Network Engineer

Role Overview

As a Network Engineer II, you will be responsible for the full lifecycle of our multi-site office network infrastructure—from physical layer architecture to high-level logical design. This role requires a "hands-on" high-quality network/security engineer capable of designing high-availability systems, overseeing the deployment, optimization and management of enterprise Security Firewall, LAN and Wireless LAN (WLAN) environments.

Key Responsibilities

• Network Switching & Troubleshooting
• Manage, configure, and troubleshoot Layer 2/Layer 3 LAN switches (e.g., Cisco, Juniper) including VLANs, Spanning Tree Protocol (STP), Link Aggregation Control Protocol (LACP/MLAG), and QoS policies.
• Monitor network performance using SNMP and NetFlow, and perform root-cause analysis for connectivity and throughput issues.
• Implement and enforce 802.1X port security and MAC Authentication Bypass (MAB) on all network access ports.
• Oversee switch hardware/OS upgrades, patching, and lifecycle management.
• Wireless Deployment & Optimization:
• Design, deploy, and manage enterprise 802.11ax (Wi-Fi 6/6E) wireless networks across multiple office locations.
• Conduct RF site surveys (predictive and post-deployment) using tools like Ekahau or AirMagnet to ensure optimal AP placement and coverage.
• Perform wireless performance optimization, including channel planning, transmit power adjustments, and interference mitigation.
• Troubleshoot complex wireless issues such as roaming drops, hidden nodes, and high latency using packet captures and spectrum analysis.
• Oversee wireless hardware/OS upgrades, patching, and lifecycle management.
• Palo Alto Firewall & Security Management:
• Administer Palo Alto Next-Gen Firewalls (NGFW), utilizing App-ID, User-ID, and Content-ID.
• Manage security policies through Panorama and support GlobalProtect VPN for remote access.
• Oversee firewall hardware/OS upgrades, patching, and lifecycle management.
• Physical Infrastructure & Rack Design:
• Design MDF/IDF closet layouts, including rack space, UPS/PDU power, and thermal management.
• Manage structured cabling projects for Cat6/6A copper and Single-mode/Multi-mode fiber.
• Redundancy & High Availability:
• Architect and validate redundant topologies, including High Availability (HA) pairs for firewalls and stacking/MLAG for LAN switches.
• Manage redundant external ISP circuits, cloud direct-connect circuits and SD-WAN tunnels with automated failover design.
• Core Services:
• Administer DHCP scopes, DNS zones
• Network Access Control (NAC) for secure device onboarding (e.g., ClearPass or Meraki NAC or Cisco ISE).
• Documentation & Topology Design:
• Develop and maintain comprehensive network and firewall topology diagrams using Visio or Lucidchart.
• Maintain detailed IP Address Management (IPAM), including subnetting and VLAN assignments.
• Document all MDF/IDF layouts, port mapping, and fiber/copper cable run schedules.

Technical Qualifications

• Experience: 3-5 years in network engineering with a strong focus on WLAN and security.
• Wireless Expertise: Proficiency with Wireless LAN Controllers (WLC) and cloud-managed Wi-Fi (e.g., Aruba, Cisco Meraki, or Mist).
• Tools: Experience with Ekahau Pro, Wireshark, and RF spectrum analyzers.
• Hardware/Software: Hands-on experience with Palo Alto Networks, Cisco, or Juniper.

Certifications:

• Required: PCNSA or Cisco CCNA.
• Preferred: PCNSE, or Cisco CCNP.

Soft Skills

• Strong analytical thinking and physical troubleshooting
• Excellent verbal and written communication skills for technical and non-technical audiences.
• Proven ability to collaborate effectively in a team-oriented, cross-functional environment.
• Ability to translate complex networking and security design & features into clear visual documentation.
• Excellent coordination with low-voltage contractors and facilities teams.

Astreya offers comprehensive benefits to all Regular, Full-Time Employees, including:

• Medical provided through UHC (PPO, HSA, Surest options) / Medical provided through Kaiser (HMO option only) for California employees only
• Dental provided through UHC
• Nationwide Vision provided by UHC
• Flexible Spending Account for Health & Dependent Care
• Pre-Tax Account for Commuter Benefit/Parking & Transit (location-specific)
• Continuing Education and Professional Development via various integrated platforms, e.g. Udemy and Coursera
• Corporate Wellness Program provided by Goomi Group
• Employee Assistance Program
• Wellness Days
• 401k Plan
• Basic and Supplemental Life Insurance
• Short Term & Long Term Disability
• Critical Illness, Critical Hospital, and Voluntary Accident Insurance
• Tuition Reimbursement (available 6 months after start date, capped)
• Paid Time Off (accrued and prorated, maximum of 120 hours annually)
• Paid Holidays
• Any other statutory leaves, paid time, or other ancillary benefits required under state and federal law