Job Description:
Responsible for tracking all critical network incidents and collaborating with the Operations team for swift resolutions. Conduct root cause analysis and implement corrective/preventive measures. Escalate internally any issues that may impact customer SLAs. Provide ongoing technical support to the Operations team, including quality assurance, design review, environment setup, consulting, troubleshooting, and testing.
The candidate must understand the Blue Yonder product suite to effectively communicate its relationships and touchpoints to customers. Collaborate with Blue Yonder Product Support, Development, and Cloud Operations teams to ensure timely and appropriate communication regarding assigned tasks.
Work closely with all cross functional teams including infrastructure Operations, Blue yonder Architecture and Security team on incident resolution, design flaws, feature enhancements, and BAU project activities. The role includes configuring, maintaining, upgrading, and troubleshooting the Blue Yonder cloud network environment, with a focus on F5-LTM and firewall expertise.
What you’ll do:
- Manage and support F5-LTM, Cisco/Palo Alto Firewalls, Cisco & Arista routing and switching, as well as Azure VPN gateway and firewall across private and public datacenters.
- Lead technical discussions with cross-functional teams during Major Incident Management (MIM) to identify root causes and restore services as quickly as possible.
- Provide technical support for customer incidents and service requests, ensuring timely troubleshooting and resolution.
- Perform in-depth packet capture analysis using Wireshark to diagnose and resolve application performance issues.
- Collaborate with other support teams, including Application and Infrastructure, as necessary.
- Coordinate with vendors and technology partners to efficiently resolve hardware and software issues.
- Translate business requirements into user stories and actively seek feedback from stakeholders to ensure alignment.
- Act as the subject matter expert in a specific area, serving as the primary point of contact for implementation and operational issues.
- Conduct thorough due diligence for every network change to assess potential business impact and implement precautionary measures.
- Perform internal root cause analysis (RCA) reviews and provide feedback to improve the quality of RCAs.
- Take ownership of assigned tasks, ensuring timely and effective completion.
- Maintain up-to-date knowledge of Information Security principles and apply them as needed.
- Create and maintain standard operating procedure (SOP) documents for all network implementations.
- Ensure customer satisfaction by consistently delivering high-quality service within agreed SLAs.
- Identify and recommend automation opportunities to enhance operational efficiency and minimize human error.
- Generate weekly and monthly reports, offering insights into performance, operational status, and key metrics.
What we are looking for:
- Over 14 years of experience in Information Technology, including 10+ years of specialized expertise in core networking
F5 Load Balancer Skills
- F5 Load Balancer (LTM) Administration: Deploying, upgrading, and configuring F5 BIG-IP LTM for efficient traffic distribution and troubleshooting load balancing issues.
- iRule Development and Management: Writing and managing F5 iRules using TCL scripting for custom traffic redirection, security policies, and HTTP header modifications.
- SSL Certificate Management: Managing SSL offloading, re-encryption, and SSL/TLS certificates, including troubleshooting cipher suite misconfigurations.
- Advanced Networking Concepts: Expertise in TCP/IP, HTTP, DNS, and SSL/TLS, with experience in Layer 4 and Layer 7 traffic management and firewall policies.
- Traffic Management Policies: Configuring persistence, caching, and compression profiles for optimal load distribution and traffic flow management.
- Scripting and Automation: Automating F5 tasks using iControl REST API, Ansible, and network automation tools like Terraform and Python.
- Troubleshooting: Conducting advanced packet analysis with Wireshark and using F5 tools like tcpdump and TMSH for debugging complex traffic issues.
Firewall Skills
- Cisco ASA Configuration: Configuring Cisco ASA firewalls with access control, NAT, VPN, and advanced security features like DPI and threat protection.
- Palo Alto Networks Next-Generation Firewall (NGFW): Managing Palo Alto NGFW with security policies, NAT, application-based filtering, and content inspection using App-ID.
- High Availability and Redundancy: Implementing Active/Standby and Active/Active failover and clustering for firewall redundancy and load balancing.
- VPN Configuration: Setting up and troubleshooting remote access and site-to-site VPNs using SSL/IPsec, including AnyConnect VPN for remote users.
- Security Profiles and Threat Prevention: Configuring anti-virus, anti-spyware, and vulnerability protection profiles, along with Palo Alto's WildFire for advanced threat prevention.
- Advanced ASA Troubleshooting: Utilizing packet-tracer and other tools to debug NAT, ACL conflicts, VPN connectivity, and routing issues.
- Advanced Palo Alto Troubleshooting: Using CLI commands and log analysis to troubleshoot dropped sessions, blocked applications, SSL decryption, and traffic anomalies.
- Strong Knowledge of TCP/IP Networking: In-depth understanding of TCP/IP, routing protocols (BGP, OSPF, EIGRP), VLANs, and their interaction with firewalls.
Switching Skills:
Cisco Switching Architecture:
- Nexus OS (NX-OS) Proficiency: Configuring and managing Nexus 9K, 7K, 5K, and 2K series switches using NX-OS.
- Virtual Port Channels (vPC): Configuring and troubleshooting vPCs for redundancy and link aggregation across multiple switches.
- vPC Troubleshooting: Identifying and resolving vPC consistency errors and split-brain scenarios for optimal high availability.
- High Availability Issues: Troubleshooting HSRP/VRRP and vPC failures to ensure high availability in Layer 3 environments.
- Nexus Switch Performance: Monitoring and troubleshooting performance issues, including high CPU, memory, and hardware failures.
Arista Spine-Leaf Architecture:
- Arista EOS Proficiency: Configuring and managing Arista platforms using EOS CLI for scalable data center environments.
- Spine-Leaf Architecture: Designing and implementing Spine-Leaf topologies with Layer 3 ECMP for traffic distribution and scalability.
- VXLAN/EVPN (Spine-Leaf): Configuring VXLAN overlays with EVPN for L2/L3 segmentation and multi-tenancy in data center networks.
- MLAG (Multi-Chassis Link Aggregation): Configuring and troubleshooting MLAG for redundancy and link aggregation across Arista switches.
- VXLAN with MLAG: Implementing VXLAN overlays over MLAG for enhanced scalability and redundancy in Spine-Leaf networks.
- Layer 2 (VLANs, STP, Port-Channels): Configuring VLANs, STP, and Port-Channels using LACP for Layer 2 connectivity and link aggregation.
- MLAG Troubleshooting: Resolving MLAG synchronization and failover issues using diagnostic commands like show mlag.
- Spine-Leaf Connectivity Issues: Troubleshooting connectivity between leaf and spine switches using BGP and interface monitoring.
- VXLAN/EVPN Issues: Debugging VXLAN and EVPN routing issues, including misconfigured VTEPs and route propagation failures.
- Latency and Performance Troubleshooting: Identifying and resolving latency and packet loss issues in high-performance datacenter environments.
Routing Skills:
- OSPF Configuration and Management: Proficient in configuring and managing OSPF for dynamic routing, including area design, route redistribution, and neighbor relationships.
- BGP Configuration and Management: Expertise in configuring BGP for inter-domain routing, managing route policies, and troubleshooting BGP peering and route advertisement issues.
- Routing Protocol Troubleshooting: Skilled in troubleshooting OSPF and BGP routing adjacencies, convergence issues, and path selection problems using diagnostic tools and protocol logs.
- Advanced Routing Concepts: Strong understanding of OSPF areas, LSAs, BGP attributes, path selection, and route filtering for optimizing routing and maintaining network stability.
Packet Capture and Analysis skills:
- Protocol Analysis: In-depth understanding of Layer 2-7 protocols (TCP/IP, HTTP/S, DNS, ARP, etc.) to identify anomalies, handshake issues, retransmissions, and application traffic patterns.
- Network Performance Troubleshooting: Expertise in identifying performance issues like latency, packet loss, jitter, and TCP problems such as retransmissions and window scaling.
- Traffic Flow and Latency Analysis: Analyzing traffic flow from source to destination to track bottlenecks, congestion, and latency using metrics like throughput, RTT, and TTL.
- Expert Information and Diagnostics: Utilizing Wireshark’s "Expert Information" feature to detect anomalies, TCP retransmissions, and fragmented packets with visual cues from coloring rules.
- Deep Dive into TCP/IP Troubleshooting: Proficiency in analyzing TCP three-way handshakes, flags (SYN/ACK, FIN, RST), and stream graphs for issues like retransmissions or congestion.
- SSL/TLS Traffic Decryption and Analysis: Expertise in analyzing SSL/TLS handshakes, certificate exchanges, and decrypting traffic for troubleshooting SSL issues such as cipher mismatches and certificate validation.
Azure Networking skills:
- Virtual Network (VNet) Configuration: Proficient in creating and managing Azure Virtual Networks (VNets), subnets, and Network Security Groups (NSGs) for secure, isolated cloud environments.
- Azure VPN Gateway: Skilled in configuring and managing Azure VPN Gateways for secure site-to-site and point-to-site VPN connections between on-premises and Azure networks.
- Azure Virtual WAN (VWAN): Experienced in configuring Azure Virtual WAN for centralized management and branch connectivity using VPN, ExpressRoute, and SD-WAN.
- Azure ExpressRoute: Skilled in configuring Azure ExpressRoute circuits for dedicated, low-latency, high-bandwidth connections between on-premises infrastructure and Azure.
- Azure Firewall: Proficient in deploying and configuring Azure Firewall for centralized threat protection, traffic filtering, and security policy enforcement.
- Azure Network Watcher: Experienced in using Azure Network Watcher for monitoring, troubleshooting network performance, connection issues, and packet captures.
Additional Key Skills:
Automation and Scripting:
- Proficiency with network automation using Terraform, GitHub, Ansible, Python, or scripting tools like Bash.
- Using APIs for automating repetitive tasks and large-scale configuration rollouts.
Certification Preferences:
- F5 Certified BIG-IP Administrator (F5-CA)
- F5 Certified Technology Specialist (CTS):
- Palo Alto Networks Certified Network Security Administrator (PCNSA)
- Palo Alto Networks Certified Network Security Engineer (PCNSE)
- Arista Certified Engineering Associate (ACE-A) or Professional (ACE-P)
- Cisco Certified Network Professional (CCNP)
Our Values
If you want to know the heart of a company, take a look at their values. Ours unite us. They are what drive our success – and the success of our customers. Does your heart beat like ours? Find out here: Core Values
Diversity, Inclusion, Value & Equity (DIVE) is our strategy for fostering an inclusive environment we can be proud of. Check out Blue Yonder's inaugural Diversity Report which outlines our commitment to change, and our video celebrating the differences in all of us in the words of some of our associates from around the world.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.