OVERVIEW:
The Infrastructure/Network Engineer builds and evolves the company's Palo Alto SASE & SD-WAN and Cisco Meraki campus networks to deliver secure, performant connectivity. Responsibilities include policy-driven networking via Strata Cloud Manager, GlobalProtect secure access, Meraki switching/wireless engineering, 802.1X/EAP-TLS integration, and network automation/observability. Collaborates with Cyber and Systems to enable identity-aware, zero-trust networking.
PRIMARY RESPONSIBILITIES:- Designs and implements network solutions that improve reliability, performance, and security.
- Drives standardization and documentation; influences architecture through peer reviews.
- Partners with Cyber and Systems on certificate-based access, device posture, and telemetry to SIEM.
- Engineer and optimize Palo Alto SD-WAN fabric (path selection, QoS, HA) and SASE policies in Strata Cloud Manager.
- Configure and maintain Prisma Access/GlobalProtect for secure remote access; integrate identity and device posture.
- Develop site cutover plans and playbooks; validate performance against SLOs.
- Engineer Meraki switching/wireless: RF design, capacity planning, segmentation, and SSID architectures.
- Implement 802.1X/EAP-TLS with RADIUS/NPS and certificate services; coordinate with Systems for device cert lifecycle.
- Harden network services (DHCP/DNS/IPAM) and enforce least-privilege segmentation.
- Automate repetitive tasks using Python/Ansible/APIs; build compliance checks and config templates.
- Create health/telemetry dashboards (latency, loss, jitter, SNR, link quality); instrument alerting and runbooks.
- Contribute logs/metrics to SIEM (e.g., Rapid7) and analyze trends to reduce MTTR.
- Author CRs with impact analysis, testing plans, and backout; perform staged rollouts.
- Execute root-cause analysis and implement durable fixes; maintain reference configurations.
- Collaborate with Cyber to align with ISO/NIST/CIS controls and evidence collection.
QUALIFICATIONS:- 4+ years engineering enterprise networks with SD-WAN/SASE and campus access.
- Hands-on with Palo Alto (Strata Cloud Manager, PAN-OS) and Cisco Meraki (switching/wireless).
- Strong knowledge of 802.1X, EAP-TLS, RADIUS/NPS, VLANs, routing (OSPF/BGP), QoS, and HA.
- Experience with Python/Ansible/APIs for network automation; strong documentation and change discipline.
- Strata Cloud Manager policy stacks/templates; PAN-OS; Prisma Access/GlobalProtect.
- Meraki Dashboard (switch/AP), RF fundamentals, and Wi-Fi troubleshooting.
- RADIUS/NPS, certificate services for EAP-TLS; DHCP/DNS/IPAM.
- Python/Ansible, REST APIs, Git; SolarWinds (or similar) telemetry.
- Analytical problem solving and crisp technical communication.
- Proactive risk identification and mitigation; bias for automation.
- Palo Alto Strata Cloud Manager, Prisma Access/GlobalProtect, PAN-OS.
- Cisco Meraki switch/AP, RADIUS/NPS, DHCP/DNS/IPAM.
- SolarWinds (or similar), Python/Ansible, REST APIs, ServiceNow/Jira, Git.
Preferred:- Experience with Prisma Access/GlobalProtect and certificate-based access patterns.
- Exposure to SolarWinds or similar tools; DNS/DHCP/IPAM best practices.
- Certifications: PCNSE, Palo Alto SASE/SD-WAN, Cisco ENCOR/ENARSI, Meraki CMSS (nice-to-have).
WORKING CONDITIONS:- Able to sit and work at a computer keyboard for extended periods of time.
- Able to stoop, kneel, bend at the waist and reach daily.
- Able to perform general office administrative activities: copying, filing, delivering and using the telephone.
- Able to lift and move up to 25 pounds occasionally.
- Regular and on-time attendance.
- Must be able to prioritized, schedule and complete testing required for multiple applications with overlapping schedules.
- A certain degree of creativity and flexibility is required.
- Hours may exceed 40 hours per week.
- Occasional travel by conventional means including aircraft, motor vehicle and the like within the region and to other locations as required.
Note: To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed are representative of the knowledge, skill, and/or ability required and are not intended to be an exhaustive list of all duties, responsibilities or qualifications associated with this job.
