RESPONSIBILITIESTECHNICAL LEADERSHIP & ESCALATION:
- Serve as the primary escalation point for complex network incidents, outages, and performance issues owing problems through to resolution with clear communication to stakeholders
>
- Provide expert guidance to internal engineers, MSP resources, and NOC personnel on architecture, troubleshooting methodology, and root cause analysis
>
- Lead post-incident reviews, drive root cause identification, and implement lasting remediations to prevent recurrence
>
- Evaluate complex vendor and MSP escalations; make technical decisions on design, tooling, and resolution approach
>
NETWORK ARCHITECTURE & DESIGN:
- Work with the Director of Network & Infrastructure to architect scalable, resilient, and secure network solutions across LAN, WAN, wireless, cloud, and building infrastructure
>
- Lead the design and evolution of network segmentation strategy including zero-trust principles, VRF separation, and secure OT/IT boundary enforcement
>
- Develop and maintain network infrastructure standards, reference architectures, and design patterns for consistent deployment across properties
>
- Evaluate emerging technologies and contribute to the long-term infrastructure roadmap, particularly around Palo Alto / Panorama, Aruba, and cloud connectivity platforms
>
NETWORK ENGINEERING & OPERATIONS:
- Design, deploy, and manage enterprise network infrastructure across BMS, IoT, Wi-Fi, PropTech, AV, security systems, corporate offices, and the Observatory
>
- Administer Palo Alto NGFWs via Panorama - policy management, threat prevention, VPN, NAT, and security profile lifecycle management
>
- Manage and optimize Aruba switching and wireless infrastructure including configuration, upgrades, RF planning, and troubleshooting via Aruba Central
>
- Own BGP, OSPF, VLANs, VPN, QoS, and DNS configurations across multi-site environments
>
- Manage WAN and ISP connectivity including failover design and carrier-level troubleshooting
>
- Support IoT and PropTech deployments in a secure manner with a focus on building systems, access control, and sustainability technology
>
SECURITY & COMPLIANCE:
- Lead network security posture improvements including firewall policy lifecycle, ACL governance, and vulnerability remediation
>
- Administer Zscaler ZIA and ZPA - URL filtering, SSL inspection, cloud firewall rules, and app connector management
>
- Manage Proofpoint email security platform including anti-spam, anti-phishing, encryption, and threat response policies
>
- Administer BitSight to track, triage, and coordinate remediation of external security posture findings
>
- Maintain PCI-DSS and SOX compliance through adherence to and enforcement of network policies and procedures
>
- Collaborate with the MSSP on security monitoring, threat analysis, and incident response
>
- Ensure timely application of patches, hotfixes, and firmware upgrades across all network equipment
>
IDENTITY, ACCESS & CLOUD:
- Administer Okta for SSO/SAML/OIDC, MFA enforcement, and user lifecycle management including SCIM provisioning and deprovisioning
>
- Manage Conditional Access Policies and integrate identity platforms with Palo Alto User-ID, Zscaler IdP federation, and Azure AD
>- Design and manage Microsoft Azure cloud networking including hybrid connectivity, VNet architecture, NSGs, and Azure Firewall
>
- Support Microsoft 365 and Exchange Online from a network and connectivity perspective including split tunneling and optimization
>
- Support IAM and PAM platforms as they relate to network access control and privilege governance
>
PHYSICAL INFRASTRUCTURE & SYSTEMS:
- Manage physical server infrastructure, rack equipment installation, and data center operations including cabling, power, and cooling
>
- Administer building riser infrastructure and ensure secure integration of IT and OT devices on segregated network segments
>
- Support VMware vSphere virtual networking environments and server resource management
>
- Oversee SAN/NAS storage networking and business continuity / backup technologies
>
MONITORING, DOCUMENTATION & GOVERNANCE:
- Drive network monitoring strategy and tooling to ensure proactive alerting and performance trending across the full infrastructure estate
>
- Author and maintain high-quality documentation including topology diagrams, configuration baselines, SOPs, and runbooks
>
- Contribute to business continuity and disaster recovery procedures; develop, test, and maintain failover runbooks
>
- Adhere to change management and PMO best practices for all infrastructure changes; manage project milestones with clear stakeholder communication
>
WHAT SUCCESS LOOKS LIKE- Complex escalations are resolved decisively and thoroughly, with clear communication throughout the team and Director trust this person to own the hardest problems
>
- Network architecture documentation, standards, and reference designs are developed and kept current, reducing reliance on tribal knowledge
>
- Security posture improves measurably: firewall policies are rationalized, vulnerabilities remediated on time, and segmentation consistently enforced
>
- Network stability and availability are maintained across all properties; incidents are detected proactively rather than reactively
>
- New technologies and architectural improvements are identified and brought forward with well-reasoned business cases
>
- Service Desk escalations are resolved efficiently with recurring patterns identified and addressed proactively
>
REQUIRED TECHNICAL SKILLS / ABILITIESINTERPERSONAL SKILLS:
- Communicates complex technical issues, architectural decisions, and incident status clearly to both engineering peers and executive leadership
>
- Strong analytical and troubleshooting instincts works through ambiguous, high-pressure situations methodically and calmly
>
- Collaborative mindset: works effectively with internal teams, MSP, MSSP, and vendors; shares knowledge freely and raises team capability
>
- Self-directed and highly accountable that takes ownership without waiting to be asked and follows through to full resolution
>
- Strong documentation discipline; leaves systems, configurations, and designs better documented than found
>
- Proactively monitors industry developments and brings emerging technologies and best practices to the team's attention
>
PALO ALTO NGFWs & PANORAMA:
- Expert-level policy management, troubleshooting, and architecture across a distributed multi-site environment
>
- Panorama: centralized policy administration, device group management, log forwarding, and operational management at scale
>
- Advanced firewall design: zone-based architecture, App-ID, User-ID, URL filtering, SSL decryption, threat prevention, and WildFire integration
>
- GlobalProtect: VPN configuration, gateway management, and site-to-site connectivity
>
- NAT policy design, security profile tuning, and firewall policy lifecycle management
>
- PCNSE certification strongly preferred
>
ARUBA WIRELESS & SWITCHING:
- Aruba CX / AOS-CX switching - configuration, troubleshooting, and lifecycle management across multi-site environments
>
- Aruba Central management: RF planning, access point lifecycle, and performance optimization
>
- Wireless security: 802.1X, RADIUS integration, guest network segmentation, and rogue AP detection
>
- SD-WAN architecture awareness and WAN/ISP circuit failover design
>
ZSCALER ZIA / ZPA:
- Zscaler Internet Access (ZIA) URL filtering, SSL inspection, cloud firewall, and policy configuration
>
- Zscaler Private Access (ZPA) zero-trust application access, app connector management, and policy administration
>
- Zscaler tenant administration, log streaming, and integration with SIEM and identity providers
>
OKTA / IAM & PAM:
- Okta SSO/SAML/OIDC configuration, MFA enforcement, and user lifecycle management including SCIM provisioning
>
- Okta integration with Palo Alto User-ID, Zscaler IdP federation, and Azure AD directory sync
>
- PAM platform familiarity and IAM integration with network access controls and Conditional Access Policies
>
DNS & DOMAIN SECURITY:
- Windows DNS / Active Directory-integrated internal DNS, external authoritative DNS, and split-brain DNS architectures
>
- DNSSEC implementation and DNS-based threat detection and filtering
>
- Domain protection - monitoring for lookalike/spoofed domains and unauthorized SSL/TLS certificate issuance
>
- SSL/TLS certificate lifecycle management across internal and external services
>
- BitSight or equivalent EASM platform administration
>
PROOFPOINT EMAIL SECURITY:
- Anti-spam, anti-phishing, email encryption, and threat response policy management
>
- Platform administration including quarantine management, allow/block lists, and reporting
>
- Coordination with the security team on phishing investigations and incident response
>
- Experience with a comparable enterprise email security platform considered equivalent
>
OT / BMS / IoT / PROPTECH:
- Hands-on experience with network design for building management systems (BMS), IoT devices, and PropTech deployments
>
- Network segmentation for OT/IT boundaries including VRF separation and secure access control
>
- Experience supporting access control, CCTV, AV systems, and sustainability technology in a commercial real estate or multi-family residential environment
>
- Awareness of OT security principles and protocols relevant to building infrastructure
>
PHYSICAL INFRASTRUCTURE & DATA CENTER:
- Physical server management, rack installation, and data center operations including cabling, power, and cooling
>
- VMware vSphere, virtual networking and server resource management
>
- Microsoft Windows Server 2019/2022/2025 and Linux administration
>
- Microsoft Active Directory, DNS, and DHCP infrastructure management
>
- SAN/NAS storage networking and business continuity / backup technologies
>
PCI-DSS & SOX COMPLIANCE:
- Working knowledge of PCI-DSS and SOX requirements for network segmentation, access control, and audit logging
>
- Firewall ACL governance, policy review cycles, and evidence collection for compliance audits
>
- Experience in a regulated industry (real estate, financial services, or similar) preferred
>
CLOUD & HYBRID NETWORKING:
- Microsoft Azure - VNet design, hybrid connectivity (ExpressRoute / VPN Gateway), NSGs, Azure Firewall, and Azure AD / Entra
>
- Hybrid DNS resolution, cloud-to-on-premises connectivity patterns, and identity federation
>
- Microsoft 365 and Exchange Online - network requirements, split tunneling, and connectivity optimization
>
EDUCATION & EXPERIENCE- 8-10 years of progressive, hands-on enterprise network engineering experience with demonstrated depth in complex, multi-site environments
>
- At least 3 years in a senior or lead capacity managing
