Senior Network Engineer

Responsibilities

Campus & Facility Network Architecture

• Design and build LAN infrastructure for corporate offices and facilities, including switching, routing, VLAN design, and network segmentation strategies that support enterprise workloads.
• Own network lifecycle management across facilities, including hardware procurement, capacity planning, firmware management, and documentation.
• Deploy and manage enterprise wireless infrastructure across multiple facilities, ensuring secure wireless access for corporate users and isolated network segments for operational and ITAR-controlled systems.

Zero-Trust & Network Security

• Implement zero-trust network architecture across Northwood's facilities and cloud environments, including microsegmentation, identity-aware access controls, and least-privilege network policies.
• Deploy, configure, and manage FortiGate firewall infrastructure, including policy management, network segmentation, and security zone enforcement for government and ITAR-controlled workloads.
• Administer Cloudflare Zero Trust and tunnel configurations to support secure remote access, site-to-site connectivity, and traffic inspection across distributed facilities.
• Collaborate with the security engineering team to implement network-based detection controls, integrate network telemetry with SIEM platforms, and support incident response efforts.

Hybrid Cloud & WAN Connectivity

• Design and manage hybrid network connectivity between on-premises facilities, AWS Commercial, AWS GovCloud, and Cloudflare's backbone, including VPN solutions, private connectivity, and multi-cloud routing architectures.
• Ensure network architecture supports compliance requirements for CUI handling, including appropriate segmentation between commercial and government workloads.

Automation & Monitoring

• Implement network monitoring and observability tooling to maintain visibility into performance, availability, and security posture across all network segments.
• Develop and maintain network automation using tools such as Ansible, NetBox, or equivalent, reducing manual operational burden and enforcing configuration consistency.
• Document network architecture, configurations, and standard operating procedures to support compliance audits and operational continuity.

Cross-Functional Collaboration

• Partner with security engineering on firewall policy reviews, network access control design, and compliance evidence collection for CMMC and FedRAMP assessments.
• Collaborate with infrastructure and engineering teams to ensure network design supports operational requirements and future scaling.
• Integrate network infrastructure with identity management systems, including Okta, to support network access policy enforcement and user lifecycle management.

Requirements

• Bachelor's degree in Engineering, Computer Science, or a related discipline and 5+ years of enterprise networking experience, or 7+ years of enterprise networking experience without a degree.
• Hands-on experience with enterprise switching and routing, VLAN design, and network segmentation in production environments.
• Demonstrated experience deploying and managing FortiGate firewall infrastructure, including policy management and network zone enforcement.
• Experience designing and implementing zero-trust network architectures, including microsegmentation and identity-aware access controls.
• Experience with cloud networking in AWS, AWS GovCloud, or multi-cloud environments, including hybrid connectivity and private networking.
• Hands-on experience with Cloudflare, including Zero Trust, tunnels, and DNS.
• Experience deploying and managing enterprise wireless infrastructure across multiple facilities.
• Proficiency with network monitoring, automation, and troubleshooting tools.
• Ability to obtain and maintain a TS/SCI clearance.
• U.S. citizenship or status as a lawful permanent resident required to conform with ITAR export regulations.

Nice-to-Haves

• Active TS clearance or higher.
• Proficiency with network automation tools including Ansible and NetBox.
• Industry certifications such as CCNP, ACNP, or equivalent enterprise networking credentials.
• Background in aerospace, defense, critical infrastructure, or other government-adjacent regulated industries.
• Experience with ITAR compliance and network isolation requirements for controlled technical information.
• Familiarity with CMMC, NIST 800-171, and DFARS compliance requirements as they relate to network architecture.
• Experience integrating network infrastructure with identity management platforms such as Okta or Azure Active Directory.