Cloud Network Engineer

Cloud Network Security Engineer (AWS VPN Specialist)

Position Overview

Key Responsibilities

• Design, configure, and deploy AWS Site-to-Site VPN connections, including Virtual Private Gateways (VGW), Customer Gateways (CGW), and dual tunnels for high availability.
• Set up and customize VPN tunnel options in the AWS Management Console, such as IKE and IPsec parameters.
• Integrate policy-based Check Point Security Gateway firewall with AWS VPN, defining encryption domains, VPN communities, and static routing for VPC CIDR blocks and customer subnets.
• Configure firewall rules, NAT Traversal, Dead Peer Detection, and TCP MSS clamping to ensure secure and optimal traffic flow.
• Allocate and manage IP addresses for PoC resources and inside tunnel IPs.
• Generate and customize AWS VPN configuration files for Check Point devices, ensuring compatibility with policy-based VPNs and disabling IKE aggressive mode.
• Collaborate with data center security analysts to troubleshoot VPN connectivity, routing issues, and security policies, including static routing.
• Perform testing and validation of the VPN setup, including initiating traffic to bring up tunnels and verifying bidirectional communication between on-premises and AWS resources.
• Document configurations, including VPC CIDR blocks, pre-shared keys, and firewall policies, and provide guidance on recreating or modifying VPN connections.
• Stay updated on AWS and Check Point best practices for cloud networking and security as of 2025.

Required Skills and Experience

• 5+ years of experience in cloud networking and security engineering, with a focus on AWS VPC, Site-to-Site VPN, and firewall integrations.
• Proficiency in Check Point Security Gateway configuration, including VPN blades, SmartDashboard, Gaia WebUI, and tools like GuiDBedit for DPD and MSS clamping.
• Strong knowledge of networking protocols (e.g., IKEv1/IKEv2, IPsec ESP, PFS, BGP/static routing) and security standards (e.g., disabling aggressive mode, NAT-T).
• Hands-on experience with AWS services such as VPC, Virtual Private Gateways, Transit Gateways, and VPN connection management.
• Ability to work with policy-based VPNs, encryption domains, directional match rules, and route redistribution in Check Point environments.
• Familiarity with troubleshooting tools like AWS VPN logs, Check Point logs, and network analyzers for IKE/IPsec mismatches or tunnel failures.
• Experience in PoC environments, including IP allocation, subnet design, and testing with specific resources (e.g., 4 IP addresses for instances).
• Bachelor's degree in Computer Science, Information Technology, or a related field (or equivalent experience).

Preferred Skills

• AWS certifications (e.g., AWS Certified Advanced Networking Specialty, AWS Certified Solutions Architect Professional).
• Check Point certifications (e.g., Check Point Certified Security Expert (CCSE), Check Point Certified Cloud Network Security Expert).
• Knowledge of advanced features like AWS Accelerated Site-to-Site VPN or integration with Checkpoint
• Scripting skills in Python or Ansible for automation of network configurations.
• Experience with hybrid cloud setups, multi-VPC peering, and security groups/network ACLs in AWS.