Pathway Communications

Senior Network Engineer (CCIE or equivalent)

Posted 17 Days Ago

Be an Early Applicant

Markham, ON

In-Office

Senior level

Cloud • Information Technology • Database • Business Intelligence • Consulting • Cybersecurity

Your One-Stop Managed IT and Cybersecurity Services for Business Excellence.

The Role

The Senior Network Engineer will design, implement, and optimize multi-site networks, manage migrations, ensure security compliance, and mentor junior engineers.

Summary Generated by Built In

Pathway is hiring a Senior Network Engineer (CCIE or equivalent) in Markham to architect, implement, and optimize multi-site, hybrid (data center + cloud) networks for internal and client environments. You will own HLD/LLD, lead migrations and operations, and partner with security to deliver high-availability, secure, and scalable solutions aligned to business objectives
Type of Position: Permanent Full-time, on-site, five days a week
Availability on call/ after office hours
Key Responsibilities
Network Engineering

End-to-end design of resilient LAN/WAN/WLAN/SD-WAN/data center and hybrid cloud interconnects (hub-and-spoke, EVPN/VXLAN, IPv6, QoS, multicast where applicable).
HLD/LLD ownership: diagrams, BoM, IP plans, routing policies, config standards/runbooks.
Implementation & migrations: plan and execute greenfield builds, cutovers, upgrades with rollback plans.
Routing & switching: expert policy design/troubleshooting for BGP/OSPF/IS-IS, ECMP, VRFs, ACLs, L2/L3 segmentation.
Wireless: enterprise WLAN planning/optimization (surveys, RF design, 802.1X).
Cloud networking (Azure-first): vNet/vWAN designs, Private Link/Endpoints, Route Server, ExpressRoute, Azure Firewall/WAF/App Gateway, Bastion; on-prem to cloud connectivity and segmentation.
Observability & SRE: SNMPv3, NetFlow/IPFIX/sFlow, streaming telemetry, syslog; SLI/SLO dashboards; capacity planning and performance tuning.

Security Engineering & Compliance

Network security controls: NGFW/IPS, WAF, DDoS, VPN/ZTNA, micro-segmentation (ACLs/VRFs/host-based), secure web/DNS.
Access & segmentation: 802.1X/NAC and posture checks; privileged access boundaries; PKI/cert lifecycle for network services.
Zero-Trust & SASE: identity-aware access, secure edge, policy-as-code; align with SOC/SIEM for telemetry (flows, DNS, firewall).
Compliance & RCA: map controls to ISO 27001/SOC 2/HIPAA/PHIPA as applicable; lead RCAs and maintain hardening baselines.

Consulting, Ownership & Collaboration

Translate business requirements into clear designs and options; present to stakeholders and obtain sign-off.
Keep diagrams, inventories, as-builts, and runbooks current.
Partner with PMO/operations to meet SLAs/OLAs; participate in escalation rota and maintenance windows.
Mentor engineers; review changes for quality/risk.

Required Qualifications

Certification: CCIE (any track) or equivalent expert-level certification (e.g., Fortinet NSE 7/8, Palo Alto PCNSE, Juniper JNCIE), or demonstrable expert-level experience.
Experience: 8+ years in network engineering with 3+ years leading complex, multi-site or multi-tenant designs/migrations.
Deep expertise in routing/switching (BGP, OSPF/IS-IS, MPLS/EVPN, QoS) and enterprise WLAN.
Hands-on with network security (NGFW/IPS, VPN/ZTNA, NAC/802.1X, segmentation) and integrating logs with SIEM.
Cloud networking: experience with Microsoft Azure (vNet/vWAN, ExpressRoute, Private Link, Azure Firewall/WAF/App Gateway); familiarity with other clouds is a plus.
Excellent client-facing communication and documentation (HLD/LLD/runbooks/change notes).

Preferred Skills

MSP/consulting background with multi-tenant operations and SLA ownership.
Fortinet ecosystem: FortiGate, FortiManager, FortiAnalyzer, SD-WAN, IPsec/SSL VPN, ZTNA, EMS, FortiNAC, WLAN/AP/switch integration.
Cisco ecosystem: Catalyst/Nexus, SDA/ACI, SD-WAN (Viptela), ISE/802.1X, ASA/FTD, Meraki switching/Wi-Fi/SD-WAN.
Azure security integrations: Defender for Cloud, Sentinel, Azure Monitor/Log Analytics, NSGs/ASGs, Policy.
Packet capture & protocol analysis: expert with Wireshark (display filters, TLS/SSL, TCP retransmits/latency, VoIP/RTP, 802.11), plus tcpdump, dumpcap, and (nice-to-have) CloudShark/Zeek.
ITIL change/problem; disciplined incident and post-incident processes.
EVPN/VXLAN leaf-spine, service-mesh; observability (Prometheus/Grafana) and capacity modeling.
Familiarity with SASE/SD-WAN/ZTNA patterns across multiple vendors (e.g., Palo Alto, Check Point, Zscaler, Cloudflare, Aruba/Juniper/Arista).

Top Skills

802.1X

Azure

Azure Firewall

Bgp

Ccie

Cisco

Evpn

Expressroute

Fortinet

Grafana

Hipaa

Ips

Is-Is

Iso 27001

Itil

Mpls

Nac

Netflow

Ngfw

Ospf

Palo Alto

Private Link

Prometheus

Qos

Sd-Wan

Snmpv3

Soc 2

Telemetry

Vnet

Vpn

Vwan

Wireshark

Wlan

Ztna

View all jobs at Pathway Communications

View Pathway Communications Profile

Report Job

Am I A Good Fit?

beta

Get Personalized Job Insights.

Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company

HQ: Markham, ON

170 Employees

Year Founded: 1995

What We Do

Founded in 1995, Pathway Communications specializes in providing innovative and cost-effective IT and communication solutions for businesses of all sizes. Rooted in Canada, we offer a wide range of services, including Managed IT Services, Cybersecurity Solutions, Data Center, Cloud, Colocation, Voice, Data, and Internet, to help our clients stay connected and operate securely in today’s fast-paced world.

Pathway employs over 150 qualified and trained staff on three continents and operates fully-equipped data centers in Markham, Toronto, and Montreal. All of our services are designed to pass through our Tier III data center backed up with ISO 9001:2015, ISO 27001:2013 certification, and SOC 2 Type II compliancy for the ultimate reliability, security, and privacy.