Cloud Network Engineer (GDC, VPC, Routing & Hybrid Connectivity) - SC Eligible - Government Projects

Cloud Network Engineer (GDC, VPC, Routing & Hybrid Connectivity) - SC Eligible - Government Projects

This role is delivered within secure environments. Candidates must be eligible for UK SC clearance (requiring 5 years UK residency).

Opening: Join the Mission

At ByDesign Secure, we believe that world-class security shouldn't be an afterthought-it should be the foundation. We are an independent, outputs-based consultancy dedicated to solving the most complex data assurance challenges in the UK public sector. Currently, we working on a landmark transformation of a cross-government secure IT system. This is an exciting opportunity to help architect a private cloud environment from the ground up and modernize the end-user services that power national decision-making. We don't believe in "billing by the hour" or rigid hierarchies; we are a lean, expert team focused on delivering high-impact technical outcomes. If you are a self-starter who thrives on autonomy and wants to see your engineering or architectural decisions shape the future of sovereign security, we want to talk to you.

About the Opportunity

• We are looking for a Cloud Network Engineer to design, implement, and manage the underlying infrastructure for Google Distributed Cloud (GDC).
• Candidates with an active Professional Cloud Network Engineer certification will be prioritised, as the skill set required for VPC management and hybrid connectivity is essential for mastering the GDC environment.
• You will work on high-impact projects, ensuring high availability, scalability, and resiliency for nationally significant government operations.

What You'll Be Doing

• Network Architecture Design: Designing and implementing multi-tenant virtual private networks, including complex routing, peering, and internal IP address management (IPAM).
• Hybrid & Private Connectivity: Configuring resilient site-to-site connectivity, including encrypted tunnels and dedicated private interconnects between distributed locations and central data centers.
• Load Balancing & DNS Management: Implementing sophisticated load balancing solutions for high-traffic applications and managing secure, private DNS zones and forwarding policies.
• Containerised Networking: Setting up and securing networking for Kubernetes (GKE), including private control planes, network policies, and specialised alias IP ranges. In particular, Istio Service Mesh.
• Network Observability: Utilising advanced diagnostic tools and flow logs to monitor network health, visualise throughput, and perform deep-packet troubleshooting.

• Proven experience in designing and managing complex, resilient network architectures in a cloud or hybrid context.
• Ability to adapt core networking expertise to the specific constraints of secure, air-gapped, or distributed environments.
• Strong interpersonal skills to build trust across technical and non-technical stakeholders.

Bonus Points For

• Current, non-expired Professional Cloud Network Engineer certification.
• Background in technology delivery across cyber security, digital services, or infrastructure domains.
• Experience with tooling commonly used in secure government contexts (e.g., Jira, Confluence, Gitlab).
• Experience working in air-gapped or disconnected environments with little or no internet connectivity

• Do you have demonstrable experience configuring BGP routing, hybrid connectivity (VPN/Interconnect), and Shared VPCs?
• Have you previously designed or managed networking for Kubernetes (GKE) in a secure government or defence context?
• Do you have the permanent right to work in the UK?
• Do you currently hold active UK SC clearance?
• Are you eligible and willing to undergo UK SC clearance for this role? (Applications without this cannot be considered)
• Does your delivery approach allow for on-site presence in London (SW1A) when required (typically around 2 days per week)?