Engineer-Network

• →Designs and implements network solutions that improve reliability, performance, and security.
• →Drives standardization and documentation; influences architecture through peer reviews.
• →Partners with Cyber and Systems on certificate‑based access, device posture, and telemetry to SIEM.
• →
• →Engineer and optimize Palo Alto SD‑WAN fabric (path selection, QoS, HA) and SASE policies in Strata Cloud Manager.
• →Configure and maintain Prisma Access/GlobalProtect for secure remote access; integrate identity and device posture.
• →Develop site cutover plans and playbooks; validate performance against SLOs.
• →Engineer Meraki switching/wireless: RF design, capacity planning, segmentation, and SSID architectures.
• →Implement 802.1X/EAP‑TLS with RADIUS/NPS and certificate services; coordinate with Systems for device cert lifecycle.
• →Harden network services (DHCP/DNS/IPAM) and enforce least‑privilege segmentation.
• →Automate repetitive tasks using Python/Ansible/APIs; build compliance checks and config templates.
• →Create health/telemetry dashboards (latency, loss, jitter, SNR, link quality); instrument alerting and runbooks.
• →Contribute logs/metrics to SIEM (e.g., Rapid7) and analyze trends to reduce MTTR.
• →Author CRs with impact analysis, testing plans, and backout; perform staged rollouts.
• →Execute root‑cause analysis and implement durable fixes; maintain reference configurations.
• →Collaborate with Cyber to align with ISO/NIST/CIS controls and evidence collection.

• 4+ years engineering enterprise networks with SD‑WAN/SASE and campus access.
• Hands‑on with Palo Alto (Strata Cloud Manager, PAN‑OS) and Cisco Meraki (switching/wireless).
• Strong knowledge of 802.1X, EAP‑TLS, RADIUS/NPS, VLANs, routing (OSPF/BGP), QoS, and HA.
• Experience with Python/Ansible/APIs for network automation; strong documentation and change discipline.
• Strata Cloud Manager policy stacks/templates; PAN‑OS; Prisma Access/GlobalProtect.
• Meraki Dashboard (switch/AP), RF fundamentals, and Wi‑Fi troubleshooting.
• RADIUS/NPS, certificate services for EAP‑TLS; DHCP/DNS/IPAM.
• Python/Ansible, REST APIs, Git; SolarWinds (or similar) telemetry.
• Analytical problem solving and crisp technical communication.
• Proactive risk identification and mitigation; bias for automation.
• Palo Alto Strata Cloud Manager, Prisma Access/GlobalProtect, PAN‑OS.
• Cisco Meraki switch/AP, RADIUS/NPS, DHCP/DNS/IPAM.
• SolarWinds (or similar), Python/Ansible, REST APIs, ServiceNow/Jira, Git.

• Experience with Prisma Access/GlobalProtect and certificate‑based access patterns.
• Exposure to SolarWinds or similar tools; DNS/DHCP/IPAM best practices.
• Certifications: PCNSE, Palo Alto SASE/SD‑WAN, Cisco ENCOR/ENARSI, Meraki CMSS (nice‑to‑have).

• Able to sit and work at a computer keyboard for extended periods of time.
• Able to stoop, kneel, bend at the waist and reach daily.
• Able to perform general office administrative activities: copying, filing, delivering and using the telephone.
• Able to lift and move up to 25 pounds occasionally.
• Regular and on-time attendance.
• Must be able to prioritized, schedule and complete testing required for multiple applications with overlapping schedules.
• A certain degree of creativity and flexibility is required.
• Hours may exceed 40 hours per week.
• Occasional travel by conventional means including aircraft, motor vehicle and the like within the region and to other locations as required.

Note: To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed are representative of the knowledge, skill, and/or ability required and are not intended to be an exhaustive list of all duties, responsibilities or qualifications associated with this job.

Berry Appleman & Leiden is an Equal Opportunity Employer. It is the policy of BAL to ensure an equal employment opportunity without discrimination or harassment on the basis of race, color, national origin, religion, gender, gender identity or expression, age, disability, alienage or citizenship status, marital status, creed, genetic predisposition or carrier status, sexual orientation or any other characteristic protected by law. BAL prohibits and will not tolerate any such discrimination or harassment.

BAL does not accept unsolicited resumes from recruiters or employment agencies. BAL is under no obligation to pay any referral compensation or recruiter fee in the absence of a current executed Recruitment Services Agreement. In the event a recruiter or agency submits an unsolicited resume or candidate without an agreement, BAL reserves the right to pursue and hire said candidate(s) without any financial obligation to the recruiter or agency. Any unsolicited resumes, including those submitted to hiring managers, shall be deemed the property of BAL. If your agency would like to be considered as a potential recruiting partner, please forward your contact information to Recruitment@BAL.com.