Senior Network Engineer

Job Title
:
Senior Network Engineer

Location
:
Deerfield, IL (ONSITE)

FULLTIME ONLY

Job Description

Must Have Technical/Functional Skills

• 7+ years of network engineering experience in large enterprise environments (global WAN, multi-site data centre, 10,000+ endpoints).

• 3+ years of hands-on Azure networking experience:
Virtual WAN, Express Route, Azure Firewall, NSGs, Private Endpoints, and Azure DNS.

• Expert-level knowledge of routing protocols: BGP (eBGP/iBGP), OSPF, EIGRP, and IS-IS in enterprise and service provider contexts.

• Deep expertise in enterprise switching:
Spanning Tree variants (RSTP/MSTP), VLAN architecture, VxLAN/EVPN in data centre fabrics.

• Hands-on experience with enterprise firewall platforms:
Palo Alto PAN-OS (required), Fortinet Forti

OS, or Cisco FTD/ASA.

• CCNP Enterprise or CCNP Security (active) required; CCIE preferred.

• Experience with enterprise network automation:
Python (Netmiko/NAPALM/Nornir), Ansible, or Terraform (azure networking resources).

Required/Preferred

Certifications:



CCNP Enterprise (Required) | AZ-700 (Highly Desirable) | Palo Alto PCNSE | CCIE (Preferred) | Fortinet NSE 4+



Roles & Responsibilities
Enterprise Azure Network Architecture & Operations

• Design and operate enterprise Azure network architecture:
Azure Virtual WAN hub-and-spoke topology connecting 20+ Azure subscriptions, on-premises data centres, and branch offices globally.

• Manage and optimise Express Route circuits (10

Gbps+) including BGP routing policy, route filtering, and failover to Site-to-Site VPN backup paths.

• Own Azure Firewall Premium policy management across all Azure regions; implement IDPS signatures, TLS inspection, and URL filtering aligned to enterprise security policy.

• Design and maintain Azure Private DNS Zone architecture integrated with on-premises DNS resolvers (Conditional Forwarders / Azure DNS Private Resolver).

• Implement and govern Private Endpoint and Private Link strategy for all PaaS services (Azure SQL, Storage, Key Vault, AKS API Server, etc.) to eliminate public exposure.

On-Premises & WAN Infrastructure

• Configure, manage, and optimise enterprise routing and switching infrastructure across Cisco Catalyst /Nexus, Juniper EX/QFX, and Arista platforms in Tier 3+ data centres.

• Administer BGP peering with upstream ISPs and Azure Express Route; manage AS path manipulation, route redistribution and traffic engineering policies.

• Design and operate SD-WAN overlay (Cisco Catalyst SD-WAN / VMware Velo Cloud) for 200+ branch sites , including policy-based routing and application-aware path selection.

• Manage enterprise network security perimeter:
Palo Alto PA-Series (on-premises), Fortinet Forti Gate (branch), and Cisco ISE for 802.1X NAC and segmentation.

Security, Zero Trust & Network Segmentation

• Lead implementation of Zero Trust Network Access (ZTNA) architecture using Microsoft Entra Private Access and Entra Internet Access as part of the enterprise SASE strategy.

• Design and maintain macro and micro-segmentation strategies using VLANs, VRFs, NSGs, Azure Firewall Policy rule collections, and AKS network policies (Calico/Cilium).

• Conduct periodic network security reviews and vulnerability assessments; remediate findings from penetration testing and threat intelligence feeds within agreed SLA.

• Collaborate with the SOC and Cyber Security teams to investigate network-based threats and support forensic analysis of network traffic using Azure Network Watcher and NSG Flow Logs.

Monitoring, Capacity & Governance

• Operate and enhance network monitoring using Azure Network Performance Monitor, Log Analytics Thousand Eyes, and Solar Winds NPM for end-to-end visibility across hybrid estate.

• Lead capacity planning for WAN circuits, Azure VNet address spaces, and data centre switching fabrics. present quarterly capacity reviews to the Head of Infrastructure.