Senior Network Engineer Hybrid

The Senior Network Engineer will take ownership of our enterprise network and security infrastructure. This is a critical, high-visibility role responsible for the design, implementation, optimization, and security of network systems across our entire footprint—including 190+ retail stores, a distribution center, corporate headquarters, and multi-cloud environments (AWS, Azure, GCP). As the primary network and security subject matter expert, the Sr Network Engineer will work closely with the Head of Infrastructure and Operations and cross-functional IT teams to ensure our network delivers the reliability, performance, and security required to support our business transformation. This is currently an individual contributor role with significant potential to grow into a management position as the team expands. Key Responsibilities Network Infrastructure Design & Operations Design, implement, configure, and maintain enterprise network infrastructure including routers, switches, firewalls, load balancers, and wireless systems across all company locations Manage and optimize Cisco Meraki wireless access points, switches, and security appliances across 190+ retail store locations, ensuring consistent connectivity and performance for point-of-sale systems, inventory management, and customer WiFi Configure, maintain, and troubleshoot Cisco routing and switching infrastructure at corporate headquarters and distribution center, including VLANs, spanning tree, OSPF/BGP, QoS policies, and access control lists Administer and optimize F5 load balancers (LTM/GTM) to ensure high availability, traffic distribution, SSL offloading, and optimal application delivery for critical business systems Manage network connectivity and express routes to AWS, Azure, and Google Cloud Platform (GCP), ensuring secure, high-performance hybrid cloud architecture Design and implement SD-WAN solutions to optimize traffic routing, reduce costs, and improve application performance across distributed retail locations Plan and execute network capacity planning, ensuring infrastructure scales to meet business growth and seasonal demand fluctuations Develop and maintain comprehensive network documentation including topology diagrams, IP address management (IPAM), configuration standards, and runbooks Security Operations & Compliance Own and manage enterprise firewall infrastructure, including rule creation, modification, auditing, and lifecycle management to ensure least-privilege access and defense-in-depth security Administer and monitor Splunk SIEM platform, developing and tuning correlation rules, dashboards, alerts, and reports to detect and respond to security threats Conduct regular vulnerability assessments and coordinate remediation efforts with infrastructure and application teams to reduce attack surface and maintain security posture Ensure ongoing PCI-DSS compliance across all network environments, including documentation, evidence collection, control implementation, and support for internal and external audits Implement and manage network segmentation strategies to isolate sensitive systems, cardholder data environments, and guest networks in accordance with compliance requirements Monitor and respond to security incidents, performing initial triage, containment, investigation, and root cause analysis in coordination with security leadership Manage VPN infrastructure for remote access and site-to-site connectivity, ensuring secure communications for remote employees and third-party vendors Stay current with emerging security threats, vulnerabilities, and industry best practices, proactively recommending and implementing security improvements Voice & Unified Communications Administer and support Avaya VoIP infrastructure including call routing, dial plans, voicemail, SIP trunking, and integration with contact center systems Troubleshoot voice quality issues, including latency, jitter, and packet loss, implementing QoS policies to ensure clear, reliable communications Coordinate with telecom carriers and vendors for circuit provisioning, troubleshooting, and service upgrades Operations, Support & Continuous Improvement Serve as the primary on-call escalation point for critical network and security incidents, providing 24x7 support as needed to maintain business continuity Perform proactive network monitoring, identifying and resolving performance issues before they impact end users or business operations Lead root cause analysis for network outages and security incidents, implementing corrective actions and preventive measures Collaborate with Help Desk, Systems Administration, Cloud Engineering, and Application Development teams to support cross-functional projects and troubleshoot complex issues Evaluate emerging network and security technologies, making recommendations for adoption to improve efficiency, security, and cost-effectiveness Develop and deliver technical training and knowledge transfer to junior team members and IT staff as the team grows Participate in change management processes, ensuring network changes are properly planned, tested, documented, and communicated Required Qualifications Bachelor's degree in Computer Science, Information Technology, Network Engineering, or related field; or equivalent combination of education and experience Minimum 7 years of progressive experience in enterprise network engineering, administration, and security Extensive hands-on experience with Cisco routing and switching technologies, including configuration, troubleshooting, and optimization of enterprise-grade equipment Demonstrated experience managing Cisco Meraki cloud-managed networking solutions (MR, MS, MX) in a multi-site environment Proficiency with F5 BIG-IP load balancers, including LTM configuration, iRules, SSL certificate management, and health monitoring Experience designing and managing network connectivity to public cloud platforms (AWS, Azure, GCP), including VPCs, VPNs, Direct Connect/ExpressRoute, and hybrid architectures Strong understanding of network security principles including firewall management, IDS/IPS, network segmentation, and zero-trust concepts Working experience with SIEM platforms (Splunk preferred) for security monitoring, log analysis, and incident detection Hands-on experience with vulnerability scanning tools and remediation processes Demonstrated knowledge of PCI-DSS compliance requirements and experience implementing controls in a retail or payment card environment Experience supporting enterprise VoIP systems (Avaya preferred), including troubleshooting, QoS, and SIP/H.323 protocols Strong understanding of TCP/IP, DNS, DHCP, BGP, OSPF, MPLS, and other core networking protocols Excellent troubleshooting and problem-solving skills with the ability to diagnose complex, multi-vendor issues under pressure Strong written and verbal communication skills with the ability to document technical processes and communicate with both technical and non-technical stakeholders Ability to work independently with minimal supervision while managing multiple priorities in a fast-paced environment Availability to participate in on-call rotation and respond to critical incidents outside of normal business hours Preferred Qualifications Experience working in the retail industry, particularly in multi-location retail environments with distributed network infrastructure Industry certifications such as CCNP (Enterprise, Security, or Data Center), CCIE, F5 Certified Administrator/Technology Specialist, CISSP, CISM, or CompTIA Security+ Experience with network automation and Infrastructure as Code (IaC) using tools such as Ansible, Terraform, Python, or REST APIs Familiarity with SD-WAN technologies (Cisco Viptela, Meraki SD-WAN, or similar) Experience with network monitoring and observability tools such as SolarWinds, ThousandEyes, PRTG, Datadog, or similar platforms Knowledge of Zero Trust Network Architecture (ZTNA) principles and implementation Experience supporting point-of-sale (POS) systems and retail technology environments Previous experience in a startup or high-growth environment with rapidly evolving technology requirements Desired Attributes Servant's Heart – You understand that technology exists to serve the business and, ultimately, our guests. You take pride in enabling others to do their best work. Endlessly Curious – You have a genuine passion for learning and staying ahead of the technology curve. You ask questions, explore new solutions, and continuously seek ways to improve. Customer-Obsessed – You recognize that every network decision impacts the guest experience, from in-store connectivity to e-commerce performance. You design with the end user in mind. Passionately Enthusiastic – You bring energy, positivity, and dedication to your work. You're excited about building something meaningful and aren't afraid to roll up your sleeves. Ownership Mentality – You take full accountability for the network and security infrastructure. When something breaks, you own it until it's fixed—and then you make sure it doesn't break again. Startup Agility – You thrive in a fast-paced environment where priorities shift and innovation is constant. You're comfortable with ambiguity and can balance long-term strategy with immediate needs. Collaborative Spirit – You work effectively across teams, building relationships with colleagues in IT, stores, and business units to achieve shared goals. Ability to work hybrid or remote