Network architect

Position Title: Network Infrastructure Engineer
Department: Office of Information Technology (OIT)
Summary:
This position is responsible for the design, implementation, security, and ongoing support of
OIT’s enterprise data center and campus network infrastructure. The engineer will work with
Cisco ACI, Software-Defined Access (SDA), Cisco Identity Services Engine (ISE), Cisco
Catalyst platforms, and observability tools including ThousandEyes, Cyber Vision, and DNA
Spaces. The role also includes the administration of Palo Alto firewalls supporting statewide
systems.
Major Responsibilities
▪ Cisco ACI fabric design and administration (VRF, BD, EPG/ESG, L3Out).
▪ ACI integrations with OpenShift VMM and Cilium/Isovalent.
▪ Catalyst and SDA wired/wireless fabric deployment and support.
▪ Identity-driven access configuration using Cisco ISE (TACACS+,
authentication/authorization, device profiling).
▪ ThousandEyes monitoring, Cyber Vision integration, and DNA Spaces analytics.
▪ Palo Alto next-generation firewall configuration, policy development, and
troubleshooting.
▪ Network documentation, lifecycle planning, and support of mission-critical services.
Required Knowledge/Skills
▪ Cisco ACI, Nexus platforms, multi-tenant segmentation.
▪ SDA campus architectures.
▪ Cisco ISE policy sets and NAC.
▪ Palo Alto firewall administration and security profiles.
▪ Strong L2/L3 routing and switching skills.
▪ Ability to support high-availability, enterprise-scale infrastructure.
Recommended Certifications
▪ CCNA
▪ CCNP Data Center
▪ CCNP Enterprise
▪ Cisco Specialist – ACI, SDA, or ISE
▪ PCNSA (Palo Alto)
▪ PCNSE (Palo Alto)
▪ ThousandEyes, Cyber Vision, or related platform training

DOR - Office of Information Technology (OIT) is seeking a highly skilled and experienced Network Infrastructure
Engineer to support and advance the State’s enterprise networking environment. This position plays a critical role in
designing, deploying, and operating new LDC (Liquor Distribution Center) fabrics, networks, identity-driven access
systems, and observability platforms.
The engineer will work closely with infrastructure team to ensure the State’s network services remain reliable, scalable,
secure, and aligned with enterprise modernization goals. This is a hands-on engineering position that requires strong
technical expertise, effective communication, and the ability to support mission-critical systems across data centers and
statewide operations.
Key Responsibilities
Cisco ACI & Data Center Networking
• Design, implement, and maintain Cisco Nexus platforms running ACI mode, including VRFs, Bridge
Domains, EPGs/ESGs, L3Out, contracts, and fabric policies.
• Integrate ACI with virtualization and container platforms including Red Hat OpenShift VMM and
Isovalent/Cilium.
• Configure and optimize RoCEv2 within the ACI fabric for high-performance, low-latency workloads.
• Conduct advanced troubleshooting of ACI fabric health, faults, endpoint learning, contracts, and
multi-tenant segmentation.
• Develop and maintain fabric documentation, standards, and operational procedures.
Cisco Catalyst & Software-Defined Access
• Deploy and support Cisco Catalyst platforms within campus environments.
• Design and maintain Software-Defined Access (SDA) architectures, including SDA Wired Fabric and
Fabric-Enabled Wireless.
2
• Manage fabric underlay and overlay, policy mapping, authentication integrations, and assurance
operations.
• Collaborate with wireless engineers to optimize coverage, performance, and policy enforcement
across SDA.
Identity-Driven Networking & Security Technologies
• Configure and administer Cisco Identity Services Engine (ISE) for TACACS+ device administration,
authentication and authorization policy sets, and endpoint profiling.
• Integrate Cyber Vision intelligence into profiling, segmentation, and access control workflows.
• Support Zero Trust efforts through identity-centric segmentation and policy integration across ACI
and SDA fabrics.
Visibility, Analytics & Observability
• Deploy and manage ThousandEyes for end-to-end visibility, routing path analysis, and performance
monitoring.
• Implement and support Cisco Cyber Vision for OT/IoT asset visibility, device classification, and
behavior analysis.
• Manage DNA Spaces for location analytics, telemetry ingestion, device behavior, and wireless
intelligence.
• Provide meaningful insights to leadership using data from these observability platforms.
Core Network Engineering
• Troubleshoot complex L2/L3 network issues across multiple environments including VLANs, OSPF,
BGP, STP, and multicast.
• Designing, and implementing Palo Alto Networks security solutions across enterprise environments.
• Create and maintain documentation including architecture diagrams, standards, runbooks, and
asset inventories.
• Assist in modernization planning, platform upgrades, procurement processes, and statewide
technology initiatives.
Other duties as assigned.
Required Skills/Experience
Provide the minimum required skills and/or experience the contractor must possess to qualify for this position. These
requirements will be transferred to the Score Sheet and candidates without these requirements reflected on their resume will
NOT be presented to the manager for consideration.
The DOR SME must possess:
• Minimum of 15 years of experience working with Cisco networking.
Required Skills & Qualifications
• Hands-on experience with Cisco ACI in production environments.
• Deep knowledge of ACI constructs (VRF, BD, EPG, ESG, L3Out, contracts).
• Experience integrating ACI with OpenShift VMM and Cilium/Isovalent.
• Proficiency with Cisco Catalyst platforms and SDA fabric technologies.
• Experience administering Cisco ISE including TACACS+ and policy-set based NAC.
• Strong understanding of ThousandEyes, Cyber Vision, and DNA Spaces or comparable tools.
• Solid command of core TCP/IP, routing, switching, QoS, and network security fundamentals.
• Ability to develop clear diagrams, documentation, and architectural artifacts.
• Strong analytical and communication skills with the ability to work in fast-paced, mission-critical environments.
Preferred/Not Required
Provide any skills/experience that would be helpful for the candidate to possess but not required. Examples: Previous supervisory
experience, WebLogic experience helpful, etc.
• Cisco certifications such as CCNP Data Center, CCNP Enterprise, CCIE, or equivalent experience.
• Hands-on experience with container networking and virtualization integrations.
• Familiarity with NIST frameworks and state-level cybersecurity requirements.
• Experience with network automation tools (Python, Ansible, REST APIs).
• Prior work in state government or large enterprise network environments.
• PCCSA – Palo Alto Networks Certified Cybersecurity Associate
Foundational security, NGFW basics, threats, App-ID, and policy.
• PCNSA – Palo Alto Networks Certified Network Security Administrator
Focuses on NGFW configuration, security profiles, NAT, App-ID, URL filtering, WildFire