Engineer-Network

Who we are: BAL is a team of brilliant people who change lives through elite immigration work and collaborative innovation. We pursue the exceptional in all that we do but never at the expense of our values. Theres no denying our work is demanding both in volume and pace but were up for the challenge. We love the balance of hard work and fun so youll see us in jeans as we shatter glass ceilings and conventional stereotypes. BAL employees feel valued rewarded and respected. We seek opportunities to be of service to others and our communities. We are committed to your growth and development and want to set you up for success here at BAL and beyond.

Who you are: You are looking for work that has a purpose. You arent afraid to roll up your sleeves and get stuff done. You learn quickly. You move fast. You embrace challenge and detail as well as creative thinking. You believe you have something unique to contribute and you arent afraid to raise your hand. You understand that powering human achievement is ultimately about impacting a real person. You are looking for a place to grow and an environment where everyone has a spot and is genuinely welcome.

Were better together: A bright driven person like you and an industry-leading powerhouse like BAL Its a perfect combination! We truly want to see you succeed here and become an integral part of our mission to provide an experience that makes a positive difference in peoples lives. Come be a part of something special where you can have an impact and be valued just for being you!

In addition to competitive pay a discretionary annual bonus and a supportive team-oriented culture we offer an outstanding benefits package that includes medical dental vision disability and life insurance sick time unlimited vacation and 401(k) with company match.

OVERVIEW:

The Infrastructure/Network Engineer builds and evolves the companys Palo Alto SASE & SDâWAN and Cisco Meraki campus networks to deliver secure performant connectivity. Responsibilities include policyâdriven networking via Strata Cloud Manager GlobalProtect secure access Meraki switching/wireless engineering 802.1X/EAPâTLS integration and network automation/observability. Collaborates with Cyber and Systems to enable identityâaware zeroâtrust networking.

PRIMARY RESPONSIBILITIES:

• Designs and implements network solutions that improve reliability performance and security.
• Drives standardization and documentation; influences architecture through peer reviews.
• Partners with Cyber and Systems on certificateâbased access device posture and telemetry to SIEM.
• Engineer and optimize Palo Alto SDâWAN fabric (path selection QoS HA) and SASE policies in Strata Cloud Manager.
• Configure and maintain Prisma Access/GlobalProtect for secure remote access; integrate identity and device posture.
• Develop site cutover plans and playbooks; validate performance against SLOs.
• Engineer Meraki switching/wireless: RF design capacity planning segmentation and SSID architectures.
• Implement 802.1X/EAPâTLS with RADIUS/NPS and certificate services; coordinate with Systems for device cert lifecycle.
• Harden network services (DHCP/DNS/IPAM) and enforce leastâprivilege segmentation.
• Automate repetitive tasks using Python/Ansible/APIs; build compliance checks and config templates.
• Create health/telemetry dashboards (latency loss jitter SNR link quality); instrument alerting and runbooks.
• Contribute logs/metrics to SIEM (e.g. Rapid7) and analyze trends to reduce MTTR.
• Author CRs with impact analysis testing plans and backout; perform staged rollouts.
• Execute rootâcause analysis and implement durable fixes; maintain reference configurations.
• Collaborate with Cyber to align with ISO/NIST/CIS controls and evidence collection.

QUALIFICATIONS:

• 4 years engineering enterprise networks with SDâWAN/SASE and campus access.
• Handsâon with Palo Alto (Strata Cloud Manager PANâOS) and Cisco Meraki (switching/wireless).
• Strong knowledge of 802.1X EAPâTLS RADIUS/NPS VLANs routing (OSPF/BGP) QoS and HA.
• Experience with Python/Ansible/APIs for network automation; strong documentation and change discipline.
• Strata Cloud Manager policy stacks/templates; PANâOS; Prisma Access/GlobalProtect.
• Meraki Dashboard (switch/AP) RF fundamentals and WiâFi troubleshooting.
• RADIUS/NPS certificate services for EAPâTLS; DHCP/DNS/IPAM.
• Python/Ansible REST APIs Git; SolarWinds (or similar) telemetry.
• Analytical problem solving and crisp technical communication.
• Proactive risk identification and mitigation; bias for automation.
• Palo Alto Strata Cloud Manager Prisma Access/GlobalProtect PANâOS.
• Cisco Meraki switch/AP RADIUS/NPS DHCP/DNS/IPAM.
• SolarWinds (or similar) Python/Ansible REST APIs ServiceNow/Jira Git.

Preferred:

• Experience with Prisma Access/GlobalProtect and certificateâbased access patterns.
• Exposure to SolarWinds or similar tools; DNS/DHCP/IPAM best practices.
• Certifications: PCNSE Palo Alto SASE/SDâWAN Cisco ENCOR/ENARSI Meraki CMSS (niceâtoâhave).

WORKING CONDITIONS:

• Able to sit and work at a computer keyboard for extended periods of time.
• Able to stoop kneel bend at the waist and reach daily.
• Able to perform general office administrative activities: copying filing delivering and using the telephone.
• Able to lift and move up to 25 pounds occasionally.
• Regular and on-time attendance.
• Must be able to prioritized schedule and complete testing required for multiple applications with overlapping schedules.
• A certain degree of creativity and flexibility is required.
• Hours may exceed 40 hours per week.
• Occasional travel by conventional means including aircraft motor vehicle and the like within the region and to other locations as required.

Note: To perform this job successfully an individual must be able to perform each essential duty satisfactorily. The requirements listed are representative of the knowledge skill and/or ability required and are not intended to be an exhaustive list of all duties responsibilities or qualifications associated with this job.

Berry Appleman & Leiden is an Equal Opportunity Employer. It is the policy of BAL to ensure an equal employment opportunity without discrimination or harassment on the basis of race color national origin religion gender gender identity or expression age disability alienage or citizenship status marital status creed genetic predisposition or carrier status sexual orientation or any other characteristic protected by law. BAL prohibits and will not tolerate any such discrimination or harassment.

BAL does not accept unsolicited resumes from recruiters or employment agencies. BAL is under no obligation to pay any referral compensation or recruiter fee in the absence of a current executed Recruitment Services the event a recruiter or agency submits an unsolicited resume or candidate without an agreement BAL reserves the right to pursue and hire said candidate(s) without any financial obligation to the recruiter or agency. Any unsolicited resumes including those submitted to hiring managers shall be deemed the property of BAL. If your agency would like to be considered as a potential recruiting partner please forward your contact information to

Required Experience:

IC