Senior Network Engineer

Description        

The position will be responsible for the design, implementation, maintenance, and optimization of BRG’s local and wide area networks (LAN/WAN/WLAN).  An overall emphasis on perimeter network security configuration as it applies to datacenter, branch office, and cloud networks to ensure the security of BRG’s employees for both on-prem and cloud services through a Zero Trust approach. Function as primary technical contact for an outsourced SOC. This role will be responsible for building and managing an agile network topology that adapts for rapid growth and expansion along with changing business needs that require stable, efficient, and secure access to BRG resources worldwide.  A proven cross-disciplinary skillset would be required to efficiently collaborate with Cloud and Systems teams on large scale projects.  The Senior Network Engineer will report to the  Lead Security & Infrastructure Architect.      

Key Contacts   

• This role will interface with IT Leadership to ensure progress towards roadmap goals is being met and the implementation of new technologies and processes comply with security polices and frameworks.
• Work closely with Cloud and Systems teams to seamlessly integrate cloud and on-prem environments and the communication between them.
• This role will work with Risk and Compliance on Incident Response, Disaster Recovery and ensuring compliance with all applicable audit standards.

Responsibilities        

• Collaborate to develop architectural and engineering designs for large-scale datacenter network infrastructure.
• Take ownership responsibility for large project lifecycle from design through implementation and support.
• Evaluate and present methods for improving performance and/or reliability of the existing network infrastructure.
• Work with Cloud and Systems teams to ensure optimal connectivity / performance of VM hosts and storage devices.
• Maintain and troubleshoot firewalls, IDS/IPS, VPN appliances, vulnerability assessment tools, event and log analysis, security change tracking and other network systems and devices.
• Troubleshoot systems and networks to identify and correct malfunctions and other operational problems.
• Support / work on Palo Alto firewalls running GlobalProtect VPN.
• Identify and develop dot1x with Microsoft NPS, Cisco ISE, or other NAC products.
• Investigate, test, evaluate and remain informed of new technologies, products, and services.
• Serve as a point of escalation for security incidents, tickets, and on-call rotation resources.
• Collect and present security metrics/dashboards.
• Perform proactive threat hunting and risk investigations
• Participate and contribute to annual risk assessment exercises.     

Qualifications:        

• 7+ years of Network Engineering experience.
• Extensive knowledge of LAN/WAN routing and switching with Cisco equipment.
• 3+ years of experience with design, implementation, maintenance, and troubleshooting support of SDWAN connectivity, VeloCloud experience preferred.
• Experience deploying, managing, administering, and migrating security and Infrastructure platforms in a Hybrid environment, specifically strong in both traditional and Azure networking.

• Ability to design, implement, and support network architectures for Azure cloud-based systems, including virtual networks, subnets, network security groups, and VPNs.
• Hands-on experience with Palo Alto firewalls and VPN appliances.
• Experience with implementing or managing a SIEM/XDR/MDR or other security management platform.
• Experience working with a SOC/NOC or other outsourced monitoring support vendor.
• 3+ years of experience working with network and application authentication systems including a strong understanding of authentication protocols such as OAuth, SAML, Kerberos and MFA.
• Wireless experience strongly preferred, to include 802.11x standards in a Cisco and Meraki based infrastructure.
• Familiarity with Cisco ISE.
• Experience with many of the following protocols & technologies: RSTP, VLANs/STP, Trunking (Ether-channel)/LACP, IPv4 & IPv6, TCP, IGMP, LDP, RADIUS, ISE, IPSEC & VPNs, Netflow, DNS, HTTP, DHCP, SNMP, TACACS).
• Knowledge of Microsoft Windows based platforms (Windows Server, Active Directory).
• Strong understanding of desktops (Windows and MacOS), networks, hardware, and cloud platforms.
• Familiarity with industry frameworks and standards such as SOC2, ISO27002, HIPAA, HITRUST.
• Excellent oral and written communication skills.  Ability to present detailed or complicated information in an understandable way to non-technologists.
• Ability to see beyond constraints of the existing environments and identity opportunities for improvement.

#LI-Remote
#LI-AW1        

Tags