Missions

We are seeking a Cloud Network Consultant (AWS) to lead the design, implementation, governance, and security of enterprise-grade cloud networking solutions. This role requires deep technical expertise in Cisco routing, AWS networking and security services, Skyhigh Proxy, and automation with Terraform, combined with strong leadership to enforce robust security controls and drive strategic initiatives.

You will leverage strong Cisco routing/switching and security skills to oversee topics related to Cisco routing, AWS network services (including firewall solutions), AWS CDN, and AWS Front Door. You will also secure web access by administering Squid and Skyhigh Secure Web Gateway/Proxy, manage allow/deny lists, and oversee operational lifecycle tasks such as TLS certificate renewals and AMI/image upgrades for network and security appliances.

You will contribute to infrastructure automation using Terraform and drive resilient, observable, and compliant operations. Additionally, you will implement monitoring and alerting frameworks and enforce cloud policy and governance for compliance.

Profile

Mandatory Skills

• Squid Proxy
• AWS Front Door
• CDN
• AWS Firewall
• Terraform (Infrastructure as Code)
• Cisco routing and switching

Secondary Skills

• Network security knowledge
• WAF
• Squid Proxy
• Fortinet
• CheckPoint

Key Responsibilities

Strategic Leadership & Governance

• Define and own the cloud network architecture roadmap aligned with business objectives.
• Establish network security governance, compliance frameworks, and enforce zero-trust principles.
• Lead cloud networking strategy across hybrid environments, ensuring scalability, resilience, and cost optimization.
• Act as a trusted advisor for network security best practices, risk assessments, and audit readiness.

Technical Design & Implementation

• Architect and oversee Cisco routing (BGP, OSPF, MPLS, VPNs) for hybrid connectivity.
• Collaborate with cloud architects, security, and DevOps teams to ensure secure and scalable network designs.
• Design and implement AWS Firewall, AWS Front Door (with WAF), and AWS CDN for secure and optimized traffic delivery.
• Design cloud and hybrid network topologies (hub-and-spoke/vWAN), IP addressing, route tables, and peering aligned to zero-trust principles.
• Design, implement, and support hybrid/cloud network architectures with Cisco routing (BGP, OSPF, route redistribution, ECMP, VRFs).
• Define ingress/egress patterns with AWS Firewall and route control; standardize segmentation and inspection points.
• Build and maintain AWS networking components: VPC, subnets, route tables, Private Links, load balancers, and hybrid connectivity (e.g., SD-WAN).
• Architect AWS Front Door for global load balancing, routing strategies, health probes, and domain management.
• Align CDN caching strategies (TTL, compression, rules engine) with application requirements.
• Design and implement application delivery services (traffic manager, load balancers, etc.).
• Implement AWS Application Gateway configurations (TLS, HTTP settings, rewrite rules).
• Troubleshoot connectivity, routing, and latency issues across cloud, data center, and hybrid environments.
• Analyze L3–L7 issues using packet capture, logs, and monitoring tools.
• Manage DNS zones, private endpoints, and network peering.
• Establish secure internet access via Squid and Skyhigh Proxy (SSL inspection, policies, PAC files).
• Implement domain/IP/application allowlisting and blocklisting strategies.
• Oversee certificate lifecycle management (issuance, renewal, rotation, automation).
• Govern AMI upgrades, patching cycles, and image hardening standards.

Automation & Infrastructure as Code

• Drive Terraform adoption for provisioning, policy-as-code, and compliance enforcement.
• Implement CI/CD pipelines for network and security automation.
• Automate certificate renewals, AMI pipelines, and proxy policy updates.

Security Controls & Compliance

• Enforce network segmentation, least-privilege access, and a deny-by-default approach.
• Implement WAF/IDPS, threat intelligence filtering, and DDoS protection strategies.
• Maintain documentation (runbooks, diagrams, inventories) and provide L3 support and knowledge transfer.
• Ensure compliance with standards such as ISO 27001, SOC 2, GDPR, and PCI-DSS.

Monitoring & Incident Response

• Define observability strategies and traffic analytics.
• Lead troubleshooting for complex L3/L7 issues across hybrid and multi-cloud environments.
• Establish incident response procedures and conduct regular testing exercises.

CGI provides a reasonable estimate of the salary range for this position. The calculation of this range depends on various factors, including skill level, geographic market, experience, education, as well as professional licenses and certifications. Compensation decisions are based on the specifics of each case. A reasonable estimate for this salary range is between $60,000 and $115,000. This position is currently open.

#LI-AM1

Your future