Senior Systems Network Engineer

Department: Information Technology - Data & Reporting

Employment Type: Full Time

Location: Bloomington, MN

Reporting To: IT Operations Manager

Compensation: $150,000 - $160,000 / year

Description

Responsibilities and Duties:

• Design and implement end-to-end enterprise architecture across on-prem and cloud environments (Azure-first strategy). 
• Lead adoption of Zero Trust Architecture (ZTA): 
  • Identity-driven access (Azure AD / Entra ID) 
  • Device trust enforcement (Intune / MDM compliance) 
  • Network segmentation & micro-segmentation 
  • Continuous verification and least-privilege access 
• Establish defense-in-depth strategy across: 
  • Perimeter (firewalls, NAC) 
  • Internal network (segmentation, NAC) 
  • Endpoint (EDR/XDR) 
  • Identity (MFA, Conditional Access) 
  • Data (DLP, encryption) 

• Architect and manage enterprise-grade networking across Netgear, Cisco Meraki, and hybrid WAN environments. 
• Design and enforce multi-tier VLAN architecture, segmentation, and secure routing strategies. 
• Configure and optimize Fortinet FortiGate Firewalls: 
  • Advanced threat protection (IPS, SSL inspection) 
  • ZTNA enforcement 
  • Application control and traffic shaping 
• Deploy and manage FortiNAC: 
  • Device profiling and posture assessment 
  • Automated quarantine/remediation policies 
  • Integration with AD, RADIUS, and endpoint tools 
• Implement and manage RADIUS / 802.1X authentication for secure network access. 
• Perform deep network analysis including packet capture, traffic inspection, and anomaly detection. 
• Integrate network telemetry into centralized logging / SIEM pipelines. 

• Architect and manage Microsoft Azure environments: 
  • VMs, VNets, NSGs, load balancers, private endpoints 
  • Hybrid connectivity (VPN, ExpressRoute) 
• Design secure identity architecture using Azure AD (Entra ID): 
  • Conditional Access policies 
  • MFA enforcement (Duo/YubiKey integration) 
  • Identity Protection & risk-based access 
• Integrate on-prem Active Directory with Azure AD for hybrid identity governance. 
• Implement role-based access control (RBAC) and privileged identity management (PIM). 
• Drive infrastructure-as-code (IaC) and automation strategies. 

• Architect enterprise endpoint strategy using: 
  • Microsoft Intune (MDM/MAM)
  • Device compliance policies, configuration profiles, and security baselines 
• Enforce Zero Trust device posture validation before granting access. 
• Implement full device lifecycle management (provisioning → compliance → decommissioning). 
• Secure both corporate and BYOD environments with strict policy enforcement. 

• Lead deployment and optimization of CrowdStrike Falcon (EDR/XDR platform): 
  • Policy creation and tuning 
  • Behavioral threat detection and threat hunting 
  • Automated containment and response 
• Design and enforce data protection strategies: 
  • Data classification and labeling 
  • Encryption (at rest, in transit) 
• Implement multi-layered security controls across all attack surfaces. 
• Conduct vulnerability management and coordinate remediation using enterprise tools. 

• Architect and enforce email authentication and anti-spoofing controls: 
  • DMARC, DKIM, SPF
• Monitor and respond to phishing campaigns and domain abuse. 
• Manage DNS security, domain configurations, and SSL/TLS certificates via GoDaddy or enterprise DNS providers. 
• Oversee certificate lifecycle management across infrastructure. 

• Implement enterprise monitoring using PRTG and advanced observability tools. 
• Integrate logs into centralized SIEM/XDR platforms for correlation and threat detection. 
• Develop proactive alerting, anomaly detection, and performance baselines. 
• Conduct capacity planning and infrastructure optimization. 

• Lead incident response and digital forensics investigations. 
• Perform root cause analysis (RCA) and implement preventive controls. 
• Design and test disaster recovery (DR) and business continuity (BCP) strategies. 
• Align infrastructure and controls with: 
  • NIST, CIS Controls, ISO 27001, FFIEC
• Support audits, risk assessments, and compliance reporting. 

• Develop automation pipelines using PowerShell, Bash,. 
• Implement DevSecOps principles for secure infrastructure deployment. 
• Reduce manual operations through orchestration and scripting. 
• Continuously evaluate and integrate new technologies for security and performance. 

• Serve as Tier 3/4 escalation point and technical authority. 
• Mentor engineers and define engineering standards and best practices. 
• Lead large-scale infrastructure projects, migrations, and security transformations. 
• Provides leadership and direct oversight for the Network & Systems Administrator.
  
  

• Maintain enterprise-level architecture diagrams, system documentation, and SOPs. 
• Define and enforce IT governance frameworks and security policies. 
• Ensure documentation supports audit readiness and operational continuity.

Education and Experience:

• Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, Engineering, or related technical field preferred
• Equivalent combination of advanced technical experience, military training, or industry certifications may be considered in lieu of a degree
• 7+ years of progressive experience in systems engineering, network engineering, cloud infrastructure, or cybersecurity roles
• Expert-level knowledge of: 
  • Linux & Windows systems administration
  • Azure cloud architecture
  • Fortinet (FortiGate, FortiNAC)
  • CrowdStrike Falcon (EDR/XDR)
  • Microsoft Intune (MDM/MAM)
• Deep understanding of: 
  • Zero Trust Architecture
  • Network protocols (TCP/IP, VLANs, DHCP, DNS, RADIUS, 802.1X)
  • Email authentication (DMARC, DKIM, SPF)
• Strong experience with: 
  • SSL/TLS certificate management
  • DNS/domain security (GoDaddy or enterprise providers)
• Advanced scripting and automation expertise 

• CCNP / CCNA
• Microsoft Azure (AZ-104, AZ-500) 

• Enterprise Architecture Leadership: Designs secure, scalable infrastructure aligned with business and security objectives 
• Cybersecurity Expertise: Implements advanced security frameworks and defense-in-depth strategies 
• Cloud & Network Engineering: Demonstrates deep expertise across hybrid infrastructure and enterprise networking 
• Technical Leadership: Serves as a trusted technical authority and mentor across the organization 
• Automation & Innovation: Continuously improves operational efficiency through automation and modern engineering practices

• Integrity: Protects company systems, data, and infrastructure through disciplined security and governance practices 
• Collaboration: Partners across IT, Security, and business teams to deliver secure and scalable solutions 
• Excellence: Maintains high standards for infrastructure reliability, performance, and operational maturity 
• Critical Curiosity: Evaluates emerging technologies and continuously improves enterprise architecture and security posture

Benefits

• Competitive compensation package, including base salary and performance-based bonus opportunities
• 401(k) plan with 100% company match up to 4%
• Comprehensive health coverage: medical, dental, vision, HSA, and FSA options
• Generous paid time off: 20 days PTO, company holidays, and sick time
• Paid parental leave
• Company-paid life insurance and disability coverage
• Employee Assistance Program (EAP): mental health, financial, and wellness support
• Professional development: tuition reimbursement and growth opportunities
• Commuter and transit benefits