Job Locations DO-Santo Domingo

ID

2026-4369

Category

Engineering/Development

Type

Full Time

The Network Engineer owns the design, implementation, and continuous optimization of our AWS network infrastructure, ensuring our systems deliver an unparalleled experience for our clients through high availability, peak performance, and airtight security. This person is responsible for designing networks that are resilient by default, secure by design, and observable at every layer.

AWS Network Architecture & Operations

• Designs, implements, and manages AWS network infrastructure including VPCs, subnets, route tables, internet gateways, NAT gateways, and VPC peering and Transit Gateway configurations across multi-account, multi-region environments
• Owns the end-to-end design and operation of hybrid connectivity solutions including AWS Direct Connect and Site-to-Site VPN, ensuring reliable, low-latency connectivity between AWS environments and on-premises or partner systems
• Architects and maintains network segmentation strategies that enforce the principle of least privilege at the network layer, controlling traffic flow between services, environments, and external systems
• Designs and manages DNS architecture using Amazon Route 53, including private hosted zones, resolver endpoints, and traffic routing policies that support high availability and regional failover
• Implements and optimizes content delivery and load distribution using AWS CloudFront, Elastic Load Balancing (ALB/NLB), and Global Accelerator to ensure clients consistently experience low latency and high throughput
• Manages IP address space (IPAM) across AWS environments, ensuring scalable, non-overlapping CIDR allocation that supports continued organizational growth and multi-region expansion

Network Security

• Designs and enforces network security controls across all AWS environments, leveraging Security Groups, Network ACLs, AWS Network Firewall, and AWS WAF to protect systems from unauthorized access, malicious traffic, and application-layer threats
• Implements and manages AWS Shield and AWS WAF configurations to protect client-facing systems against DDoS attacks and web exploits, continuously tuning rules based on threat intelligence and observed traffic patterns
• Owns the design and governance of zero-trust network access principles within the AWS environment, ensuring that no service, user, or system is implicitly trusted regardless of network location
• Conducts regular network security assessments, reviewing security group configurations, routing tables, and firewall rules to identify and remediate excessive permissions, misconfigurations, and policy drift
• Partners with the Security team to respond to network-level security events and incidents - performing root cause analysis, implementing containment measures, and driving post-incident hardening
• Ensures network configurations meet compliance requirements aligned with NIST 800-53, ISO/IEC 27001, and SOC 2 control frameworks, supporting audit readiness and evidence collection

Performance Optimization & Reliability

• Continuously monitors network performance across AWS environments using AWS Network Manager, VPC Flow Logs, CloudWatch, and third-party observability tools - proactively identifying latency, packet loss, throughput degradation, and routing inefficiencies before they impact clients
• Designs networks for resilience and high availability, implementing redundant paths, multi-AZ and multi-region architectures, and automated failover mechanisms to eliminate single points of failure
• Analyzes traffic patterns and capacity trends to forecast network growth needs, proactively scaling infrastructure ahead of demand driven by product growth and client onboarding
• Optimizes data transfer costs and performance by implementing VPC endpoints, PrivateLink, and traffic routing strategies that minimize unnecessary data traversal across the public internet
• Participates in incident response for network-related outages and performance degradation events, driving rapid diagnosis and resolution with a structured, data-driven approach

Infrastructure as Code & Automation

• Defines and manages all network infrastructure using infrastructure-as-code tools such as Terraform or AWS CDK, ensuring network configurations are version-controlled, peer-reviewed, and consistently reproducible across environments
• Develops automation to streamline network provisioning, security group management, firewall rule updates, and compliance checks - reducing manual toil and the risk of human error in network operations
• Builds and maintains network configuration validation pipelines that automatically detect drift, misconfigurations, and policy violations before changes reach production
• Collaborates with Engineering and DevOps teams to integrate network provisioning into CI/CD pipelines, enabling development teams to safely consume network resources as part of their automated deployment workflows

Observability & Documentation

• Establishes and maintains comprehensive network observability, including VPC Flow Log analysis, Traffic Mirroring, and CloudWatch dashboards that provide real-time visibility into traffic patterns, anomalies, and security events
• Builds and maintains network topology documentation, architecture diagrams, and runbooks that give the broader Engineering organization a clear, accurate picture of the network at all times
• Defines and tracks network health KPIs and SLAs - including availability, latency benchmarks, security incident response times, and compliance posture - reporting regularly to Engineering leadership
• Documents all network changes through a structured change management process, maintaining a clear audit trail of who changed what, when, and why

Collaboration & Standards

• Partners with Engineering, DevOps, and Security teams to ensure network design supports application architecture requirements, deployment patterns, and security policies
• Provides network engineering guidance during the design and review of new systems and services, ensuring network implications are considered early in the development lifecycle
• Establishes and enforces network engineering standards across the organization, including naming conventions, tagging policies, segmentation patterns, and security baseline configurations
• Serves as the subject matter expert on AWS networking for the broader engineering organization, educating and enabling teams to make informed decisions about how their services interact with the network layer

• Bachelor's Degree in Computer Science, Network Engineering, Information Systems, or a related field — or equivalent practical experience
• 3+ years of professional network engineering experience with a primary focus on AWS cloud networking
• Deep, hands-on expertise with core AWS networking services including VPC, Transit Gateway, Direct Connect, Route 53, CloudFront, ALB/NLB, Security Groups, Network ACLs, and AWS Network Firewall
• Strong understanding of networking fundamentals including TCP/IP, DNS, BGP, OSPF, subnetting, routing, NAT, and network security protocols
• Experience designing and operating secure, multi-account, multi-region AWS network architectures
• Proficiency with infrastructure-as-code tooling such as Terraform or AWS CDK for network resource management
• Demonstrated experience implementing network security controls and performing security assessments within AWS environments
• Experience with network observability tools including VPC Flow Logs, CloudWatch, and AWS Network Manager
• Strong analytical and troubleshooting skills — able to diagnose complex network issues under pressure and communicate findings clearly to both technical and non-technical stakeholders

Preferred Qualifications:

• AWS Certified Advanced Networking – Specialty certification, or equivalent AWS certification (e.g., AWS Solutions Architect – Professional)
• Experience with AWS WAF, AWS Shield Advanced, and DDoS mitigation strategies in production environments
• Familiarity with zero-trust networking principles and their implementation within AWS environments
• Experience with AWS PrivateLink, VPC endpoints, and strategies for minimizing public internet exposure
• Familiarity with network automation and scripting using Python, Bash, or similar languages
• Experience supporting compliance frameworks including NIST 800-53, ISO/IEC 27001, or SOC 2 in a network engineering context
• Experience working in Agile/Scrum engineering environments with cross-functional product and infrastructure teams
• A mindset that treats every network configuration as a security decision — and a track record that reflects it

Origami Risk delivers single-platform SaaS solutions that help organizations best navigate the complexities of risk, insurance, compliance, and safety management.

Founded by industry veterans who recognized the need for risk management technology that was more configurable, intuitive, and scalable, Origami continues to add to its innovative product offerings for managing both insurable and uninsurable risk; facilitating compliance; improving safety; and helping insurers, MGAs, TPAs, and brokers provide enhanced services that drive results.

A singular focus on client success underlies Origami’s approach to developing, implementing, and supporting our award-winning software solutions.

Origami Risk is proud to be an equal opportunity employer. We thrive and benefit from diversity and are committed to creating an inclusive and equitable environment for all employees. We do not discriminate against any individual based upon race, religion, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, color, sex, national origin, age, marital status, military or veteran status, disability, or any other characteristic protected by applicable law.

Caution: Be alert to recruiting scams. We have received reports of individuals impersonating Origami Risk recruiters to deceive candidates into disclosing personal information. These impostors use fake Origami Risk domain names and email addresses. Please double-check that any email address from an Origami Risk recruiter ends with origamirisk.com or talent.icims.com. And to confirm the legitimacy of any recruiting communication, feel free to email transparencycheck@origamirisk.com.

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.

Share on your newsfeed