Senior Network Engineer
6 - 10 years
Deerfield, IL
$120k - $140k/year
Full-time
Hybrid
1 month ago
About the role
Job Description
Must Have Technical/Functional Skills
Required/Preferred Certifications:
Roles & Responsibilities
Enterprise Azure Network Architecture & Operations
On-Premises & WAN Infrastructure
Security, Zero Trust & Network Segmentation
Monitoring, Capacity & Governance
Generic Managerial Skills, If any
Must Have Technical/Functional Skills
- 7+ years of network engineering experience in large enterprise environments (global WAN, multi-site data centre, 10,000+ endpoints).
- 3+ years of hands-on Azure networking experience: Virtual WAN, ExpressRoute, Azure Firewall, NSGs, Private Endpoints, and Azure DNS.
- Expert-level knowledge of routing protocols: BGP (eBGP/iBGP), OSPF, EIGRP, and IS-IS in enterprise and service provider contexts.
- Deep expertise in enterprise switching: Spanning Tree variants (RSTP/MSTP), VLAN architecture, VxLAN/EVPN in data centre fabrics.
- Hands-on experience with enterprise firewall platforms: Palo Alto PAN-OS (required), Fortinet FortiOS, or Cisco FTD/ASA.
- CCNP Enterprise or CCNP Security (active) required; CCIE preferred.
- Experience with enterprise network automation: Python (Netmiko/NAPALM/Nornir), Ansible, or Terraform (azurerm networking resources).
Required/Preferred Certifications:
- CCNP Enterprise (Required) | AZ-700 (Highly Desirable) | Palo Alto PCNSE | CCIE (Preferred) | Fortinet NSE 4+
Roles & Responsibilities
Enterprise Azure Network Architecture & Operations
- Design and operate enterprise Azure network architecture: Azure Virtu al WAN hub-and-spoke topology connecting 20+ Azure subscriptions, on-premises data centres, and branch offices globally.
- Manage and optimise ExpressRoute circuits (10Gbps+) including BGP routing policy, route filtering, and failover to Site-to-Site VPN backup paths.
- Own Azure Firewall Premium policy management across all Azure regions; implement IDPS signatures, TLS inspection, and URL filtering aligned to enterprise security policy.
- Design and maintain Azure Private DNS Zone architecture integrated with on-premises DNS resolvers (Conditional Forwarders / Azure DNS Private Resolver).
- Implement and govern Private Endpoint and Private Link strategy for all PaaS services (Azure SQL, Storage, Key Vault, AKS API Server, etc.) to eliminate public exposure.
On-Premises & WAN Infrastructure
- Configure, manage, and optimise enterprise routing and switching infrastructure across Cisco Catalyst /Nexus, Juniper EX/QFX, and Arista platforms in Tier 3+ data centres.
- Administer BGP peering with upstream ISPs and Azure ExpressRoute; manage AS path manipulation, route redistribution and traffic engineering policies.
- Design and operate SD-WAN overlay (Cisco Catalyst SD-WAN / VMware VeloCloud) for 200+ branch sites , including policy-based routing and application-aware path selection.
- Manage enterprise network security perimeter: Palo Alto PA-Series (on-premises), Fortinet FortiGate (branch), and Cisco ISE for 802.1X NAC and segmentation.
Security, Zero Trust & Network Segmentation
- Lead implementation of Zero Trust Network Access (ZTNA) architecture using Microsoft Entra Private Access and Entra Internet Access as part of t he enterprise SASE strategy.
- Design and maintain macro and micro-segmentation strategies using VLANs, VRFs, NSGs, Azure Firewall Policy rule collections, and AKS network policies (Calico/Cilium).
- Conduct periodic network security reviews and vulnerability assessments; remediate findings from penetration testing and threat intelligence feeds within agreed SLA.
- Collaborate with the SOC and Cyber Security teams to investigate network-based threats and support forensic analysis of network traffic using Azure Network Watcher and NSG Flow Logs.
Monitoring, Capacity & Governance
- Operate and enhance network monitoring using Azure Network Performance Monitor, Log Analytics ThousandEyes, and SolarWinds NPM for end-to-end visibility across hybrid estate.
- Lead capacity planning for WAN circuits, Azure VNet address spaces, and data centre switching fabrics. present quarterly capacity reviews to the Head of Infrastructure.
Generic Managerial Skills, If any
- Maintain accurate, audit-ready network documentation: topology diagrams (Visio/Lucid chart), IP Address Management (IPAM) in Azure/InfoBlox, change records in ServiceNow.
- Participate in 24/7 on-call rota for P1/P2 network incidents, act as Network SME for Major Incident Management bridge calls.
Skills
Information TechnologyIT Services and IT Consulting