| Role Overview
We are looking for a highly experienced SD-WAN Engineer to lead the design, deployment, and lifecycle management of software-defined WAN (SD-WAN) solutions across a BFSI-grade hybrid enterprise. The role demands deep technical expertise in routing, traffic engineering, cloud integration, and zero-touch provisioning, with a strong focus on resiliency, security, and application performance.
Location: Plano TX
Primary Technical Skills
SD-WAN Platforms: Hands-on experience with Cisco Viptela, Fortinet Secure SD-WAN, VMware VeloCloud, and Silver Peak Unity EdgeConnect.
Routing Protocols: Advanced configuration and troubleshooting of BGP, OSPF, EIGRP, and route redistribution across underlay and overlay networks.
Application-Aware Routing: Implementation of dynamic path selection, DSCP-based prioritization, and real-time traffic steering based on SLA metrics.
WAN Optimization: Deep understanding of deduplication, compression, TCP optimization, and forward error correction (FEC).
SD-WAN Orchestration: Proficient in zero-touch provisioning (ZTP), template-based policy deployment, and multi-tenant segmentation.
Cloud Integration: Design and deployment of direct cloud on-ramp to AWS, Azure, and Google Cloud Platform, including ExpressRoute, Transit Gateway, and cloud-native firewalls.
Overlay Security: Implementation of IPSec tunnels, IKEv2, certificate-based authentication, and role-based access control (RBAC).
High Availability & Failover: Design of active-active/active-standby topologies, dual CPE, and path resiliency mechanisms.
QoS & Traffic Engineering: End-to-end QoS policy design, shaping, policing, and per-app SLA enforcement.
Multicast & Voice Optimization: Support for multicast over SD-WAN, VoIP prioritization, and MOS-based routing decisions.
Secondary Technical Skills
Transport Diversity: Integration of MPLS, broadband, 5G/LTE, and satellite links into SD-WAN fabric with path cost modeling.
Monitoring & Telemetry: Use of SolarWinds, NetFlow, SNMP traps, and SD-WAN analytics dashboards for proactive monitoring and SLA validation.
Firewall & VPN Integration: Policy coordination with NGFWs (e.g., Fortinet, Palo Alto), site-to-site VPNs, and ZTNA gateways.
Automation & Scripting: Development of Python, Ansible, or REST API scripts for bulk provisioning, compliance checks, and config drift detection.
Network Segmentation: Design of VRF-based segmentation, zone-based policies, and microsegmentation across branches and data centers.
DNS & DHCP Integration: Centralized DHCP relay, DNS forwarding, and split-horizon DNS for hybrid environments.
Syslog & SIEM Integration: Forwarding of SD-WAN logs to SIEM platforms (e.g., Splunk, QRadar) for event correlation and compliance auditing.
Cloud-Native Networking: Exposure to Transit Gateway Connect, Azure Virtual WAN, and Google Cloud Platform Cloud Router.
Policy-Based Forwarding (PBF): Use of match-action rules to steer traffic based on application, source, or destination.
Overlay-Underlay Correlation: Mapping of overlay tunnels to underlay health, with real-time path remediation.
Required Experience
8 12 years in network engineering, with 3+ years in hands-on SD-WAN deployment, operations, and troubleshooting.
Proven experience in designing and scaling SD-WAN architectures across multi-branch BFSI environments.
Strong documentation skills: HLD/LLD, runbooks, change control, and as-built diagrams.
Experience in regulated sectors (BFSI, healthcare, telecom) with emphasis on compliance, audit readiness, and risk mitigation.
Ability to lead cross-functional collaboration with security, cloud, and infrastructure teams.
Preferred Qualifications
Exposure to SASE/SSE convergence models, including ZTNA, SWG, and CASB integration with SD-WAN.
Familiarity with cloud-native networking constructs and service chaining in hybrid environments.
Understanding of ITIL v4 processes: incident, change, and problem management.
Experience with DevNet, NetDevOps, or CI/CD pipelines for network automation.
Knowledge of compliance frameworks: ISO 27001, NIST 800-53, RBI, PCI-DSS. |