Senior VMWare NSX Engineer

About The Position

Requirements

• Demonstrate hands-on expertise with VMware NSX-T Data Center: upgrades/migrations, Managers/Edges, T0/T1, EVPN/VXLAN fundamentals, DFW policy design, Groups/Tags, NAT, and BGP/OSPF peerings.
• Have solid vSphere/vCenter/ESXi operational skills, including VDS networking, host transport configuration, and connectivity troubleshooting across virtual/physical boundaries.
• Show practical experience with Illumio Core (PCE) or equivalent microsegmentation platforms for bare-metal firewall use cases: labels/policies, agent lifecycle, policy simulation/validation, and staged enforcement.
• Possess strong troubleshooting skills spanning L2–L4 (and basic L7 where relevant): routing, neighbor states, MTU/ECMP asymmetry, ACL/DFW hits, NAT, and cert/trust failures.
• Understand certificate management (PKI, CSRs, chains, renewal/rotation) and license administration (entitlements, consumption, renewal windows).
• Communicate clearly with technical and non-technical audiences; produce crisp change plans, RCA documents, and executive-level summaries.
• Embrace automation and IaC concepts (PowerCLI, Python, Ansible, REST APIs); familiarity with code review and version control is a plus.
• Operate within ITIL frameworks (INC/PRB/CRQ) and change governance; comfortable running changes during maintenance windows and peak-season constraints.

Nice To Haves

• (Preferred) Hold certifications such as VMware VCP-NV / VCIX-NV, Illumio certifications, RHCSA/Linux+, and/or ITIL v4; exposure to NSX Advanced Load Balancer (Avi) is beneficial.
• (Nice to have) Familiarity with adjacent domains: physical networking (Arista/Cisco), firewalling, IDS/IPS/service insertion, and compliance (e.g., PCI DSS).

Responsibilities

• Operate and upgrade VMware NSX-T across multiple data centers: plan/execute lifecycle activities (NSX Managers/Edges/Transport Nodes), pre-checks, impact assessments, change/rollback plans, post-validation, and documented handoffs.
• Administer NSX configurations: create/modify segments & port groups (VDS/VSS), transport zones, segment profiles, DHCP profiles, T0/T1 routing, NAT, BGP/OSPF adjacencies, NSX DFW sections/policies, Groups/Tags, and (as applicable) NSX Advanced Load Balancer objects.
• Support Illumio microsegmentation (bare-metal firewalls): manage PCE objects & label schemas, author and validate segmentation policies, deploy/upgrade agents (VENs) where applicable, support enforcement modes, and partner on app onboarding/runbooks.
• Manage certificates for NSX Managers/Edges and related appliances: track expirations, coordinate CSRs, perform installs/rotations, and maintain inventories & workflows to eliminate certificate-related outages.
• Own licensing for NSX & Illumio: monitor entitlements, forecast needs, initiate purchase requests, and ensure timely renewals and compliant deployment.
• Triage and resolve incidents/problems: perform root-cause analysis across virtual networking, routing, and segmentation; maintain SLAs; create follow-up problem records with corrective actions and knowledge articles.
• Open and drive vendor cases (VMware, Illumio, and OEMs): provide diagnostics, packet captures/logs, reproduce issues in lower environments, and track to closure with clear stakeholder updates.
• Harden and validate security posture: maintain least-privilege DFW/Illumio policies, coordinate change windows, and support audits (e.g., PCI) with evidence, diagrams, and rule reviews.
• Automate and document: use PowerCLI, Python, Ansible, or REST APIs to standardize changes and validations; write SOPs/runbooks, diagrams, and KBs; contribute to CI/CD pipelines where appropriate.
• Partner cross-functionally: collaborate with platform, compute, storage, security, and application teams to plan maintenance, align dependencies, and minimize risk.
• Participate in on-call rotation for NSX/segmentation services and support peak-season readiness and freeze-window protocols per Mastercard standards.
• Comply with ITIL processes: create/execute CRQs with risk/impact/rollback details, update INC/PRB records, and communicate status through executive-ready channels.

Benefits

• insurance (including medical, prescription drug, dental, vision, disability, life insurance)
• flexible spending account and health savings account
• paid leaves (including 16 weeks of new parent leave and up to 20 days of bereavement leave)
• 80 hours of Paid Sick and Safe Time, 25 days of vacation time and 5 personal days, pro-rated based on date of hire
• 10 annual paid U.S. observed holidays
• 401k with a best-in-class company match
• deferred compensation for eligible roles
• fitness reimbursement or on-site fitness facilities
• eligibility for tuition reimbursement