Sr Network and Systems Engineer

CrestView Hills, KY
Full Time
Experienced

Job Description

We are seeking a highly skilled Senior Network and Systems Engineer to lead the architecture, implementation, and ongoing support of complex client network environments. This role is ideal for a seasoned professional who thrives on designing resilient networks, troubleshooting critical issues, hardening security at the edge, and producing exceptional documentation that drives consistency and compliance.
You will join a collaborative team supporting multi-client, multi-server environments where clarity, repeatability, and technical excellence are key. The ideal candidate combines deep networking expertise with strong firewall, VPN, wireless, and SD-WAN experience and a methodical approach to change management and documentation.
While the primary focus is networking, the successful candidate brings solid Windows Server and virtualization fundamentals — enough to confidently handle routine systems administration tasks and contribute on server-side work as needed.

Key Responsibilities

Network Architecture & Operations
  • Design secure, scalable L2/L3 network architectures — routing, switching, VLAN segmentation, QoS, SD-WAN, and high availability.
  • Configure, deploy, and manage enterprise routing and switching environments — ensuring performance, reliability, and security across multi-site client networks.
  • Lead network design discussions across multi-client environments, including HLD/LLD diagrams, IP schemes, and VLAN plans.
  • Troubleshoot complex network issues using packet analysis, telemetry tools, and structured root-cause methodology.
  • Standardize configurations and rollout templates for repeatable, low-risk deployments.
  • Plan and execute network change windows, firmware upgrades, and configuration backups.
Firewalls, VPN & Edge Security
  • Design, deploy, and harden Fortinet firewalls (required), as well as other firewall platforms (Palo Alto, SonicWall, Cisco ASA) where present — policy management, NAT, IPsec/SSL VPN, IDS/IPS, segmentation, and identity-aware policies.
  • Implement and maintain site-to-site VPN, client/remote-access VPN, and hybrid connectivity to Azure and AWS (ExpressRoute / Direct Connect concepts).
  • Manage SIEM integrations, log forwarding, and security monitoring for network devices.
  • Support compliance with frameworks such as HIPAA, CMMC, and PCI through proper hardening, logging, and documentation.
Wireless, SD-WAN & Network Access
  • Design and manage enterprise Wi-Fi environments — wireless controllers, access points, SSIDs, and RF planning (primarily Ubiquiti, with some Meraki and other platforms as needed).
  • Deploy and operate SD-WAN solutions (primarily Fortinet, with other platforms as needed) across client sites.
  • Implement NAC / 802.1X and identity-aware network policies.
Server & Systems (Solid Secondary Skill Set)
  • Comfortably handle routine Windows Server administration tasks — Active Directory user/group management, DNS, DHCP, Group Policy, and file/print services.
  • Perform basic virtualization administration (VMware and/or Hyper-V) including VM provisioning, snapshots, and routine host checks.
  • Support backup and disaster recovery operations — monitor BDR appliances and cloud replication jobs, triage failures, and assist with restores when needed.
  • Contribute to cloud migration projects (primarily Azure, secondarily AWS and Zimcom-hosted environments) from the network and connectivity side.
Documentation & Compliance
  • Produce detailed HLD/LLD diagrams, MOPs (methods of procedure), runbooks, and as-built documentation.
  • Maintain configuration baselines, device inventories, change records, and standardized rollout templates.
  • Use documentation tools to keep client environments current and auditable.
Collaboration & Support
  • Partner with project managers, account teams, and the broader engineering team to deliver client outcomes on schedule.
  • Serve as a senior escalation point for complex network, firewall, VPN, and wireless issues, and as a competent owner of routine server administration work.
  • Participate in rotating on-call coverage and planned maintenance windows.
  • Mentor junior engineers and contribute to internal standards, runbooks, and knowledge base.

Qualifications – Must-Haves

  • 8+ years of hands-on network engineering experience (design + operations) in multi-site, multi-client environments.
  • Deep proficiency in routing (BGP, OSPF, EIGRP), switching (L2/L3), VLANs, trunking, QoS, and inter-VLAN routing.
  • Hands-on Fortinet firewall expertise (required) — policy management, NAT, IPsec/SSL VPN, segmentation, and IDS/IPS. Experience with Palo Alto, SonicWall, or Cisco ASA is a plus.
  • Strong wireless experience — controllers, access points, and SSID design (Ubiquiti, Meraki, or similar).
  • Working knowledge of hybrid cloud connectivity to Azure and AWS (site-to-site VPN, ExpressRoute / Direct Connect).
  • Solid Windows Server and Active Directory fundamentals — ability to independently handle routine administration tasks (users, groups, DNS, DHCP, GPO, file/print).
  • Basic virtualization administration with VMware and/or Hyper-V (VM provisioning, snapshots, routine host operations).
  • Awareness of backup/disaster recovery concepts and BDR appliance-based backup with cloud replication, with the ability to support and triage routine backup issues.
  • Strong troubleshooting, root-cause analysis, and diagnostic skills.
  • Exceptional documentation skills and clear written/verbal communication.
  • Ability to work onsite daily in Crestview Hills, KY.
  • Willingness and ability to travel to client sites as needed for installations, troubleshooting, and project work.

Preferred

  • Industry-recognized networking certifications.
  • Experience with enterprise SD-WAN, wireless, and routing/switching platforms.
  • Experience with identity-aware firewall policies.
  • Microsoft Server or Azure certifications are a plus.
  • Familiarity with VMware and/or Hyper-V.
  • Experience with colocation/cloud providers.
  • Familiarity with common IT documentation tools.
  • Exposure to network monitoring and SIEM tools.
  • Exposure to compliance/security frameworks (HIPAA, CMMC, PCI, NIST).
  • Scripting and automation experience.

Benefits

  • 401(k)
  • 401(k) matching
  • Dental insurance
  • Health insurance
  • Health savings account
  • Life insurance
  • Paid time off
  • Parental leave
  • Vision insurance

Experience

  • Network administration: 8 years (Required)
  • Firewall administration (Fortinet or comparable): 5 years (Required)
  • Server / systems administration: 3 years (Required)
  • Virtualization (VMware/Hyper-V): 2 years (Required)

Ability to Commute / Relocate

  • Crestview Hills, KY 41017 (Required)
  • Must relocate to Crestview Hills, KY 41017 BEFORE starting work, if not already local (Required)
Work Location: In person
 
Share

Apply for this position

Required*
We've received your resume. Click here to update it.
Attach resume or Paste resume
Attach resume as .pdf, .doc, .docx, .odt, .txt, or .rtf (limit 5MB) or Paste resume

Paste your resume here or Attach resume file

Human Check*