Senior Network Engineer

AITHERAS, LLC•New York, NY

27d•$135,000 - $140,000•Hybrid

About The Position

AITHERAS, LLC is a customer-focused IT consulting firm delivering cost-effective, mission-critical solutions since 2002. We specialize in Data Analytics, Cloud Computing, IT Engineering, Application Development, and Cyber Security. Based in Rockville, MD, we’re ISO 9001:2015 certified, an SBA-designated Small Business, and an MBE-certified firm by MDOT. We partner with over 100 clients to create scalable, innovative solutions that drive success. What You’ll Do % Time Responsibility 40 % Design & Implementation – Build and migrate segmentation zones, VRFs, and BGP/OSPF fabrics across Cisco Nexus 9K, Juniper QFX/MX, and Palo Alto PA-Series. 25 % Security & Visibility – Stand up TACACS+/Cisco ISE for AAA, integrate flow telemetry into Cisco Secure Network Analytics (StealthWatch), deploy taps/SPANs/Gigamon, and tune IDS/IPS policies for OT & IT. 15 % Automation – Write and maintain Python/Ansible/Terraform pipelines (pyATS, Nornir, Jinja2) for golden-config generation, compliance drift detection, and CI/CD-based push-button rollouts. 10 % Operations & Incident Response – Serve as L3 escalation and join a 1-week-per-6 on-call rotation; own post-mortems and MTTR metrics. 10 % Documentation & Mentoring – Produce HLDs/LLDs, MOPs, and runbooks; coach junior engineers toward CCNP/PCNSE.

Requirements

8+ years progressive experience in enterprise or service-provider networking.
Deep expertise configuring and troubleshooting BGP, OSPF, static routing, VRFs, VXLAN-EVPN.
Hands-on with Cisco Catalyst/Nexus & ASA/FTD, Juniper EX / QFX / MX, and Palo Alto NGFWs (Pan-OS 9/10).
Solid command of AAA (TACACS+, RADIUS) and production deployments of Cisco ISE or equivalent.
Practical experience deploying or operating flow-analytics / tap infrastructure (StealthWatch, Gigamon, NetFlow/IPFIX, SPANs).
Comfort writing Python and Ansible playbooks; git-based workflows (GitLab/GitHub, CI pipelines).
Familiarity with network IDS/IPS (Snort, Zeek, Palo Alto Threat Prevention) and SIEM workflows (Splunk, QRadar).
Ability to create HLD/LLD diagrams in Visio or draw.io and present them to technical & business leadership.
U.S. work authorization and ability to commute to NYC area 3× week.

Nice To Haves

CCNP Enterprise/Security, PCNSE, JNCIS-ENT/Sec, or CCIE (R&S / Enterprise).
Cisco Secure Network Analytics design experience (flow collector sizing, policy tuning).
Prior exposure to industrial / OT networks (NIST 800-82, Purdue Model, SCADA segmentation).
AWS or Azure Advanced Networking certification; Transit Gateway design experience.
Experience with F5 LTM/GTM or Citrix ADC in low-latency trading or fintech environments.
Source-of-truth & intent platforms (NetBox, Nautobot), RESTful API development, or Go/Rust scripting.

Responsibilities

Design & Implementation – Build and migrate segmentation zones, VRFs, and BGP/OSPF fabrics across Cisco Nexus 9K, Juniper QFX/MX, and Palo Alto PA-Series.
Security & Visibility – Stand up TACACS+/Cisco ISE for AAA, integrate flow telemetry into Cisco Secure Network Analytics (StealthWatch), deploy taps/SPANs/Gigamon, and tune IDS/IPS policies for OT & IT.
Automation – Write and maintain Python/Ansible/Terraform pipelines (pyATS, Nornir, Jinja2) for golden-config generation, compliance drift detection, and CI/CD-based push-button rollouts.
Operations & Incident Response – Serve as L3 escalation and join a 1-week-per-6 on-call rotation; own post-mortems and MTTR metrics.
Documentation & Mentoring – Produce HLDs/LLDs, MOPs, and runbooks; coach junior engineers toward CCNP/PCNSE.