Senior Network Engineer (CCIE or equivalent)

Markham, ON, Canada

Full Time

Experienced

Pathway is hiring a Senior Network Engineer (CCIE or equivalent) in Markham to architect, implement, and optimize multi-site, hybrid (data center + cloud) networks for internal and client environments. You will own HLD/LLD, lead migrations and operations, and partner with security to deliver high-availability, secure, and scalable solutions aligned to business objectives

Type of Position: Permanent Full-time, on-site, five days a week
Availability on call/ after office hours

Key Responsibilities
Network Engineering

End-to-end design of resilient LAN/WAN/WLAN/SD-WAN/data center and hybrid cloud interconnects (hub-and-spoke, EVPN/VXLAN, IPv6, QoS, multicast where applicable).
HLD/LLD ownership: diagrams, BoM, IP plans, routing policies, config standards/runbooks.
Implementation & migrations: plan and execute greenfield builds, cutovers, upgrades with rollback plans.
Routing & switching: expert policy design/troubleshooting for BGP/OSPF/IS-IS, ECMP, VRFs, ACLs, L2/L3 segmentation.
Wireless: enterprise WLAN planning/optimization (surveys, RF design, 802.1X).
Cloud networking (Azure-first): vNet/vWAN designs, Private Link/Endpoints, Route Server, ExpressRoute, Azure Firewall/WAF/App Gateway, Bastion; on-prem to cloud connectivity and segmentation.
Observability & SRE: SNMPv3, NetFlow/IPFIX/sFlow, streaming telemetry, syslog; SLI/SLO dashboards; capacity planning and performance tuning.

Security Engineering & Compliance

Network security controls: NGFW/IPS, WAF, DDoS, VPN/ZTNA, micro-segmentation (ACLs/VRFs/host-based), secure web/DNS.
Access & segmentation: 802.1X/NAC and posture checks; privileged access boundaries; PKI/cert lifecycle for network services.
Zero-Trust & SASE: identity-aware access, secure edge, policy-as-code; align with SOC/SIEM for telemetry (flows, DNS, firewall).
Compliance & RCA: map controls to ISO 27001/SOC 2/HIPAA/PHIPA as applicable; lead RCAs and maintain hardening baselines.

Consulting, Ownership & Collaboration

Translate business requirements into clear designs and options; present to stakeholders and obtain sign-off.
Keep diagrams, inventories, as-builts, and runbooks current.
Partner with PMO/operations to meet SLAs/OLAs; participate in escalation rota and maintenance windows.
Mentor engineers; review changes for quality/risk.

Required Qualifications

Certification: CCIE (any track) or equivalent expert-level certification (e.g., Fortinet NSE 7/8, Palo Alto PCNSE, Juniper JNCIE), or demonstrable expert-level experience.
Experience: 8+ years in network engineering with 3+ years leading complex, multi-site or multi-tenant designs/migrations.
Deep expertise in routing/switching (BGP, OSPF/IS-IS, MPLS/EVPN, QoS) and enterprise WLAN.
Hands-on with network security (NGFW/IPS, VPN/ZTNA, NAC/802.1X, segmentation) and integrating logs with SIEM.
Cloud networking: experience with Microsoft Azure (vNet/vWAN, ExpressRoute, Private Link, Azure Firewall/WAF/App Gateway); familiarity with other clouds is a plus.
Excellent client-facing communication and documentation (HLD/LLD/runbooks/change notes).

Preferred Skills

MSP/consulting background with multi-tenant operations and SLA ownership.
Fortinet ecosystem: FortiGate, FortiManager, FortiAnalyzer, SD-WAN, IPsec/SSL VPN, ZTNA, EMS, FortiNAC, WLAN/AP/switch integration.
Cisco ecosystem: Catalyst/Nexus, SDA/ACI, SD-WAN (Viptela), ISE/802.1X, ASA/FTD, Meraki switching/Wi-Fi/SD-WAN.
Azure security integrations: Defender for Cloud, Sentinel, Azure Monitor/Log Analytics, NSGs/ASGs, Policy.
Packet capture & protocol analysis: expert with Wireshark (display filters, TLS/SSL, TCP retransmits/latency, VoIP/RTP, 802.11), plus tcpdump, dumpcap, and (nice-to-have) CloudShark/Zeek.
ITIL change/problem; disciplined incident and post-incident processes.
EVPN/VXLAN leaf-spine, service-mesh; observability (Prometheus/Grafana) and capacity modeling.
Familiarity with SASE/SD-WAN/ZTNA patterns across multiple vendors (e.g., Palo Alto, Check Point, Zscaler, Cloudflare, Aruba/Juniper/Arista).

Apply for this position

Required*

Apply with Indeed

First Name*

Last Name*

Email Address*

Phone*

Address

Resume*

We've received your resume. Click here to update it.

Attach resume or Paste resume

Attach resume as .pdf, .doc, .docx, .odt, .txt, or .rtf (limit 5MB) or Paste resume

Paste your resume here or Attach resume file

Do you have CCIE (any track) or equivalent expert-level certification (e.g., Fortinet NSE 7/8, Palo Alto PCNSE, Juniper JNCIE)*

Do you have expertise in routing/switching (BGP, OSPF/IS-IS, MPLS/EVPN, QoS) and enterprise WLAN.*

Do you have minimum of 5 years of experience with Microsoft Azure (vNet/vWAN, ExpressRoute, Private Link, Azure Firewall/WAF/App Gateway)*

Human Check*

Submit Application

Thanks for visiting our Career Page. Please review our open positions and apply to the positions that match your qualifications.

Senior Network Engineer (CCIE or equivalent)

Apply for this position