Network Engineer

How you move is why we’re here. ®

Now more than ever.

Get back to what you need and love to do.

The possibilities are endless...

Now more than ever, our guiding principles are helping us in our search for exceptional talent - candidates who align with our unique workplace culture and who want to maximize the abundant opportunities for growth and success.

If this describes you then let’s talk!

HSS is consistently among the top-ranked hospitals for orthopedics and rheumatology by U.S. News & World Report. As a recipient of the Magnet Award for Nursing Excellence, HSS was the first hospital in New York City to receive the distinguished designation. Whether you are early in your career or an expert in your field, you will find HSS an innovative, supportive and inclusive environment.

Working with colleagues who love what they do and are deeply committed to our Mission, you too can be part of our transformation across the enterprise.

Emp StatusRegular Full time

Work Shift

Compensation RangeThe base pay scale for this position is $95,500.00 - $145,750.00. In addition, this position will be eligible for additional benefits consistent with the role. The salary of the finalist selected for this role will be determined based on various factors, including but not limited to: scope of role, level of experience, education, accomplishments, internal equity, budget, and subject to Fair Market Value evaluation. The hiring range listed is a good faith determination of potential compensation at the time of this job advertisement and may be modified in the future.

What you will be doing

Overview

We are seeking a highly skilled and experienced Network Engineer to join our technology team. This role will be responsible for architecting, implementing, optimizing, and troubleshooting our complex enterprise network infrastructure. The ideal candidate will bring deep technical expertise across multiple vendor platforms, routing protocols, security frameworks, and cloud environments to ensure our organization maintains a resilient, scalable, and secure network foundation.

Responsibilities

Network Infrastructure Management

Design, deploy, and maintain our multi-vendor network environment featuring Arista switching fabric (including Arista EOS, CloudVision, and spine-leaf architectures)

Configure and optimize Palo Alto next-generation firewalls, including application-based security policies, threat prevention, URL filtering, and GlobalProtect VPN services

Manage Cisco ASA and Firepower security appliances, including policy implementation, security zones, VPN configurations, and deep packet inspection capabilities

Develop comprehensive network diagrams and documentation that clearly articulate current state and planned architecture enhancements

Routing & Switching Expertise

Implement and troubleshoot dynamic routing protocols, specifically OSPF for internal routing optimization across multiple areas and address summarization

Configure and maintain BGP for external connectivity, including route filtering, path selection, communities, and multihoming scenarios

Optimize traffic flows between data centers and cloud environments using advanced routing mechanisms and QoS implementations

Design and implement network segmentation strategies using VLANs, VRFs, and microsegmentation techniques

Cloud Integration

Architect and deploy AWS networking components, including VPCs, subnets, Transit Gateways, Direct Connect, and VPN connectivity. Experience with Aviatrix is a plus.

Establish secure, redundant hybrid connectivity between on-premises data centers and AWS cloud environments

Implement consistent security controls across cloud and on-premises networks

Work with cloud teams to optimize network performance for critical applications

Infrastructure as Code & Automation

Design and implement network infrastructure using Infrastructure as Code (IaC) principles with Terraform for consistent, repeatable deployments

Create and maintain Terraform modules for network components including VPCs, subnets, security groups, and routing tables

Implement version-controlled infrastructure definitions and CI/CD pipelines for network changes

Utilize Python scripts or Ansible playbooks to reduce manual configuration tasks and enhance consistency

Develop custom automation solutions for repetitive network management tasks

Security & Compliance

Implement defense-in-depth network security controls aligned with industry frameworks

Conduct regular security assessments of network infrastructure to identify vulnerabilities

Collaborate with security teams on incident response for network-related events

Ensure network designs comply with regulatory requirements and internal policies

Required Qualifications

5+ years of hands-on network engineering experience in enterprise environments

Demonstrated expertise configuring and troubleshooting Arista switches, including experience with EOS, MLAG, VXLAN, and fabric management

In-depth knowledge of Palo Alto firewall implementation, including security policies, NAT, VPN, and advanced threat prevention features

Practical experience with Cisco ASA/Firepower deployment

Strong understanding of OSPF and BGP routing protocols, including practical implementation across complex network topologies

Experience designing and implementing AWS networking components and hybrid connectivity solutions

Experience with Infrastructure as Code (IaC) methodologies and Terraform for network provisioning is a plus

Exceptional troubleshooting abilities for complex, multi-vendor network issues

Strong documentation skills and attention to detail

Preferred Qualifications

Python scripting for network automation and API interactions

Experience with Ansible for configuration management and automated deployments

Advanced Terraform skills, including creation of custom modules and providers

Experience with GitOps workflows for infrastructure management

Knowledge of software-defined networking (SDN) principles and implementations

Familiarity with network monitoring tools like SolarWinds, PRTG, or Datadog

Experience designing and implementing large-scale network migrations with minimal disruption

Experience working in the Hospital or healthcare industry.

Industry certifications such as Arista ACE/ACE-A, PCNSE, Cisco CCNP, AWS Advanced Networking Specialty, HashiCorp Terraform Associate

Education

Bachelor's degree in Computer Science, Network Engineering, Information Technology, or related technical field

Equivalent combination of advanced technical certifications and hands-on experience will be considered

This challenging position offers the opportunity to work with cutting-edge networking technologies in a dynamic environment that values technical excellence and innovation. The selected candidate will have significant input into shaping our network architecture as we continue to evolve our infrastructure to meet business demands.

Non-Discrimination Policy

Hospital for Special Surgery is committed to providing high quality care and skilled, compassionate, reliable service to our community in a safe and healing environment. Consistent with this commitment, Hospital for Special Surgery provides care, admits, and treats patients and provides all services without regard to age, race, color, creed, ethnicity, religion, national origin, culture, language, physical or mental disability, socioeconomic status, veteran or military status, marital status, sex, sexual orientation, gender identity or expression, or any other basis prohibited by federal, state, or local law or by accreditation standards.

JR2025-101542