Principal Network & Systems Engineer

About The Position

Requirements

• Bachelor’s degree in Computer Science, IS, Engineering, or equivalent experience.
• 7+ years in advanced network and systems engineering roles
• Expertise in routing, switching, identity systems, Palo Alto platforms and IPAM
• Experience with DOE directive and federal compliance.

Responsibilities

• Architect, design, implement, and maintain DOE‑ID’s enterprise network across core, distribution, edge, and data center layers, ensuring scalability, redundancy, and long-term alignment with organizational infrastructure strategy.
• Engineer and administer advanced routing and switching platforms, including EIGRP, OSPFv3, IPv6, VLAN segmentation, inter-VLAN routing, trunking, and high‑availability designs.
• Serve as the primary architect and administrator for Palo Alto Next‑Generation Firewalls (NGFW), including security policy architecture, URL filtering, threat prevention, SSL decryption, logging integrations, and zero‑trust access enforcement.
• Lead and maintain the enterprise remote‑access environment using Palo Alto GlobalProtect, including authentication integration, device posture checks, and certificate‑based access controls.
• Design and implement zero‑trust networking principles across critical systems, integrating firewall segmentation, identity‑based access controls, and continuous trust verification.
• Administer and optimize Cisco wireless systems, including controller‑based WLANs, SSID and authentication design, RF tuning, security policy enforcement, and enterprise guest wireless.
• Oversee enterprise monitoring and network health using system dashboards, telemetry, trending, packet‑level diagnostics, and event correlation to ensure performance, reliability, and immediate visibility of issues.
• Lead modernization initiatives for network, wireless, and firewall architectures, including equipment refreshes, policy redesign, IPv6 rollout, and backbone upgrades.
• Serve as the primary escalation point for complex network, wireless, and firewall issues requiring senior‑level architectural analysis.
• Serve as the Network Team Lead, providing daily technical direction, prioritization, and task assignment for junior and mid‑level network engineers.
• Mentor team members in advanced networking, routing, firewall policy design, troubleshooting methodology, and enterprise architecture principles.
• Oversee quality assurance for network changes, configurations, and architecture designs to ensure compliance with DOE standards and best practices.
• Act as primary escalation point for complex networking issues requiring senior‑level expertise.
• Coordinate work distribution, project responsibilities, and technical execution across the network engineering team.
• Provide training and hands‑on guidance to new engineers, including platform-specific instruction (Cisco, Palo Alto, Infoblox, ISE, etc.).
• Collaborate with cross-functional and inter‑agency teams to align network engineering activities with enterprise architecture goals.
• Serve as primary administrator for Cisco Identity Services Engine (ISE) including RADIUS, TACACS, 802.1X, guest wireless, and certificate‑based enforcement.
• Serve as primary administrator for Infoblox DDI (DNS, DHCP, IPAM).
• Maintain and maintain NIOS grid configurations including grid member health, grid services, licenses, and failover/HA strategies.
• Configure and maintain DNS authoritative and recursive services including zone management, forwarders, delegations, DNSEEC -related requirements, and RPZ policies.
• Engineer and maintain DNCP Scopes, DHCPv4/v6 pools, reservations, failover configuration, split scopes and address management policy supporting both IPv4 and IPv6 architectures.
• Manage the enterprise IP Address Management platform, ensuring effect subnet design, hierarchy, and usage tracking.
• Serve as Data Center Architect and Engineer for rack design, cabling, hardware installations, power and cooling considerations.
• Perform cyber incident response, investigations and reporting.
• Ensure compliance with DOE Orders, DOE-Idaho Policy and enterprise best-practices.
• Management and maintain network support servers and systems including Delinea Secret Server, F5 Load balancers Cerberus SFTP, Syslog servers, Nessus Agents, Tenable Vulnerability Management