Staff Network Engineer (Menlo Park CA) #4765

Responsibilities

• Staff Network Engineering - AWS and Hybrid Cloud
• AWS VPC Engineering
• Design build and maintain Amazon VPCs including CIDR planning subnet design (public/private) route tables Internet Gateways (IGW) NAT gateways and VPC endpoints (Interface/Gateway).
• Configure and manage security controls such as Security Groups NACLs AWS Network Firewall and AWS WAF for defense‑in‑depth across environments.
• Hybrid Connectivity
• Implement and support hybrid connectivity using AWS Direct Connect Site‑to‑Site VPNs and AWS Transit Gateway for scalable VPC‑to‑VPC and on‑prem connectivity.
• Traffic Management & DNS
• Configure Amazon Route 53 for internal and external DNS routing policies health checks and failover.
• Deploy and manage Elastic Load Balancing (ALB/NLB/GLB) to provide high availability SSL termination path‑based routing and/or TCP/UDP load balancing.
• On‑Prem & Data Center Networking
• Operate and troubleshoot on‑prem and data center networks using Juniper and Aruba platforms (switching routing VLANs VRFs BGP/OSPF).
• Configure manage and tune Palo Alto Networks firewalls including security policies NAT VPN and content inspection.
• Monitoring Logging & Dashboards
• Design and implement end‑to‑end monitoring alerting and dashboards for network health performance and security leveraging tools such as:
• VPC Flow Logs CloudWatch metrics/logs and Route 53 health checks.
• Firewall logs and on‑prem device telemetry.
• Build and maintain dashboards for:
• Link utilization latency packet loss and error rates (DX VPN TGW campus links).
• Load balancer health connection metrics and capacity.
• DNS performance and resolution issues.
• Establish actionable alerting thresholds and runbooks to support rapid incident triage and resolution.
• Capacity Planning & Performance
• Perform ongoing capacity planning for AWS networking (VPCs TGW DX VPN load balancers) and on‑prem links forecasting growth and identifying bottlenecks.
• Analyze traffic patterns and utilization data to right‑size connectivity optimize routing and plan upgrades before they become constraints.
• Run performance tests and baselines (throughput latency failover behavior) and tune configurations accordingly.
• Incident Response & Troubleshooting
• Lead network‑related incident response including real‑time troubleshooting across layers (DNS TCP/IP TLS HTTP internal app protocols).
• Drive root‑cause analysis (RCA) and implement corrective and preventive actions (runbooks automation design changes).
• Architecture & Design (Significant Component)
• Own end‑to‑end network architecture for multi‑account multi‑region AWS environments ensuring scalability reliability observability and security.
• Develop and maintain network reference architectures and patterns for:
• Isolated and regulated environments.
• Service‑to‑service connectivity using PrivateLink VPC peering and/or VPC Lattice.
• Ingress/egress patterns through ELB Global Accelerator and centralized egress VPCs.
• Design application connectivity segmentation and zero‑trust network patterns in partnership with Security and Platform teams.
• Evaluate and introduce advanced AWS networking capabilities (e.g. AWS App Mesh Amazon VPC Lattice AWS Global Accelerator) where they provide clear operational or performance benefits.
• Ensure architectural designs explicitly include observability and capacity planning requirements (telemetry KPIs SLOs).
• Automation Tooling & Governance
• Build and maintain infrastructure‑as‑code for network components (e.g. Terraform/CloudFormation modules for VPCs TGWs Direct Connect routing firewall rules).
• Integrate network provisioning and configuration into CI/CD pipelines to support safe auditable and repeatable deployments.
• Automate generation and updates of network monitoring logging and dashboard configurations where possible.
• Define and codify network standards guardrails and best practices for AWS and on‑prem networking including monitoring and capacity baselines.
• Partner with Security and Compliance to ensure designs and implementations meet regulatory and internal policy requirements including logging and retention requirements.
• Collaboration & Leadership
• Act as the primary subject matter expert for AWS networking hybrid connectivity and network observability providing guidance to platform SRE security and application teams.
• Mentor other engineers on networking fundamentals AWS networking performance troubleshooting and effective monitoring/dashboards.
• Lead and review technical designs RFCs and architectural decisions for network‑related projects.
• Communicate complex networking concepts trade‑offs and capacity risks to both technical and non‑technical stakeholders.
• These responsibilities summarize the role’s primary responsibilities and are not an exhaustive list. They may change at the company’s discretion.

Required Qualifications

• 10+ years of experience in network engineering with at least several years in a senior/staff or architecture‑oriented role.
• Deep hands‑on experience with AWS networking:
• Amazon VPC (CIDR design subnets IGW/NAT route tables endpoints).
• Security Groups and NACLs.
• AWS Transit Gateway Site‑to‑Site VPN and AWS Direct Connect.
• Route 53 and ELB (ALB/NLB/GLB).
• Strong enterprise/data center networking experience:
• Juniper and/or Aruba networking platforms.
• Routing/switching (BGP OSPF VLANs VRFs link aggregation redundancy protocols).
• Hands‑on experience with Palo Alto Networks firewalls (policy management NAT VPN content inspection).
• Demonstrated experience setting up monitoring logging and dashboards for network infrastructure (cloud and on‑prem) and using this data for incident response and capacity planning.
• Proven track record building and operating secure highly available and scalable network infrastructures in production.
• Solid understanding of network security principles segmentation and zero‑trust concepts.
• Strong troubleshooting skills across layers (DNS TCP/IP TLS HTTP internal app protocols).
• Infrastructure as Code: Hands-on experience using Terraform or CloudFormation to design and implement network infrastructure via Infrastructure as Code. Must be comfortable owning both the architecture and the corresponding automation (coding depth beyond basic scripting required).
• Excellent communication skills and experience working in cross‑functional fast‑moving environments.

Preferred Qualifications

• Experience in healthcare life sciences or other highly regulated or security‑sensitive environments.
• Experience with:
• AWS Network Firewall AWS WAF.
• AWS App Mesh and/or Amazon VPC Lattice.
• AWS Global Accelerator and edge networking patterns.
• Proficiency with infrastructure‑as‑code (e.g. Terraform CloudFormation) and automation/scripting (Python Bash PowerShell etc.).
• Experience designing SLOs KPIs and alerting strategies for network reliability and performance.
• Familiarity with SD‑WAN SASE and/or Zero Trust Network Access (ZTNA) solutions.
• Relevant certifications such as AWS Certified Advanced Networking – Specialty CCNP/CCIE or Palo Alto Networks certifications.

What We Do

GRAIL is a healthcare company whose mission is to detect cancer early when it can be cured. GRAIL is using the power of high-intensity sequencing population-scale clinical studies and state-of-the-art computer science and data science to enhance the scientific understanding of cancer biology and to develop and commercialize pioneering products.

Why Work With Us

Everything we do is guided by our mission to detect cancer early when it can be cured. It’s the reason we’re here and it’s no small task. The right people make all the difference. That’s why we’re looking for those who strive to share their knowledge contribute their skills inspire each other and commit to something bigger than themselves.

Gallery