Sr Network and Systems Engineer

Job Description

Job DescriptionJob DescriptionWe are seeking a highly skilled Senior Network and Systems Engineer to lead the architecture, implementation, and ongoing support of complex client network environments. This role is ideal for a seasoned professional who thrives on designing resilient networks, troubleshooting critical issues, hardening security at the edge, and producing exceptional documentation that drives consistency and compliance.
You will join a collaborative team supporting multi-client, multi-server environments where clarity, repeatability, and technical excellence are key. The ideal candidate combines deep networking expertise with strong firewall, VPN, wireless, and SD-WAN experience and a methodical approach to change management and documentation.
While the primary focus is networking, the successful candidate brings solid Windows Server and virtualization fundamentals — enough to confidently handle routine systems administration tasks and contribute on server-side work as needed.Key ResponsibilitiesNetwork Architecture & Operations

• Design secure, scalable L2/L3 network architectures — routing, switching, VLAN segmentation, QoS, SD-WAN, and high availability.
• Configure, deploy, and manage enterprise routing and switching environments — ensuring performance, reliability, and security across multi-site client networks.
• Lead network design discussions across multi-client environments, including HLD/LLD diagrams, IP schemes, and VLAN plans.
• Troubleshoot complex network issues using packet analysis, telemetry tools, and structured root-cause methodology.
• Standardize configurations and rollout templates for repeatable, low-risk deployments.
• Plan and execute network change windows, firmware upgrades, and configuration backups.

Firewalls, VPN & Edge Security

• Design, deploy, and harden Fortinet firewalls (required), as well as other firewall platforms (Palo Alto, SonicWall, Cisco ASA) where present — policy management, NAT, IPsec/SSL VPN, IDS/IPS, segmentation, and identity-aware policies.
• Implement and maintain site-to-site VPN, client/remote-access VPN, and hybrid connectivity to Azure and AWS (ExpressRoute / Direct Connect concepts).
• Manage SIEM integrations, log forwarding, and security monitoring for network devices.
• Support compliance with frameworks such as HIPAA, CMMC, and PCI through proper hardening, logging, and documentation.

Wireless, SD-WAN & Network Access

• Design and manage enterprise Wi-Fi environments — wireless controllers, access points, SSIDs, and RF planning (primarily Ubiquiti, with some Meraki and other platforms as needed).
• Deploy and operate SD-WAN solutions (primarily Fortinet, with other platforms as needed) across client sites.
• Implement NAC / 802.1X and identity-aware network policies.

Server & Systems (Solid Secondary Skill Set)

• Comfortably handle routine Windows Server administration tasks — Active Directory user/group management, DNS, DHCP, Group Policy, and file/print services.
• Perform basic virtualization administration (VMware and/or Hyper-V) including VM provisioning, snapshots, and routine host checks.
• Support backup and disaster recovery operations — monitor BDR appliances and cloud replication jobs, triage failures, and assist with restores when needed.
• Contribute to cloud migration projects (primarily Azure, secondarily AWS and Zimcom-hosted environments) from the network and connectivity side.

Documentation & Compliance

• Produce detailed HLD/LLD diagrams, MOPs (methods of procedure), runbooks, and as-built documentation.
• Maintain configuration baselines, device inventories, change records, and standardized rollout templates.
• Use documentation tools to keep client environments current and auditable.

Collaboration & Support

• Partner with project managers, account teams, and the broader engineering team to deliver client outcomes on schedule.
• Serve as a senior escalation point for complex network, firewall, VPN, and wireless issues, and as a competent owner of routine server administration work.
• Participate in rotating on-call coverage and planned maintenance windows.
• Mentor junior engineers and contribute to internal standards, runbooks, and knowledge base.

Qualifications – Must-Haves

• 8+ years of hands-on network engineering experience (design + operations) in multi-site, multi-client environments.
• Deep proficiency in routing (BGP, OSPF, EIGRP), switching (L2/L3), VLANs, trunking, QoS, and inter-VLAN routing.
• Hands-on Fortinet firewall expertise (required) — policy management, NAT, IPsec/SSL VPN, segmentation, and IDS/IPS. Experience with Palo Alto, SonicWall, or Cisco ASA is a plus.
• Strong wireless experience — controllers, access points, and SSID design (Ubiquiti, Meraki, or similar).
• Working knowledge of hybrid cloud connectivity to Azure and AWS (site-to-site VPN, ExpressRoute / Direct Connect).
• Solid Windows Server and Active Directory fundamentals — ability to independently handle routine administration tasks (users, groups, DNS, DHCP, GPO, file/print).
• Basic virtualization administration with VMware and/or Hyper-V (VM provisioning, snapshots, routine host operations).
• Awareness of backup/disaster recovery concepts and BDR appliance-based backup with cloud replication, with the ability to support and triage routine backup issues.
• Strong troubleshooting, root-cause analysis, and diagnostic skills.
• Exceptional documentation skills and clear written/verbal communication.
• Ability to work onsite daily in Crestview Hills, KY.
• Willingness and ability to travel to client sites as needed for installations, troubleshooting, and project work.

Preferred

• Industry-recognized networking certifications.
• Experience with enterprise SD-WAN, wireless, and routing/switching platforms.
• Experience with identity-aware firewall policies.
• Microsoft Server or Azure certifications are a plus.
• Familiarity with VMware and/or Hyper-V.
• Experience with colocation/cloud providers.
• Familiarity with common IT documentation tools.
• Exposure to network monitoring and SIEM tools.
• Exposure to compliance/security frameworks (HIPAA, CMMC, PCI, NIST).
• Scripting and automation experience.

Benefits

• 401(k)
• 401(k) matching
• Dental insurance
• Health insurance
• Health savings account
• Life insurance
• Paid time off
• Parental leave
• Vision insurance

Experience

• Network administration: 8 years (Required)
• Firewall administration (Fortinet or comparable): 5 years (Required)
• Server / systems administration: 3 years (Required)
• Virtualization (VMware/Hyper-V): 2 years (Required)

Ability to Commute / Relocate

• Crestview Hills, KY 41017 (Required)
• Must relocate to Crestview Hills, KY 41017 BEFORE starting work, if not already local (Required)

Work Location: In person

Powered by JazzHR

OAW5T7WChY