Senior Network Engineer (CCIE or equivalent)

Markham - Canada

Monthly Salary: Not Disclosed

Posted on: 30+ days ago

Vacancies: 1 Vacancy

Job Summary

Pathway is hiring a Senior Network Engineer (CCIE or equivalent) in Markham to architect implement and optimize multi-site hybrid (data center cloud) networks for internal and client environments. You will own HLD/LLD lead migrations and operations and partner with security to deliver high-availability secure and scalable solutions aligned to business objectives

Type of Position: Permanent Full-time on-site five days a week
Availability on call/ after office hours

Key Responsibilities
Network Engineering

End-to-end design of resilient LAN/WAN/WLAN/SD-WAN/data center and hybrid cloud interconnects (hub-and-spoke EVPN/VXLAN IPv6 QoS multicast where applicable).
HLD/LLD ownership: diagrams BoM IP plans routing policies config standards/runbooks.
Implementation & migrations: plan and execute greenfield builds cutovers upgrades with rollback plans.
Routing & switching: expert policy design/troubleshooting for BGP/OSPF/IS-IS ECMP VRFs ACLs L2/L3 segmentation.
Wireless: enterprise WLAN planning/optimization (surveys RF design 802.1X).
Cloud networking (Azure-first): vNet/vWAN designs Private Link/Endpoints Route Server ExpressRoute Azure Firewall/WAF/App Gateway Bastion; on-prem to cloud connectivity and segmentation.
Observability & SRE: SNMPv3 NetFlow/IPFIX/sFlow streaming telemetry syslog; SLI/SLO dashboards; capacity planning and performance tuning.

Security Engineering & Compliance

Network security controls: NGFW/IPS WAF DDoS VPN/ZTNA micro-segmentation (ACLs/VRFs/host-based) secure web/DNS.
Access & segmentation: 802.1X/NAC and posture checks; privileged access boundaries; PKI/cert lifecycle for network services.
Zero-Trust & SASE: identity-aware access secure edge policy-as-code; align with SOC/SIEM for telemetry (flows DNS firewall).
Compliance & RCA: map controls to ISO 27001/SOC 2/HIPAA/PHIPA as applicable; lead RCAs and maintain hardening baselines.

Consulting Ownership & Collaboration

Translate business requirements into clear designs and options; present to stakeholders and obtain sign-off.
Keep diagrams inventories as-builts and runbooks current.
Partner with PMO/operations to meet SLAs/OLAs; participate in escalation rota and maintenance windows.
Mentor engineers; review changes for quality/risk.

Required Qualifications

Certification: CCIE (any track) or equivalent expert-level certification (e.g. Fortinet NSE 7/8 Palo Alto PCNSE Juniper JNCIE) or demonstrable expert-level experience.
Experience: 8 years in network engineering with 3 years leading complex multi-site or multi-tenant designs/migrations.
Deep expertise in routing/switching (BGP OSPF/IS-IS MPLS/EVPN QoS) and enterprise WLAN.
Hands-on with network security (NGFW/IPS VPN/ZTNA NAC/802.1X segmentation) and integrating logs with SIEM.
Cloud networking: experience with Microsoft Azure (vNet/vWAN ExpressRoute Private Link Azure Firewall/WAF/App Gateway); familiarity with other clouds is a plus.
Excellent client-facing communication and documentation (HLD/LLD/runbooks/change notes).

Preferred Skills

MSP/consulting background with multi-tenant operations and SLA ownership.
Fortinet ecosystem: FortiGate FortiManager FortiAnalyzer SD-WAN IPsec/SSL VPN ZTNA EMS FortiNAC WLAN/AP/switch integration.
Cisco ecosystem: Catalyst/Nexus SDA/ACI SD-WAN (Viptela) ISE/802.1X ASA/FTD Meraki switching/Wi-Fi/SD-WAN.
Azure security integrations: Defender for Cloud Sentinel Azure Monitor/Log Analytics NSGs/ASGs Policy.
Packet capture & protocol analysis: expert with Wireshark (display filters TLS/SSL TCP retransmits/latency VoIP/RTP 802.11) plus tcpdump dumpcap and (nice-to-have) CloudShark/Zeek.
ITIL change/problem; disciplined incident and post-incident processes.
EVPN/VXLAN leaf-spine service-mesh; observability (Prometheus/Grafana) and capacity modeling.
Familiarity with SASE/SD-WAN/ZTNA patterns across multiple vendors (e.g. Palo Alto Check Point Zscaler Cloudflare Aruba/Juniper/Arista).

Required Experience:

Senior IC

End-to-end design of resilient LAN/WAN/WLAN/SD-WAN/data center and hybrid cloud interconnects (hub-and-spoke EVPN/VXLAN IPv6 QoS multicast where applicable).
HLD/LLD ownership: diagrams BoM IP plans routing policies config standards/runbooks.
Implementation & migrations: plan and execute greenfield builds cutovers upgrades with rollback plans.
Routing & switching: expert policy design/troubleshooting for BGP/OSPF/IS-IS ECMP VRFs ACLs L2/L3 segmentation.
Wireless: enterprise WLAN planning/optimization (surveys RF design 802.1X).
Cloud networking (Azure-first): vNet/vWAN designs Private Link/Endpoints Route Server ExpressRoute Azure Firewall/WAF/App Gateway Bastion; on-prem to cloud connectivity and segmentation.
Observability & SRE: SNMPv3 NetFlow/IPFIX/sFlow streaming telemetry syslog; SLI/SLO dashboards; capacity planning and performance tuning.

Security Engineering & Compliance

Network security controls: NGFW/IPS WAF DDoS VPN/ZTNA micro-segmentation (ACLs/VRFs/host-based) secure web/DNS.
Access & segmentation: 802.1X/NAC and posture checks; privileged access boundaries; PKI/cert lifecycle for network services.
Zero-Trust & SASE: identity-aware access secure edge policy-as-code; align with SOC/SIEM for telemetry (flows DNS firewall).
Compliance & RCA: map controls to ISO 27001/SOC 2/HIPAA/PHIPA as applicable; lead RCAs and maintain hardening baselines.

Consulting Ownership & Collaboration

Translate business requirements into clear designs and options; present to stakeholders and obtain sign-off.
Keep diagrams inventories as-builts and runbooks current.
Partner with PMO/operations to meet SLAs/OLAs; participate in escalation rota and maintenance windows.
Mentor engineers; review changes for quality/risk.

Required Qualifications

Certification: CCIE (any track) or equivalent expert-level certification (e.g. Fortinet NSE 7/8 Palo Alto PCNSE Juniper JNCIE) or demonstrable expert-level experience.
Experience: 8 years in network engineering with 3 years leading complex multi-site or multi-tenant designs/migrations.
Deep expertise in routing/switching (BGP OSPF/IS-IS MPLS/EVPN QoS) and enterprise WLAN.
Hands-on with network security (NGFW/IPS VPN/ZTNA NAC/802.1X segmentation) and integrating logs with SIEM.
Cloud networking: experience with Microsoft Azure (vNet/vWAN ExpressRoute Private Link Azure Firewall/WAF/App Gateway); familiarity with other clouds is a plus.
Excellent client-facing communication and documentation (HLD/LLD/runbooks/change notes).

Preferred Skills

MSP/consulting background with multi-tenant operations and SLA ownership.
Fortinet ecosystem: FortiGate FortiManager FortiAnalyzer SD-WAN IPsec/SSL VPN ZTNA EMS FortiNAC WLAN/AP/switch integration.
Cisco ecosystem: Catalyst/Nexus SDA/ACI SD-WAN (Viptela) ISE/802.1X ASA/FTD Meraki switching/Wi-Fi/SD-WAN.
Azure security integrations: Defender for Cloud Sentinel Azure Monitor/Log Analytics NSGs/ASGs Policy.
Packet capture & protocol analysis: expert with Wireshark (display filters TLS/SSL TCP retransmits/latency VoIP/RTP 802.11) plus tcpdump dumpcap and (nice-to-have) CloudShark/Zeek.
ITIL change/problem; disciplined incident and post-incident processes.
EVPN/VXLAN leaf-spine service-mesh; observability (Prometheus/Grafana) and capacity modeling.
Familiarity with SASE/SD-WAN/ZTNA patterns across multiple vendors (e.g. Palo Alto Check Point Zscaler Cloudflare Aruba/Juniper/Arista).

Required Experience:

Senior IC

Key Skills

EIGRP
Load Balancing
Routing Protocols
Network Engineering
BGP
LAN
Computer Networking
IPsec
OSPF
Cisco ASA
Juniper
MPLS

Apply Now

About Company

Pathway Communications

Pathway Communications: Your trusted choice for Outsourced IT support services in Toronto. Elevate your business with our expertise and boost your business efficiency.

View Profile View Profile

AI AutoApply

Apply to 100+ jobs with one click