Cloud Network Engineer

This role is focused on owning, maintaining, and evolving Zopa's cloud-based network architecture and its supporting automation infrastructure. You will play a key part in designing secure, scalable and observable systems across our estate spanning AWS and Azure. The role emphasises strong collaboration with platform and application teams, especially around public ingress/egress management, internal security control and secure remote access in a multi-tiered environment. You will demonstratea high level of business awareness, be able to understand and qualify stakeholder requirements and transform into technical designs.

Your impact:

• Design, manage, and evolve the network architecture across multi-account, multi-region AWS environments.

• Implement and support partner integrations through mTLS, IPSec, Privatelink.

• Support centralized network servicessuch as DNS &RADIUS.

• Maintain network security controls using Palo Alto Cloud NGFW (or AWS Network Firewall), Network ACLs, Security Groups.

• Implement and maintaininfrastructure codebase and CI/CD pipelines.

• Ensure robust monitoring and alerting using Prometheus, Grafana, CloudWatch, and other observability tools.

• Collaborate on production incident response, provide network level visibility and troubleshooting support

• Support the security, performance, and resilience of inter-service communication across all Zopa's cloud & SaaS providers

• Provide input into broader platform strategy, architecture reviews, and engineering best practices.

• Proven experience designing and managing AWS networking: VPCs, Transit Gateways, Route53, PrivateLink, NAT gateways, security groups, etc.

• Practical knowledge of Palo Alto Cloud NGFW and cloud-native firewalling/security principles.

• Familiarity with Azure networking constructs.

• Strong hands-on experience with Terraform as the core IaC tool.

• Proficient in GitHub Actions for infrastructure CI/CD.

• Strong troubleshooting skills, including low-level tools like tcpdump and Wireshark.

• Understanding of TLS protocols, public/private key infrastructure, and x.509 certificate standards.

• Ability to debug certificate validation issues confidently and understand implications of cipher suites, trust chains, and expiry windows.

• Working knowledge of Kubernetes (specifically EKS) including ingress-controllers, ALBs and request handling with external CDN.

• Experience with Prometheus, Grafana, AWS CloudWatch, and centralized logging (e.g. Splunk or similar).

• Ability to set up effective monitoring and alerting for network and connectivity issues.

We started our journey back in 2005, building the first ever peer-to-peer lending company. Fast forward to 2020 and we launched Zopa Bank. A bank that listens to what our customers don't like about finance and does the opposite. We're redefining what it feels like to work in finance. Our vision for a new era of banking puts people front and centre - we've built a business that empowers everyone to aim high, every day, to move finance forward. We're incredibly proud of our achievements and none of it would be possible without the amazing team here. It's not just industry awards we're winning, we've also been named in the top three UK's Most Loved Workplaces.