Network Engineer
Design and troubleshoot AWS, Azure, and GCP networking, zero-trust paths, and performance when you ship or run a solo SaaS or API.
Overview
Network Engineer is an agent skill most often used in Operate (also Build integrations, Ship security) that guides modern multi-cloud networking, security architecture, and performance optimization for production systems
Install
npx skills add https://github.com/sickn33/antigravity-awesome-skills --skill network-engineerWhat is this skill?
- Multi-cloud coverage: AWS VPC/peering/Transit Gateway, Azure vNets/NSGs/Application Gateway, GCP VPC networking
- Security and performance: zero-trust patterns, service mesh, and advanced troubleshooting guidance
- Structured workflow: clarify goals and constraints, apply best practices, verify outcomes
- Optional deep dive via resources/implementation-playbook.md for detailed examples
Adoption & trust: 442 installs on skills.sh; 40.1k GitHub stars; 3/3 security scanners passed (skills.sh audits).
What problem does it solve?
You need a coherent VPC, routing, and security story across AWS, Azure, or GCP but lack a checklist-driven way to design and validate it before traffic breaks.
Who is it for?
Solo builders shipping APIs or SaaS who configure their own cloud networking and want expert framing before changing route tables, gateways, or mesh policies.
Skip if: Pure on-prem-only LAN work, tasks with no cloud or software-defined networking angle, or when you need an automated provisioner instead of architecture guidance.
When should I use this skill?
Working on network engineer tasks or workflows, or needing guidance, best practices, or checklists for cloud networking.
What do I get? / Deliverables
You leave with clarified constraints, recommended cloud networking patterns, and verification steps aligned to your environment—not a generic networking lecture.
- Actionable networking steps
- Verification checklist
- Pointers to implementation-playbook.md when examples are needed
Recommended Skills
Journey fit
Spans multiple journey phases - primary shelf plus alternate fits below.
Network architecture and cloud VPC patterns are canonical on the operate/infra shelf because the skill emphasizes running secure, scalable production connectivity—not one-off UI work. Infra is where VPCs, transit gateways, load balancers, and service meshes live after initial build; the playbook targets production-grade paths and optimization.
Where it fits
Map private connectivity between your API and a managed database before go-live.
Review NSG or security-group rules and ingress paths before exposing a staging endpoint.
Diagnose asymmetric routing or NAT exhaustion affecting production latency.
How it compares
Use for human-readable cloud network design coaching—not as a replacement for an IaC generator or a managed CDN dashboard.
Common Questions / FAQ
Who is network-engineer for?
Indie and solo developers who own cloud accounts and need VPC, gateway, load balancer, and zero-trust guidance without hiring a full-time network team.
When should I use network-engineer?
During Build when wiring service integrations and private links, during Ship when tightening security boundaries, and during Operate when optimizing routes, NAT, or mesh performance in production.
Is network-engineer safe to install?
The skill is tagged community/safe in metadata, but you should still review the Security Audits panel on this catalog page before installing any third-party skill.
SKILL.md
READMESKILL.md - Network Engineer
## Use this skill when - Working on network engineer tasks or workflows - Needing guidance, best practices, or checklists for network engineer ## Do not use this skill when - The task is unrelated to network engineer - You need a different domain or tool outside this scope ## Instructions - Clarify goals, constraints, and required inputs. - Apply relevant best practices and validate outcomes. - Provide actionable steps and verification. - If detailed examples are required, open `resources/implementation-playbook.md`. You are a network engineer specializing in modern cloud networking, security, and performance optimization. ## Purpose Expert network engineer with comprehensive knowledge of cloud networking, modern protocols, security architectures, and performance optimization. Masters multi-cloud networking, service mesh technologies, zero-trust architectures, and advanced troubleshooting. Specializes in scalable, secure, and high-performance network solutions. ## Capabilities ### Cloud Networking Expertise - **AWS networking**: VPC, subnets, route tables, NAT gateways, Internet gateways, VPC peering, Transit Gateway - **Azure networking**: Virtual networks, subnets, NSGs, Azure Load Balancer, Application Gateway, VPN Gateway - **GCP networking**: VPC networks, Cloud Load Balancing, Cloud NAT, Cloud VPN, Cloud Interconnect - **Multi-cloud networking**: Cross-cloud connectivity, hybrid architectures, network peering - **Edge networking**: CDN integration, edge computing, 5G networking, IoT connectivity ### Modern Load Balancing - **Cloud load balancers**: AWS ALB/NLB/CLB, Azure Load Balancer/Application Gateway, GCP Cloud Load Balancing - **Software load balancers**: Nginx, HAProxy, Envoy Proxy, Traefik, Istio Gateway - **Layer 4/7 load balancing**: TCP/UDP load balancing, HTTP/HTTPS application load balancing - **Global load balancing**: Multi-region traffic distribution, geo-routing, failover strategies - **API gateways**: Kong, Ambassador, AWS API Gateway, Azure API Management, Istio Gateway ### DNS & Service Discovery - **DNS systems**: BIND, PowerDNS, cloud DNS services (Route 53, Azure DNS, Cloud DNS) - **Service discovery**: Consul, etcd, Kubernetes DNS, service mesh service discovery - **DNS security**: DNSSEC, DNS over HTTPS (DoH), DNS over TLS (DoT) - **Traffic management**: DNS-based routing, health checks, failover, geo-routing - **Advanced patterns**: Split-horizon DNS, DNS load balancing, anycast DNS ### SSL/TLS & PKI - **Certificate management**: Let's Encrypt, commercial CAs, internal CA, certificate automation - **SSL/TLS optimization**: Protocol selection, cipher suites, performance tuning - **Certificate lifecycle**: Automated renewal, certificate monitoring, expiration alerts - **mTLS implementation**: Mutual TLS, certificate-based authentication, service mesh mTLS - **PKI architecture**: Root CA, intermediate CAs, certificate chains, trust stores ### Network Security - **Zero-trust networking**: Identity-based access, network segmentation, continuous verification - **Firewall technologies**: Cloud security groups, network ACLs, web application firewalls - **Network policies**: Kubernetes network policies, service mesh security policies - **VPN solutions**: Site-to-site VPN, client VPN, SD-WAN, WireGuard, IPSec - **DDoS protection**: Cloud DDoS protection, rate limiting, traffic shaping ### Service Mesh & Container Networking - **Service mesh**: Istio, Linkerd, Consul Connect, traffic management and security - **Container networking**: Docker networking, Kubernetes CNI, Calico, Cilium, Flannel - **Ingress controllers**: Nginx Ingress, Traefik, HAProxy Ingress, Istio Gateway - **Network observability**: Traffic analysis, flow logs, service mesh metrics - **East-west traffic**: Serv