Network Operations Engineer IV

About The Position

Requirements

• 7+ years of enterprise network engineering experience.
• Proven hands-on expertise with EVPN/VXLAN architectures, including both underlay and overlay design and operation.
• Strong proficiency with Arista (EOS / CloudVision) and/or Cisco (NX-OS, IOS-XE, Meraki) platforms.
• Hands-on experience designing and operating Palo Alto NGFWs managed through Panorama.
• Experience designing and operating SD-WAN at enterprise scale (VeloCloud preferred).
• Deep experience with Microsoft Azure networking, including hybrid connectivity (ExpressRoute, Site-to-Site VPN, vWAN).
• Strong understanding of BGP, OSPF, routing policy, and path selection; MTU, encapsulation, and overlay behavior; high-availability and failover mechanisms.
• Working experience with IPAM and enterprise DNS.
• Demonstrated experience operating at the intersection of on-prem and Azure networking.
• Proven experience leading a network transformation initiative or serving as the senior technical authority on a complex network program.

Nice To Haves

• Azure certifications (AZ-700, Azure Solutions Architect Expert).
• Vendor certifications such as Arista ACE, Cisco CCNP/CCIE, Palo Alto PCNSE, or VMware VCP-NV / VeloCloud.
• Experience with automation and infrastructure-as-code -- Python, Ansible, Terraform, PowerShell -- applied to network operations.
• Familiarity with network telemetry, streaming telemetry (gNMI), NetFlow/IPFIX, and modern observability platforms.
• Experience supporting large-scale enterprise or highly regulated environments (financial services, healthcare, etc.).
• Exposure to multi-cloud networking architectures.

Responsibilities

• EVPN/VXLAN fabric design: Design, implement, and operate modern leaf-spine data center fabrics using EVPN/VXLAN, owning both the underlay (IP fabric, IGP, loopback/VTEP addressing) and the overlay (BGP EVPN control plane, VNI/VRF mapping, Type-2/Type-5 route handling).
• Multi-site network routing design: Architect consistent, deterministic, and highly available routing across multiple data centers, campus sites, cloud regions, and branch locations, including DCI, route stretch, and failure-domain isolation.
• Internet edge network routing design: Design and operate internet edge architectures -- BGP peering with service providers, public IP and ASN management, DDoS mitigation posture, and secure, redundant ingress/egress for production workloads.
• Wireless/WLAN: Secure Wireless design & Initial buildout configuration.
• Layer 3-centric design: Engineer modern, routed-access designs that minimize reliance on legacy Layer 2 constructs, producing deterministic traffic flows and clean failure behavior.
• Documentation & standards: Produce high-quality design documents, HLDs/LLDs, topology diagrams, and operational runbooks.
• Security & Troubleshooting: Implement (every day or troubleshooting) tasks & project related initiatives in a security first manner.
• BGP / OSPF: Own enterprise routing architecture using BGP and OSPF, including redistribution, summarization, route filtering, communities, and path selection.
• VeloCloud SD-WAN (underlay & overlay): Design and operate VeloCloud SD-WAN, including underlay transport (Internet, MPLS, LTE/5G) and overlay policy -- application-aware routing, dynamic path steering, QoS, and segmentation across branch and multi-site environments.
• Site-to-Site VPN connectivity: Design, deploy, and maintain Site-to-Site VPN tunnels (IPsec/IKEv2) to partners, remote sites, and cloud environments, ensuring resilient primary/backup paths, strong crypto standards, and clean failover.
• Perform deep packet-level troubleshooting across physical, virtual, and cloud networks.
• Palo Alto Networks firewalls & Panorama: Design, deploy, and operate Palo Alto NGFW platforms at scale, centrally managed through Panorama for policy, object, logging, and lifecycle management across on-prem and cloud.
• Segmentation & Zero Trust: Implement network segmentation, micro-segmentation, and Zero Trust / least-privilege principles across the environment.
• Deliver east-west and north-south traffic inspection, secure application publishing, and private access models.
• Integrate firewalls with hybrid routing, cloud networking, and SDN constructs for consistent policy enforcement.
• Architect and operate hybrid connectivity between on-prem data centers and Azure using ExpressRoute (dual-circuit and failover designs), Site-to-Site and Point-to-Site VPN, and BGP peering with route filtering.
• Design and manage Azure networking components: Virtual Networks (VNets), subnets, address planning, Network Security Groups (NSGs), User Defined Routes (UDRs), Azure VPN Gateway, Virtual WAN (vWAN), and Azure Firewall / third-party NGFW integration.
• Ensure consistent routing, segmentation, and security policy enforcement across hybrid environments.
• IPAM & DNS management: Own IP address management and DNS strategy across on-prem and cloud -- address planning, subnet allocation, zone design, split-horizon DNS, and conditional forwarding -- ensuring clean hygiene and reliable delivery of core network services.
• Network resource monitoring design: Design and continuously evolve monitoring, telemetry, and flow analytics (SNMP, streaming telemetry / gNMI, syslog, NetFlow/IPFIX) to provide end-to-end visibility across fabric, WAN, cloud, and edge -- with meaningful dashboards, thresholds, and alerting.
• Automation & network issue mitigation process improvement: Drive automation and process improvement to reduce manual toil, accelerate root-cause analysis, and shorten mean-time-to-repair -- leveraging tools such as Arista CloudVision, Ansible, Python, Terraform, and vendor APIs to standardize configurations, validate changes, and self-heal common failure patterns.
• Lead or play a senior technical role in major network transformation projects, such as: Migrating from legacy Layer 2 networks to modern Layer 3 / EVPN-VXLAN designs, Data center modernization or consolidation, Enterprise SD-WAN rollouts and legacy WAN retirement, Hybrid cloud networking redesign.
• Develop target-state architectures and phased migration plans.
• Evaluate technical debt and design modernization strategies with minimal business disruption.

Benefits

• competitive compensation and benefits package