AITHERAS, LLC
Senior Network & Security Engineer
Location:
New York Tri-State Area (NYC / Northern NJ / Fairfield-Westchester CT) Work Model:
Hybrid - 3 days on-site at primary data-center campus in Midtown Manhattan or Secaucus, NJ; 2 days WFH. Clearance:
None required, but ability to pass a Tier 2 public-trust background check is a must. Travel:
About Us AITHERAS, LLC is a customer-focused IT consulting firm delivering cost-effective, mission-critical solutions since 2002. We specialize in Data Analytics, Cloud Computing, IT Engineering, Application Development, and Cyber Security. Based in Rockville, MD, we're ISO 9001:2015 certified, an SBA-designated Small Business, and an MBE-certified firm by MDOT. We partner with over 100 clients to create scalable, innovative solutions that drive success.
What You'll Do
% Time
Responsibility 40 % Design & Implementation
- Build and migrate segmentation zones, VRFs, and BGP/OSPF fabrics across Cisco Nexus 9K, Juniper QFX/MX, and Palo Alto PA-Series.25 % Security & Visibility
- Stand up TACACS+/ Cisco ISE
for AAA, integrate flow telemetry into
Cisco Secure Network Analytics (StealthWatch) , deploy taps/SPANs/Gigamon, and tune IDS/IPS policies for OT & IT.15 % Automation
- Write and maintain Python/Ansible/Terraform pipelines (pyATS, Nornir, Jinja2) for golden-config generation, compliance drift detection, and CI/CD-based push-button rollouts.10 % Operations & Incident Response
- Serve as L3 escalation and join a 1-week-per-6 on-call rotation; own post-mortems and MTTR metrics.10 % Documentation & Mentoring
- Produce HLDs/LLDs, MOPs, and runbooks; coach junior engineers toward CCNP/PCNSE.
Must-Have Qualifications
8+ years
progressive experience in enterprise or service-provider networking. Deep expertise configuring and troubleshooting
BGP, OSPF, static routing, VRFs, VXLAN-EVPN . Hands-on with
Cisco Catalyst/Nexus & ASA/FTD ,
Juniper EX / QFX / MX , and
Palo Alto NGFWs
(Pan-OS 9/10). Solid command of
AAA (TACACS+, RADIUS)
and production deployments of
Cisco ISE
or equivalent. Practical experience deploying or operating
flow-analytics / tap infrastructure
(StealthWatch, Gigamon, NetFlow/IPFIX, SPANs). Comfort writing
Python
and
Ansible
playbooks; git-based workflows (GitLab/GitHub, CI pipelines). Familiarity with
network IDS/IPS
(Snort, Zeek, Palo Alto Threat Prevention) and SIEM workflows (Splunk, QRadar). Ability to create HLD/LLD diagrams in Visio or draw.io and present them to technical & business leadership. U.S. work authorization and ability to commute to NYC area 3x week.
Nice to Have
CCNP Enterprise/Security, PCNSE, JNCIS-ENT/Sec, or CCIE
(R&S / Enterprise). Cisco Secure Network Analytics
design experience (flow collector sizing, policy tuning). Prior exposure to
industrial / OT networks
(NIST 800-82, Purdue Model, SCADA segmentation). AWS or Azure Advanced Networking
certification; Transit Gateway design experience. Experience with
F5 LTM/GTM
or
Citrix ADC
in low-latency trading or fintech environments. Source-of-truth & intent platforms (NetBox, Nautobot), RESTful API development, or Go/Rust scripting.
What We Offer
Base Salary:
FTE: 135K-140K
or
$90-$100 C2C/1099 FTE Benefits:
100 % employer-paid medical / dental / vision, 401(k) 5 % match, ESPP FTE Training:
$3 k annual cert stipend, paid time for labs & conferences (Cisco Live, Palo Alto Ignite)
New York Tri-State Area (NYC / Northern NJ / Fairfield-Westchester CT) Work Model:
Hybrid - 3 days on-site at primary data-center campus in Midtown Manhattan or Secaucus, NJ; 2 days WFH. Clearance:
None required, but ability to pass a Tier 2 public-trust background check is a must. Travel:
About Us AITHERAS, LLC is a customer-focused IT consulting firm delivering cost-effective, mission-critical solutions since 2002. We specialize in Data Analytics, Cloud Computing, IT Engineering, Application Development, and Cyber Security. Based in Rockville, MD, we're ISO 9001:2015 certified, an SBA-designated Small Business, and an MBE-certified firm by MDOT. We partner with over 100 clients to create scalable, innovative solutions that drive success.
What You'll Do
% Time
Responsibility 40 % Design & Implementation
- Build and migrate segmentation zones, VRFs, and BGP/OSPF fabrics across Cisco Nexus 9K, Juniper QFX/MX, and Palo Alto PA-Series.25 % Security & Visibility
- Stand up TACACS+/ Cisco ISE
for AAA, integrate flow telemetry into
Cisco Secure Network Analytics (StealthWatch) , deploy taps/SPANs/Gigamon, and tune IDS/IPS policies for OT & IT.15 % Automation
- Write and maintain Python/Ansible/Terraform pipelines (pyATS, Nornir, Jinja2) for golden-config generation, compliance drift detection, and CI/CD-based push-button rollouts.10 % Operations & Incident Response
- Serve as L3 escalation and join a 1-week-per-6 on-call rotation; own post-mortems and MTTR metrics.10 % Documentation & Mentoring
- Produce HLDs/LLDs, MOPs, and runbooks; coach junior engineers toward CCNP/PCNSE.
Must-Have Qualifications
8+ years
progressive experience in enterprise or service-provider networking. Deep expertise configuring and troubleshooting
BGP, OSPF, static routing, VRFs, VXLAN-EVPN . Hands-on with
Cisco Catalyst/Nexus & ASA/FTD ,
Juniper EX / QFX / MX , and
Palo Alto NGFWs
(Pan-OS 9/10). Solid command of
AAA (TACACS+, RADIUS)
and production deployments of
Cisco ISE
or equivalent. Practical experience deploying or operating
flow-analytics / tap infrastructure
(StealthWatch, Gigamon, NetFlow/IPFIX, SPANs). Comfort writing
Python
and
Ansible
playbooks; git-based workflows (GitLab/GitHub, CI pipelines). Familiarity with
network IDS/IPS
(Snort, Zeek, Palo Alto Threat Prevention) and SIEM workflows (Splunk, QRadar). Ability to create HLD/LLD diagrams in Visio or draw.io and present them to technical & business leadership. U.S. work authorization and ability to commute to NYC area 3x week.
Nice to Have
CCNP Enterprise/Security, PCNSE, JNCIS-ENT/Sec, or CCIE
(R&S / Enterprise). Cisco Secure Network Analytics
design experience (flow collector sizing, policy tuning). Prior exposure to
industrial / OT networks
(NIST 800-82, Purdue Model, SCADA segmentation). AWS or Azure Advanced Networking
certification; Transit Gateway design experience. Experience with
F5 LTM/GTM
or
Citrix ADC
in low-latency trading or fintech environments. Source-of-truth & intent platforms (NetBox, Nautobot), RESTful API development, or Go/Rust scripting.
What We Offer
Base Salary:
FTE: 135K-140K
or
$90-$100 C2C/1099 FTE Benefits:
100 % employer-paid medical / dental / vision, 401(k) 5 % match, ESPP FTE Training:
$3 k annual cert stipend, paid time for labs & conferences (Cisco Live, Palo Alto Ignite)