The Sr. Network Engineer is at the forefront of deploying and supporting new technologies at HRT. In support of the strategic initiatives and following the established project plan under the direction of the Director of Technology Services, implement and support the network fabric interconnecting HRT locations of all sizes, its cloud IaaS and SaaS services, and its transit vehicles. While acting as a top-level support tier, provide problem resolution services for all escalated issues.
Essential Job Functions:
(Duties listed are not intended to be all inclusive nor to limit duties that might reasonably be assigned.)
- Takes part in all phases of the network system lifecycle including requirements gathering, hardware design, configuration, testing, commissioning, cutover, integration, documentation, and ongoing maintenance.
- Manages all aspects of the structured cabling within HRT environment.
- Configures and deploys networking hardware, including switches, routers, firewalls, wireless access points, rugged industrial networking components, etc. across all HRT locations and revenue vehicles.
- Manages HRT private and public IP address space, maintains consolidated IP utilization records.
- Designs and implements logical network layout, including VLANs and subnets, establishes necessary inter-VLAN routing, manages NAT and PAT at the HRT public network boundaries.
- Establishes Site to Site and end-user VPN connectivity solutions.
- Designs and implements multipath connectivity solutions in support of HRT fault tolerance needs.
- Establishes and maintains connectivity between on-prem systems and HRT’s cloud services (Azure) using VPN and ExpressRoute technologies.
- Configures and deployed network security devices, conducts performance tuning as necessary.
- Establishes and maintains network segmentation through deployment of the Next Generation Firewalls as the network core at all physical and cloud locations; leverages traffic source and destination information, application identity, user identity, and threat profile to build an access control ruleset on a per-system level.
- Implements Network Access Control mechanism for wired and wireless domain.
- Monitors network throughput and conducts network utilization assessments; develops and implements traffic prioritization solutions for the mission-critical and latency sensitive applications.
- Develops and executes network infrastructure Preventative Maintenance Plans.
- Implements software and firmware updates in accordance with the manufacturer guidelines for the networking equipment, its management applications and monitoring tools.
- Develops and deploys network equipment configuration baselines based on the industry best practices and cyber security recommendations.
- Establishes and maintains cyber security posture for entrusted systems through application of sound cybersecurity engineering principles such as implementation of access control, utilization of least privilege principles, central authentication mechanism deployment, as well as following vendor recommendations.
- Monitors internal system operations, troubleshoots and repairs system accordingly.
- Takes a leading role in the Incident Response activities including identification, stabilization, resolution, documentation, and closure as per established guidelines.
- Assures State of Good Repair compliance.
- Provides support for safety-sensitive Supervisory Control and Data Acquisition (SCADA) systems.
- Performs after-hours “on call” duties as per established policies and rotation schedule.
- Develops and maintains System Design Documentation, Tailored Procedure Documents, other supporting documentation.
- Provides support for the specialized Transit line-of-business systems.
- Monitor various system logs for problems or unusual behavior.
- Follows principles of Project Management, Change Management, and Configuration Management.
- Remains a cyber security practitioner at all times.
- Manage records created and received in compliance with the Hampton Roads Transit Records Management Policy and Procedures.
- Responsible for maintaining a general awareness of HRT’s EMS
- Responsible for handling all related job responsibilities in accordance to HRT’s Environmental Policy, relevant EMS Standard Operating Procedures, and Emergency Management Plan
- Performs all job duties and responsibilities in a safe manner to protect one’s self, fellow employees, and the public from injury or harm.
- Promote safety awareness and follow safety procedures and policies.
- Performs other duties as required by the Director of Technology Services.
Required Knowledge, Abilities and Skills essential to Job Functions:
In depth knowledge of the structured cabling standards and best practices for copper and fiberoptic connectivity for indoor and outdoor applications. Ability to install, configure, and maintain network equipment, including switching (Cisco & Dell), routing (OSPF & BGP), wireless (Wi-Fi and cellular based); and rugged industrial grade hardware (Moxa, Digi, CradlePoint). Extensive network security knowledge, Palo Alto firewall administration, TrendMicro Intrusion Prevention System management. In depth knowledge of Windows networking in relationship to Active Directory environments, including DNS, DHCP, RADIUS. Networking implementation in support of the virtualization technologies based on Hyper-V and VMware. IP-based Storage Area Network fabric administration. Large scale and distributed UPS system administration and support. Knowledge of the network performance monitoring tools (SolarWinds) and technologies (NetFlow), as well as network mapping tools (NetBrain). Ability to conduct network traffic analysis with industry standard tools (Wireshark). Knowledge of the IaaS cloud connectivity technologies such as VPNs and dedicated circuits (ExpressRoute). Apply critical thinking to quickly identify problems and implement solutions with minimal downtime. Utilize software and hardware diagnostic tools to identify, diagnose, and repair complex problems affecting system availability and performance. Using logic and wholistic analysis, identify the strengths and weaknesses of different approaches. Be able to qualify decisions with solid reasoning and justification. Ability to multitask and perform a multitude of administrative and engineering tasks at one time unsupervised. Effectively collaborate in a team environment or work independently as needed. Provide mentorship to others and perform knowledge transfer as required. Maintain awareness of advances in information technology and developments in cyber security realms. Ability to communicate effectively both orally and in writing. Strong work ethic is required.
Required Software Knowledge and Skills essential to Job Functions:
Proficiency in using listed technologies, software applications, and cloud services is essential for adequate performance in the assigned job duties. Advanced troubleshooting and problem-solving skills associated with hardware, software, services, and systems are expected.
Training and/or Education:
Bachelor’s degree in Computer Science, Management Information Systems, Information Systems or a related field. Certifications and applicable job experience may be counted in lieu of education requirement.
Over 10 years of network management and administration experience with progressively escalating responsibilities, with at least 5 years of network systems project implementation experience. Knowledge of networking protocols and technologies; in depth knowledge of the TCP/IP, DNS, DHCP; IP addressing; LAN management; VLAN administration; Wi-Fi management in the enterprise setting; WAN implementation; routing (OSPF and BGP); site-to-site and endpoint VPN; network support in a Windows environment utilizing Cisco (or equivalent) network components. Proven experience managing Palo Alto (or equivalent) next generation firewalls. Networking support for virtualization environments; Microsoft Azure and Amazon EC2 networking. Experience working in environments that utilized Change Management and other ITIL concepts is a plus.
Licenses or Certificates:
Virginia Driver’s License
- This position is classified as essential personnel.
- Must be able to pass federal government background screening process for local military installation access
Work requires high-speed operation of keyboard devices. Also requires lifting and transferring of computer equipment as needed. The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Work involves meeting multiple demands on a timely basis. Duties may require some seasonal overtime.
- Flexible Spending Accounts
- Retirement / Pension Plans
- Medical, Dental and Vision
- Paid sick days
- Life Insurance
- Vacation/paid time off
- Prescription Drug Coverage
- Employee Referral Program
- Paid Holidays
Network Engineer / Architect