Senior Network Engineer

Vestmark is seeking a Senior Network Engineer to join our Enterprise IT team and play a key role in modernizing our IT environment through a cloud-first approach while maintaining on-premises and colocation infrastructure to ensure compliance. This role will contribute to designing, securing, and maintaining our enterprise network while also supporting broader IT infrastructure tasks.

The Enterprise IT team at Vestmark is responsible for IT infrastructure and processes, supporting all departments with computer systems, corporate applications, and business operations. This role will involve working with a range of networking, security, and IT management tools, ensuring seamless operations across Windows, Linux, and macOS environments. The ideal candidate is customer-focused, with a deep understanding of how infrastructure, security, and system management impact business efficiency.

Key Responsibilities:

Network Engineering & Security

• Design, deploy, and maintain enterprise LAN, WAN, VPN, SD-WAN, and wireless networks.
• Configure and manage Palo Alto firewalls (Panorama), Cisco ASA VPNs, and Cisco ISE for policy-based network access.
• Implement Zero Trust security models with Zscaler (ZTNA & DLP).
• Monitor network performance, troubleshoot issues, and optimize configurations for security, reliability, and efficiency.
• Implement network security best practices, including firewalls, IDS/IPS, segmentation, and endpoint security.
• Manage network access controls using OKTA (SSO & 2FA) and Microsoft Entra.
• Maintain Wi-Fi infrastructure with Ruckus Wireless APs & Management.
• Oversee network security compliance and risk assessment using Tenable (vulnerability scanning & cloud config management) and Arctic Wolf (MDR & log aggregation).
• Ensure data integrity and exfiltration monitoring with Varonis.

IT Systems & Infrastructure

• Support enterprise IT infrastructure, including Windows, Linux, and macOS systems.
• Manage Active Directory, DNS, DHCP, and Group Policy.
• Deploy, configure, and manage virtualization environments with VMware vSphere.
• Oversee endpoint security and patch management with NinjaOne, SentinelOne, & Carbon Black.
• Implement Mac device management with JAMF (MDM) and Apple Business Manager (ABM) enrollment.
• Administer Microsoft 365 (M365), including Exchange, Teams, and SharePoint.
• Manage collaboration tools, including Slack, Zoom, and Atlassian Suite (JIRA, Confluence, Bitbucket).
• Maintain email security & phishing protections using Mimecast.
• Manage password security with Keeper

IT Compliance & Risk Management

• Ensure compliance with security policies using LogicGate.
• Monitor financial system security for NetSuite.
• Assist in security audits, risk assessments, and compliance initiatives.

Requirements

• 8+ years of experience in network & systems engineering in an enterprise environment.
• Expertise in routing protocols (BGP, OSPF, EIGRP), VLANs, and network segmentation.
• Hands-on administration experience with:
• Palo Alto Firewalls (Panorama).
• Zscaler's Zero Trust Exchange Platform.
• Cloud networking (AWS, Azure, GCP) and security tools (Tenable, Arctic Wolf, Varonis).
• Linux administration, including Bash/Python scripting.
• Windows Server administration (AD, DNS, DHCP, Group Policy).
• MDM tools such as JAMF (macOS), Microsoft Intune (not primary MDM).
• Virtualization technologies (VMware vSphere).
• PowerShell & Logic Apps scripting for automation.
• Microsoft 365 administration (Exchange, Entra, SharePoint, & Teams).
• Enterprise collaboration tools (Slack, Zoom, Atlassian Suite).

Preferred Qualifications

• Certifications: CCNP, PCNSE (Palo Alto), MCSE, JAMF, or Linux-related certifications.
• Familiarity with web application security scanning and cloud configuration monitoring tools (Tenable).

Vestmark is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. Vestmark prohibits employment discrimination on the basis of race, color, religion, gender identity, sex, sexual orientation, pregnancy, national origin, age, disability status, protected military or veteran status, and genetic information. #LI-TG1 #LI-Onsite