Network Architecture & Design

• Architect and deploy scalable, highly available VPC topologies including multi-tier subnet designs, transit hub-and-spoke models, and full mesh connectivity patterns.
• Design and manage AWS Transit Gateway deployments with route tables, attachments (VPC, VPN, Direct Connect, peering), and multi-region routing.
• Implement AWS Cloud WAN to build, manage, and monitor a unified global network across multiple AWS Regions and on-premises sites from a single policy-driven control plane.
• Maintain and evolve the AWS Network Manager dashboard to centralize visibility of global network topology, including Transit Gateway and Cloud WAN resources.
• Design hybrid connectivity solutions using AWS Direct Connect (dedicated and hosted connections, virtual interfaces, LAGs) and AWS Site-to-Site VPN with redundant tunnels.
• Plan and manage IP address space using AWS VPC IP Address Manager (IPAM) including pool hierarchies, scope definitions, automated CIDR allocation, and cross-account visibility.
  
   

DNS & Service Discovery

• Manage Amazon Route 53 hosted zones (public and private), record sets, health checks, and traffic policies (latency, geolocation, weighted, failover, multivalue answer).
• Deploy and operate Route 53 Resolver inbound and outbound endpoints to enable DNS resolution across hybrid environments.
• Configure Route 53 Resolver DNS Firewall rule groups to block or allow DNS queries based on domain lists.
• Implement AWS Cloud Map for service discovery within containerized and microservices architectures.
   

Security & Access Control

• Design and enforce network segmentation using security groups, network ACLs, and VPC endpoint policies.
• Manage VPC endpoints (Interface and Gateway types) and AWS PrivateLink service configurations to eliminate public internet exposure for AWS service traffic.
• Integrate networking controls with AWS IAM, AWS Organizations SCPs, and AWS Control Tower guardrails.

Observability & Troubleshooting
 

• Enable and analyze VPC Flow Logs, Route 53 Resolver query logs, and Network Firewall alert logs using Amazon CloudWatch, Amazon S3, and Amazon Athena.
• Use AWS Reachability Analyzer and Network Access Analyzer to validate and audit network path connectivity and security posture.
• Leverage Transit Gateway Network Manager and CloudWatch Network Monitor for end-to-end WAN performance visibility.
• Troubleshoot complex connectivity issues spanning VPCs, Transit Gateways, Direct Connect, and on-premises networks.

Automation & Infrastructure as Code

• Codify all network infrastructure using Terraform; contribute reusable modules to shared IaC libraries.
• Automate network operations tasks using Python (boto3), AWS CLI, and shell scripting.
• Integrate network provisioning pipelines into AWS CodeBuild and CodePipeline.
• Participate in code reviews and enforce IaC standards for network resources across multi-account environments.
   

Required AWS Networking Services Competency
Candidates must demonstrate hands-on proficiency across the following services. Depth is expected in bolded areas.
 

Domain

Key Services & Skills

Global WAN & Connectivity

AWS Cloud WAN, AWS Transit Gateway, AWS Network Manager, Direct Connect (DX), Site-to-Site VPN, AWS Client VPN
 

IP Address Management
 

AWS VPC IPAM (pools, scopes, allocations, cross-account), VPC CIDR design, IPv6 dual-stack
 

Core VPC Constructs

VPCs, Subnets, Route Tables, Internet Gateways, NAT Gateways, Egress-Only IGW, VPC Peering
 

DNS & Service Discovery

Route 53 (hosted zones, routing policies, health checks, Resolver endpoints, DNS Firewall), AWS Cloud Map

Network Security

Security Groups, Network ACLs, AWS Network Firewall, AWS WAF, AWS Shield, VPC Endpoints, PrivateLink
 

Observability & Analysis
 

VPC Flow Logs, Reachability Analyzer, Network Access Analyzer, CloudWatch Network Monitor, Traffic Mirroring
 

Automation

Terraform, AWS CloudFormation, Python/boto3, AWS CLI, CI/CD pipelines
 

Multi-Account Governance
 

AWS Organizations, AWS Control Tower, Service Control Policies (SCPs), AWS Config network rules
 

Required

• AWS Certified Advanced Networking Specialty (ANS-C01) — mandatory.
• 13+ years of IT experience in total.
•  5+ years of experience in cloud networking, with at least 3 years focused on AWS.
• Deep expertise in VPC architecture, Transit Gateway, and hybrid connectivity (Direct Connect / VPN).
• Proven experience with AWS Cloud WAN and Network Manager in production environments.
• Strong proficiency in AWS VPC IPAM for enterprise-scale address management.
• Hands-on Terraform experience for network infrastructure; familiarity with module design patterns.
• Solid understanding of BGP, OSPF, and TCP/IP fundamentals as they apply to cloud and hybrid routing.
• Experience operating in AWS Control Tower or multi-account Organizations environments

Working Hours : 2PM to 11PM IST

About State Street

Across the globe, institutional investors rely on us to help them manage risk, respond to challenges, and drive performance and profitability. We keep our clients at the heart of everything we do, and smart, engaged employees are essential to our continued success.

We are committed to fostering an environment where every employee feels valued and empowered to reach their full potential. As an essential partner in our shared success, you’ll benefit from inclusive development opportunities, flexible work-life support, paid volunteer days, and vibrant employee networks that keep you connected to what matters most. Join us in shaping the future.

As an Equal Opportunity Employer, we consider all qualified applicants for all positions without regard to race, creed, color, religion, national origin, ancestry, ethnicity, age, disability, genetic information, sex, sexual orientation, gender identity or expression, citizenship, marital status, domestic partnership or civil union status, familial status, military and veteran status, and other characteristics protected by applicable law.

Discover more information on jobs at StateStreet.com/careers

Read our CEO Statement