Sr. Network Engineer
Description: Overview This Senior Network Engineer position is responsible for the delivery of infrastructure solutions and services through standard offerings and processes that drive consistent adoption and speed to market. Network includes, but are not limited to, WAN/LAN routers and switches, core data center networks, load balancing devices, firewall/IPS devices, VPN solutions, Internet access and web filtering, wireless access, DNS/DHCP, network security and monitoring. Individual will work under general direction of the Network Services IS Manager within a team of Network engineers responsible for providing a diverse array of deliverables to optimize network capabilities and services. The ability to communicate clearly, deliver a high level of customer service, and think with the future in mind are key attributes for this role. Candidate MUST be local * Moving more towards a flexible work schedule * As of now, requiring people to be in the office 25% of the time * Home base would be research park drive P4 Engineer * MS Azure experience is highly desired * Must have strong routing experience * Routing and switching are in Equinix * Moving F5 load balancing environment to MS Azure * Experience with Express Connects would be a huge plus * Cloud firewalls (NSG's)- would be a huge plus * Palo Altos in Azure * Direct connect in MS Azure * VPN connectivity through Palo's to the cloud The P4 position will cover a wider range of experience than the P3 position. I have found that candidates that have supported large networks in the past tend to do better than those supporting small organizations. This is typically because smaller companies do not invest in enterprise level technology and infrastructure. The following are skills that we are looking for. We have existing expertise in many of these areas but want to build additional bench depth in these critical areas, so we don't always have to depend on the same subject matter expert in each area. We would not be able to afford an engineer with all of these skills, so checking off which ones they do have during the screening would be helpful. * 1. Experience configuring and expressroutes and associated routing to support the instance. Experience configuration network security groups (NSGs). BGP routing skills for VPN tunnels to other Cloud providers and non-hybrid connected instances. * Data Center switching/routing experience. We have a Nexus 7K/5K/2K environment in our main data center and various regional hubs. We will refresh, probably to Nexus 9Ks in the next couple of years. APIC experience would be a plus. * Global routing experience. We are currently using MPLS and Internet connections for transit connectivity between our regions as well as various Internet providers or Equinix fabric connections for data center interconnects (DCIs) in region. This requires skills around configuring resiliency for automatic failover of multiple links. * Palo Alto firewall experience. This is our standard, so skills in this area are essential for the Cloud work. The hands-on experience of installing, configuring high availability are not an absolute must have. BGP skills associated with Cloud and VPN tunnel configuration are more important giving our existing skills in this area. Client VPN (GlobalProtect) experience would be a plus. * Wireless. We are moving to WiFi-6 with either Cisco or Aruba beginning next year. Our current infrastructure is with Cisco. The P3 questions around access point, WLC, and ISE is relevant here. WiFi-6 will simply build on this relationship, although Aruba is configured differently. * We are transitioning from Cisco IWAN to Palo Alto Prisma SD-WAN. IWAN will be around for the next year and the engineer we lost was our most knowledgeable resource. IWAN experience would be great. Any experience with SD-WAN (Meraki does not count in my opinion) is helpful. The candidate knowing our direction in this area would be good for them to know. * We use Infoblox for IP address management (IPAM), DNS and DHCP. The candidate would need expertise in all of these areas, and Infoblox experience is a plus. Related would be an understanding of subnetting, segmentation and route advertisement and summarization. Some of these bleed over into routing and protocol understanding, but are important for engineers at almost any level to have. Cisco Routing A good understanding of routing concepts is key for any candidate at this level. I have included some details below around what we support. It would be difficult to provide actual questions for our recruiters without going deep into the weeds. Better to note if they have IWAN, DMVPN, EIGRP or BGP experience. We can dive deep during a technical interview. Also, we have decided to move forward with Palo Alto Prisma SD-WAN as a replacement for IWAN. This transition will take place over the next year. We will have training for all team members. Would be good to know if the candidate has an SD-WAN exposure. Remote sites currently use Cisco IWAN a single router supporting an MPLS connection and the second an Internet connection. Very few engineers have experience with IWAN, but DMVPN tunnel configuration/support is useful. EIGRP is used by IWAN, but the configuration is static and doesn't change. Good to have EIGRP skills but not a deal breaker. BGP is typically used when configuring complex routing and often with VPN tunnels. If they've used BGP, probably sufficient to ask for what purpose. ** Key questions to ask here are the following: Q: What is you experience supporting remote site routing? How many sites? What technology? Have you physically turned up circuits and configured routing? A: The larger the number of sites the better. MPLS, DMVPN, IPSEC, BGP, EIGRP are all acceptable answers concerning technology. Activating circuits and configuring the actual routers is a key piece of experience. If they answer that they have "supported" people doing this, the candidate is probably not what we are looking for. Palo Alto The Maintenance & Support team does handle firewall rule tickets around URL filtering, port requests and client VPN (GlobalProtect) support. The below questions will help vet out the candidate's experience. If the candidate has everything else already covered, we may be able to consider even if they do not have solid firewall skills. We'll need to see. How large is your Palo environment? Number of firewalls? How are the Palos managed? Locally or through Panorama? What are your primary responsibilities in the Palo environment? * Firewall rule management/URL filtering? * NAT/PAT rules? * Setup of physical interfaces and aggregate groups? * Configuration of VPN tunnels to 3rd parties? * Setup physical firewalls (greenfield/new install)? * Experience with high-availability (HA) configuration? * Experience supporting SSL decryption and exceptions? * Experience supporting GlobalProtect client VPN. Number of clients supported? Did the candidate setup and deploy or simply client support? Below is a list of other tools or systems that we use. No questions to ask really, just a checklist to see if they have experience in any of these. DNS/DHCP We use Infoblox for both as well as IP address management (IPAM). Monitoring Tools We did away with SolarWinds due to their breach. Our main tool will be NetMRI for configuration management and auditing. The Monitoring team has PRTG as a stop gap for up/down alerting but are looking for a longer-term solution. NetFlow NetFlow runs on our routers and provides end-to-end details on our WAN links. This is primarily for "network slow" tickets. We utilize LiveAction for this. Prisma SD-WAN has the same type of reporting built in, but we will continue to use LiveAction during the migration and beyond for firewalls and hubs. Load Balancing We use F5 and have two dedicated engineers, so no real need for this experience but a nice to have. * Network management tools. We currently use NetMRI, ScienceLogic, LiveAction, Splunk for configuration management, alerting, NetFlow and logging respectively. Expertise in any is a plus. Skills: Network engineering, Firewall, Router, Cisco routers, Wan, Paloalto, Data center Top Skills Details: Network engineering,Firewall,Router,Cisco routers,Wan,Paloalto,Data center Additional Skills & Qualifications: Responsibilities Develop and generate Systems Design Packages, to include conceptual, logical, and physical network architecture/designs and resulting artifacts, including documents and drawings, configuration policies and guidelines, testing analyses, test plans, and risk assessments to ensure sound architecture Research technological advancements to ensure that network solutions are continuously improved, supported, and aligned with industry and company standards as well as emerging business requirements Evaluate complex data networking technologies to understand their potential vs. risk and make recommendations including both technical and business foundations Work with technology vendors and IS purchasing in vendor negotiations and selection as needed Contribute to the development, testing, distribution, and documentation of networking technologies and solutions, and conduct training / turn-over of engineered solutions to operational support. Troubleshoots and demonstrates problem solving skills in identification of the root causes of business performance and execution issues by using process and data analysis Escalate issues in a timely and appropriate manner to team lead for support, approval and/or resolution Availability to work extended, off-hours, based upon project requirements and Major Incident remediation situations. Occasional travel may be required to support project implementations (less than 10%) Qualifications BS in Computer Science or related major or equivalent technical experience. 8-10 years of experience in network technologies Technical or Vendor Certifications as appropriate Skills & Abilities: Broad level of understanding surrounding information systems. Demonstrated ability to troubleshoot application and / or infrastructure related problems. Excellent written, presentation, and verbal communication skills. Strong interpersonal and consultative skills to effectively serve as an organizational advisor of technologies. Excellent pro Experience Level: Expert Level About TEKsystems: We're partners in transformation. We help clients activate ideas and solutions to take advantage of a new world of opportunity. We are a team of 80,000 strong, working with over 6,000 clients, including 80% of the Fortune 500, across North America, Europe and Asia. As an industry leader in Full-Stack Technology Services, Talent Services, and real-world application, we work with progressive leaders to drive change. That's the power of true partnership. TEKsystems is an Allegis Group company. The company is an equal opportunity employer and will consider all applications without regards to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.