Job Information
Insight Global Network Implementation Engineer in New York, New York
Job Description
1) Objectives
Segmentation: Design and implement two virtual routing and forwarding instances (VRFs) — Trusted and Triage — across campus and 38 remote sites to logically separate compliant endpoints from quarantined/unknown endpoints in support of Forescout policies.
Inline Security: Engineer L2/L3 forwarding so that east–west and north–south traffic from both VRFs is steered to firewalls for stateful inspection and policy enforcement.
Forescout Integration: Ensure routing, VLANs, and gateway placement support Forescout classification, remediation, and re‑assignment flows (e.g., moving endpoints between Trusted⇄Triage).
Operational Readiness: Deliver documentation, change plans, and a rollback strategy; train operations on day‑2 procedures.
2) In Scope
Design
High‑level and low‑level designs (HLD/LLD) for two VRFs (Trusted, Triage) in the core/aggregation and at 38 remote sites.
IP plan updates: per‑site VLANs/Subnets for Trusted and Triage, summarization, and route‑target schema (if using MPLS/L3VPN or overlay).
Traffic steering design to firewalls: PBR, VRF‑aware FHRP, or symmetric routing via FW as default‑gateways/virtual wires (as applicable).
HA considerations for firewalls (active/active or active/standby), ECMP and first‑hop redundancy.
Build & Configuration
Create VRFs, VLANs, SVI interfaces, routing instances, and route‑leaking policies (where required).
Implement L2 trunking and L3 adjacencies from access/IDF→aggregation→core→firewalls.
Configure route redistribution and VRF import/export (e.g., BGP address‑families, route‑targets) or SD‑WAN/EVPN constructs if present.
Implement traffic redirection to FW (e.g., PBR on SVIs, next‑hop to FW, or FW in path).
Integrate with Forescout for VLAN assignment / RADIUS Change‑of‑Authorization (CoA) and endpoint movement to Triage.
Staging and deployment for 38 remote sites (wave‑based).
Testing & Cutover
Lab validation, change windows, site pilot (2–3 sites), then phased rollout.
Functional tests: DHCP, DNS reachability, gateway redundancy, failover, Trusted↔Triage flows, internet egress, and east–west within VRFs.
Security tests: ensure all inter‑VRF and egress paths traverse firewall; verify Forescout‑driven isolation.
Rollback plans per site.
Documentation & Handover
As‑built configs, updated network diagrams (L2/L3), IPAM and routing tables, runbooks for endpoint moves, and monitoring dashboards.
Knowledge transfer session (1–2 hours) with Operations/NOC.
We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com.To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.
Skills and Requirements
7+ years of experience as a Network Engineer in enterprise or service‑provider environments
Strong hands‑on experience with:
Layer 2 networking (VLANs, trunking, spanning tree)
Layer 3 networking (routing, VRFs)
BGP
Experience creating or maintaining network automation scripts
Strong troubleshooting skills in production network environments
Comfortable working both proactively (automation/builds) and reactively (incidents/support)
Experience working with network devices from major vendors (Cisco, Juniper, Arista, etc.)
Ability to clearly document procedures and communicate during incidents