senior NetOps Engineer > Vecten · Warsaw, Poland (Remote) · — · Posted 2026-06-15 **Workplace:** remote ## Description **Senior NetOps Engineer** **Full-time B2B | Remote EU / Poland | Financial Services Context** We are an AI-native data and technology partner for private capital and healthcare. Founded in 2010 and headquartered in Warsaw, we work with leading PE firms, VC funds, and healthcare organizations to build proprietary data infrastructure, deploy AI solutions, and drive AI-native transformation. Our clients manage a cumulative $1.2T+ in assets. Our average engagement runs five years. Our NPS sits above 80. We don't need to claim credibility - we can show it. We've also done to ourselves what we now do for clients. We've restructured our own company around AI - tools, policies, roles, delivery models. This isn't a pitch. It's a playbook we've already run, and we're hiring the engineers who will run it for others. **The Opportunity** A leading global alternative asset management firm is looking for a Senior NetOps Engineer to own cloud networking at scale. This is a hands-on role sitting at the boundary between Platform Engineering and Networking — the person who translates network requirements into infrastructure code, replaces manual and legacy controls with policy-driven automation, and builds the reusable patterns that every engineering team provisions their networks against. You'll work directly with AWS-native networking services — CloudWAN, VPC Lattice, Network Firewall — and be the engineer responsible for making those services production-grade, standardized, and integrated into the platform delivery pipeline. You won't be designing networks in Visio. You'll be writing Terraform. What You'll Own - Design and deliver **cloud networking patterns** across AWS CloudWAN, VPC Lattice, and AWS Network Firewall — from architecture decisions through to production-ready Terraform modules - Drive the **replacement of legacy network controls** (NACLs and equivalent point-in-time configurations) with centralized, policy-driven enforcement that scales across accounts and regions - Build and maintain a **Terraform module library** for network provisioning — VPC layouts, routing, firewall policies, connectivity patterns — that platform and application teams consume as self-service - **Integrate networking into platform pipelines** — CI/CD, account vending, onboarding automation — so network resources are provisioned consistently and auditably as part of every environment standup - Act as the **primary technical bridge between Platform Engineering and the Networking organization** — translating routing requirements, security standards, and network architecture into IaC that both sides can operate and trust ## Requirements **AWS Networking** - Deep, hands-on experience with **AWS VPC fundamentals**: subnets, route tables, security groups, NAT/Internet gateways, Transit Gateway, PrivateLink - Production experience with **AWS CloudWAN** — core network policy documents, segments, routing domains, multi-region and multi-account topologies - Hands-on with **AWS Network Firewall** — stateful and stateless rule groups, firewall policy management, centralized inspection architectures - Working knowledge of **VPC Lattice** — service-to-service connectivity, auth policies, access log configuration - Experience with **hybrid connectivity**: Direct Connect, VPN, BGP routing, on-premises integration patterns **Infrastructure as Code** - Strong **Terraform at scale** — module design, state management, workspace patterns, remote backends, provider version management - Experience building **reusable, versioned Terraform modules** consumed by multiple teams — not just writing Terraform for your own deployments - Familiarity with **CI/CD pipelines for infrastructure**: plan/apply automation, drift detection, policy-as-code (e.g. OPA, Sentinel, or AWS Config rules) **Cross-domain Fluency** - Ability to work across **DevOps** **and traditional Networking disciplines** — comfortable in both a pull request review and a BGP routing discussion - Experience with **multi-account AWS environments** (AWS Organizations, SCPs, Resource Access Manager) where networking crosses account and organizational boundaries - Understanding of **network security governance:** least-privilege access, traffic inspection architectures, audit logging (VPC Flow Logs, Firewall logs to CloudWatch/S3) **Nice to Have** - AWS certifications: **Advanced Networking Specialty** or Solutions Architect Professional - Experience with **AWS Control Tower** or Landing Zone Accelerator in the context of network account vending - Familiarity with **service mesh or east-west traffic management** patterns at scale (beyond VPC Lattice — e.g. App Mesh, Istio on EKS) - Exposure to **GitOps workflows** for infrastructure — ArgoCD, Atlantis, or equivalent - Background in **financial services or regulated industries** where network segmentation, audit trails, and change control are compliance requirements, not preferences ## Benefits - Unrestricted AI Stack & Premium Gear: Fully paid licenses for Cursor, Claude Pro, etc. - Total Autonomy (Remote-First): No filler meetings, no Jira bloat, no micromanagement. You own the workflow. We care about shipped systems in production, not logged hours. - Direct Impact: You’ll work face-to-face with our CEO, CTO & VPs and VC/PE General Partners. - Frontier Engineering Culture: Build alongside elite engineers who are shipping systems that drive real investment decisions. Backed by continuous growth and a strong knowledge-sharing culture ([check our YouTube](https://www.youtube.com/user/sunscraperscom)). **Sounds like a perfect place for you? Don’t hesitate to click apply and submit your application today!** ## Apply [Apply at Vecten](https://apply.workable.com/vecten/j/B0B0AFD3BE/apply) --- Powered by [Workable](https://www.workable.com)