Senior Network Engineer

The Opportunity Location: Remote US/Travel as needed Reports To: Director of Infrastructure & Network Security Job Type: Full-time Position Summary Vesta Corporation is seeking a Senior Network Engineer to lead the design, implementation, and ongoing operations of our global enterprise network. This is a senior individual-contributor role that operates at the intersection of complex multi-site networking, hybrid cloud infrastructure, and PCI compliance. The ideal candidate brings 10+ years of hands-on enterprise networking experience, deep familiarity with both commercial and open-source tooling, and the ability to drive infrastructure modernization initiatives with limited oversight. Key Responsibilities • Design, implement, and maintain scalable, secure network infrastructure across data centers, remote sites, and cloud environments (AWS and Azure). • Architect and operate routing and switching infrastructure including BGP, NAT, VLANs, Spanning Tree, IPsec VPNs, PBR, and HSRP. • Manage and tune enterprise firewall platforms (Cisco, pfSense, Check Point) in alignment with PCI DSS segmentation and access control requirements. • Administer and optimize F5 BIG-IP LTM/GTM for application delivery, load balancing, and traffic steering across production environments. • Manage Cloudflare DNS, WAF, and network security policies for internet-facing properties. • Maintain network security policy management via FireMon; contribute to access path analysis and rule lifecycle management. • Evaluate, deploy, and operationalize free open-source software (FOSS) as replacements for commercial products where appropriate (e.g., network monitoring, IPAM, configuration backup). • Manage Proxmox-based virtualization as it relates to network-adjacent workloads and VM/LXC networking. • Coordinate with vendors and carriers to manage WAN circuits, resolve outages, and drive cost optimization. • Maintain comprehensive documentation for network topology, configurations, and operational runbooks; support PCI DSS and SOC 1 Type 2 audit evidence collection. • Participate in on-call rotation and be available for after-hours work including unscheduled incidents. • Travel to domestic data center and office locations as needed to support deployments or incidents. Technical Expertise & Core Competencies Required • 10+ years of hands-on enterprise networking experience in large-scale, multi-site environments. • Expert-level Cisco routing and switching: IOS/NX-OS, BGP, OSPF, EIGRP, VLANs, STP. • Enterprise firewall administration: Cisco ASA/FTD, pfSense, and Check Point — rule management, segmentation strategy, and change control. • F5 BIG-IP LTM/GTM: virtual servers, pools, iRules, traffic policies, GTM topology records. • Cloudflare: DNS management, WAF rulesets, and security policy administration. • FireMon: policy analysis, rule review workflows, access path validation. • Deep understanding of TCP/IP, DNS, DHCP, routing/switching protocols, and secure remote access. • Experience operating in PCI DSS-compliant environments including control implementation and audit evidence collection. • Strong troubleshooting capabilities with the ability to resolve complex outages under time pressure. Preferred / Nice to Have • Proxmox VE: VM/LXC provisioning, cluster management, and software-defined networking. • Experience deploying FOSS tools to replace commercial networking or monitoring products (e.g., Oxidized, NetBox, or similar). • Hybrid cloud networking: AWS Direct Connect, Azure ExpressRoute, site-to-site VPN, cloud-native security groups. • Zero-trust / overlay VPN concepts and implementation (e.g., Tailscale or equivalent). • Structured cabling standards, rack design, and power management in physical data center environments. • Vendor management: circuit provisioning, carrier escalations, hardware lifecycle coordination. Qualifications • 10+ years of enterprise networking experience in complex, multi-site or global environments. • Demonstrated ability to work independently and drive projects to completion without heavy oversight. • Strong vendor management skills — able to coordinate service delivery and incident resolution with carriers, ISPs, and hardware vendors. • Proven ability to document infrastructure for audits, incident response, and operational continuity. • Willingness and ability to travel domestically as needed (estimated low frequency; valid driver’s license required). • Available for on-call rotation and after-hours support windows. Education & Certifications Education • Bachelor’s degree in Information Technology, Computer Science, or a related field, or equivalent professional experience. Preferred Certifications • AWS Certified Advanced Networking Specialty, AWS Solutions Architect, or equivalent. • Microsoft Azure Network Engineer Associate or equivalent Azure networking certification. • Cisco CCNP (or higher) — Enterprise, Data Center, or Security track. • Check Point CCSE or equivalent firewall platform certification. • CCIE (any track), F5 Certified BIG-IP Administrator, or other advanced certifications are a strong differentiator.