Position Description and Job Skill Set:
The client is seeking a highly skilled and experienced Network Infrastructure Engineer to support and advance the enterprise networking environment. This position plays a critical role in designing, deploying, and operating new LDC (Liquor Distribution Center) fabrics, networks, identity-driven access systems, and observability platforms.
The engineer will work closely with infrastructure team to ensure the network services remain reliable, scalable, secure, and aligned with enterprise modernization goals. This is a hands-on engineering position that requires strong technical expertise, effective communication, and the ability to support mission-critical systems across data centers and statewide operations
Key Responsibilities:
Cisco ACI & Data Center Networking
- Design, implement, and maintain Cisco Nexus platforms running ACI mode, including VRFs, Bridge
- Domains, EPGs/ESGs, L3Out, contracts, and fabric policies.
- Integrate ACI with virtualization and container platforms including Red Hat OpenShift VMM and Isovalent/Cilium.
- Configure and optimize RoCEv2 within the ACI fabric for high-performance, low-latency workloads.
- Conduct advanced troubleshooting of ACI fabric health, faults, endpoint learning, contracts, and multi-tenant segmentation.
- Develop and maintain fabric documentation, standards, and operational procedures.
- Deploy and support Cisco Catalyst platforms within campus environments.
- Design and maintain Software-Defined Access (SDA) architectures, including SDA Wired Fabric and Fabric-Enabled Wireless.
- Manage fabric underlay and overlay, policy mapping, authentication integrations, and assurance operations.
- Collaborate with wireless engineers to optimize coverage, performance, and policy enforcement across SDA.
- Configure and administer Cisco Identity Services Engine (ISE) for TACACS+ device administration, authentication and authorization policy sets, and endpoint profiling.
- Integrate Cyber Vision intelligence into profiling, segmentation, and access control workflows.
- Support Zero Trust efforts through identity-centric segmentation and policy integration across ACI and SDA fabrics
- Deploy and manage ThousandEyes for end-to-end visibility, routing path analysis, and performance monitoring.
- Implement and support Cisco Cyber Vision for OT/IoT asset visibility, device classification, and behavior analysis.
- Manage DNA Spaces for location analytics, telemetry ingestion, device behavior, and wireless intelligence.
- Provide meaningful insights to leadership using data from these observability platforms.
- Troubleshoot complex L2/L3 network issues across multiple environments including VLANs, OSPF, BGP, STP, and multicast.
- Designing, and implementing Palo Alto Networks security solutions across enterprise environments.
- Create and maintain documentation including architecture diagrams, standards, runbooks, and asset inventories.
- Assist in modernization planning, platform upgrades, procurement processes, and statewide technology initiatives.
Required Skills/Experience:
The candidate must possess:
- Minimum of 15 years of experience working with Cisco networking.
- Hands-on experience with Cisco ACI in production environments.
- Deep knowledge of ACI constructs (VRF, BD, EPG, ESG, L3Out, contracts).
- Experience integrating ACI with OpenShift VMM and Cilium/Isovalent.
- Proficiency with Cisco Catalyst platforms and SDA fabric technologies.
- Experience administering Cisco ISE including TACACS+ and policy-set based NAC.
- Strong understanding of ThousandEyes, Cyber Vision, and DNA Spaces or comparable tools.
- Solid command of core TCP/IP, routing, switching, QoS, and network security fundamentals.
- Ability to develop clear diagrams, documentation, and architectural artifacts.
- Strong analytical and communication skills with the ability to work in fast-paced, mission-critical environments.
Preferred/Not Required:
- Cisco certifications such as CCNP Data Center, CCNP Enterprise, CCIE, or equivalent experience.
- Hands-on experience with container networking and virtualization integrations.
- Familiarity with NIST frameworks and state-level cybersecurity requirements.
- Experience with network automation tools (Python, Ansible, REST APIs).
- Prior work in state government or large enterprise network environments.
- PCCSA – Palo Alto Networks Certified Cybersecurity Associate
- Foundational security, NGFW basics, threats, App-ID, and policy.
- PCNSA – Palo Alto Networks Certified Network Security Administrator
- Focuses on NGFW configuration, security profiles, NAT, App-ID, URL filtering, WildFire
#LI-Onsite
