Network Infrastructure EngineerOnsite
Description:Diversified Systems is searching for a highly skilled and experienced Network Infrastructure Engineer to support and advance the State's enterprise networking environment. This position plays a critical role in designing, deploying, and operating new LDC (Liquor Distribution Center) fabrics, networks, identity-driven access systems, and observability platforms. The engineer will work closely with infrastructure team to ensure the State's network services remain reliable, scalable, secure, and aligned with enterprise modernization goals. This is a hands-on engineering position that requires strong technical expertise, effective communication, and the ability to support mission-critical systems across data centers and statewide operations.
Responsibilities:- Design, implement, and maintain Cisco Nexus platforms running ACI mode, including VRFs, Bridge Domains, EPGs/ESGs, L3Out, contracts, and fabric policies.
- Integrate ACI with virtualization and container platforms including Red Hat OpenShift VMM and Isovalent/Cilium.
- Configure and optimize RoCEv2 within the ACI fabric for high-performance, low-latency workloads.
- Conduct advanced troubleshooting of ACI fabric health, faults, endpoint learning, contracts, and multi-tenant segmentation.
- Develop and maintain fabric documentation, standards, and operational procedures.
- Deploy and support Cisco Catalyst platforms within campus environments.
- Design and maintain Software-Defined Access (SDA) architectures, including SDA Wired Fabric and Fabric-Enabled Wireless.
- Manage fabric underlay and overlay, policy mapping, authentication integrations, and assurance operations.
- Collaborate with wireless engineers to optimize coverage, performance, and policy enforcement across SDA.
- Configure and administer Cisco Identity Services Engine (Client) for TACACS+ device administration, authentication and authorization policy sets, and endpoint profiling.
- Integrate Cyber Vision intelligence into profiling, segmentation, and access control workflows.
- Support Zero Trust efforts through identity-centric segmentation and policy integration across ACI and SDA fabrics.
- Deploy and manage ThousandEyes for end-to-end visibility, routing path analysis, and performance monitoring.
- Implement and support Cisco Cyber Vision for OT/IoT asset visibility, device classification, and behavior analysis.
- Manage DNA Spaces for location analytics, telemetry ingestion, device behavior, and wireless intelligence.
- Provide meaningful insights to leadership using data from these observability platforms.
- Troubleshoot complex L2/L3 network issues across multiple environments including VLANs, OSPF, BGP, STP, and multicast.
- Designing, and implementing Palo Alto Networks security solutions across enterprise environments.
- Create and maintain documentation including architecture diagrams, standards, runbooks, and asset inventories.
- Assist in modernization planning, platform upgrades, procurement processes, and statewide technology initiatives.
- Other duties as assigned.
Requirements:- 15 years of experience working with Cisco networking required.
- Hands-on experience with Cisco ACI in production environments required.
- Deep knowledge of ACI constructs (VRF, Client, EPG, ESG, L3Out, contracts) required.
- Experience integrating ACI with OpenShift VMM and Cilium/Isovalent required.
- Proficiency with Cisco Catalyst platforms and SDA fabric technologies required.
- Experience administering Cisco Client including TACACS+ and policy-set based NAC required.
- Strong understanding of ThousandEyes, Cyber Vision, and DNA Spaces or comparable tools required.
- Solid command of core TCP/IP, routing, switching, QoS, and network security fundamentals required.
- Ability to develop clear diagrams, documentation, and architectural artifacts required.
- Strong analytical and communication skills with the ability to work in fast-paced, mission-critical environments required.
- Cisco certifications such as CCNP Data Center, CCNP Enterprise, CCIE, or equivalent experience highly desired.
- Hands-on experience with container networking and virtualization integrations highly desired.
- Familiarity with NIST frameworks and state-level cybersecurity requirements highly desired.
- Experience with network automation tools (Python, Ansible, REST APIs) highly desired.
- Prior work in state government or large enterprise network environments highly desired.
- PCCSA - Palo Alto Networks Certified Cybersecurity Associate foundational security, NGFW basics, threats, App-ID, and policy highly desired.
- PCNSA - Palo Alto Networks Certified Network Security Administrator focuses on NGFW configuration, security profiles, NAT, App-ID, URL filtering, WildFire highly desired.
