Network Systems Specialist

City of Kitchener • Full-time • Kitchener, ON, CA • 23h ago

Overview

As a Network Systems Specialist, you will design, implement, secure, and operate the City’s enterprise network with a strong focus on next‑generation firewalls and network security. You’ll engineer and administer enterprise firewall platforms from major vendors and advance segmentation, VPN, and secure connectivity across data centers, remote sites, and cloud/hybrid environments. You will also be responsible for core switching and wireless across leading enterprise platforms, collaborating closely with Cybersecurity to maintain a security‑first posture. Participation in an on‑call rotation is required.

Responsibilities

Network Security & Firewall Operations

Experience administering and deploying enterprise NGFW platforms (e.g. Palo Alto, Cisco, Fortinet, Check Point).
Configure and maintain policy lifecycle (e.g., NAT, security rulesets, IPS/IDS, URL filtering, threat prevention) aligned to industry best practices.
Perform policy reviews, risk assessments, upgrades, and posture optimization, maintaining standards and hardening baselines.
Design and operate segmentation, secure interconnects, and VPN solutions (site‑to‑site and remote access) to meet availability, performance, and security objectives.
Exercises sound judgement when implementing network changes, assessing risk, and responding to incidents to minimize service disruption and security exposure.

Network Design & Implementation

Design and implement LAN/WAN/Hybrid architecture, VLANs, and routing; experience with OSPF/BGP preferred.
Implement VPN solutions using IPSEC/IKE protocols (site‑to‑site and remote access), RADIUS integration and secure remote connectivity.
Deploy and support client‑based VPN platforms such as Palo Alto GlobalProtect, Cisco AnyConnect, FortiClient, Aruba VIA, and other enterprise‑grade secure access solutions.
Lead or support complex network upgrades, including modernization of legacy stacks.

Switching, Wireless & Edge

Administer, configure, and support enterprise wired/wireless infrastructure across leading vendor platforms (e.g., Cisco, cloud‑managed solutions, HPE/Aruba).
Manage stacking, racking/cabling, AP placement, controllers, and site turn‑ups, validating power, rack layout, cable management, and labeling standards.

Monitoring, Incident Response & Operations

Proactively monitor network performance, availability, and capacity, troubleshoot and resolve network‑related security incidents in partnership with cybersecurity.
Experience with monitoring tools (e.g. SolarWinds, Auvik, LogicMonitor).
Experience with tools such as Wireshark to perform packets analysis.
Participate in an on‑call rotation and support after‑hours maintenance windows as required.

Standards, Documentation & Collaboration

Maintain as‑built documentation, diagrams and SOPs, contribute to security standards and control implementation.
Maintain Visio/Draw diagrams and contribute to network standards and runbooks.
Collaborate with internal IT teams and vendor partners to validate designs, integrate solutions, and resolve complex issues.
Participates in the evaluation of network technologies and vendor solutions, providing technical input to support procurement and purchasing decisions.
Performs other related duties as assigned.

Education

3‑year Degree or Diploma in a related field (Computer Science, Engineering, or related technical discipline).

Experience

Minimum 2 years of experience including:
- Enterprise network experience across multi‑site environments including hands‑on administration of next‑generation firewalls.
- Implementing and operating NGFWs with at least two major vendors (e.g., Palo Alto Networks, Cisco, Check Point, Fortinet) in production.
- Demonstrated experience with enterprise switching and wireless (e.g., Cisco, cloud‑managed solutions, HPE/Aruba)
- Leading or contributing to network migrations/upgrades and security hardening initiatives.
- Managing Hybrid infrastructure including Azure, AWS, Google Cloud etc.

Skill Equivalency (if applicable)

Note: All interested applicants are encouraged to apply. In the event there is no successful applicant with the stated level of education and experience, other applicants will be considered if a combination of their education and experience meets the following pre-determined equivalency:

2-Year Diploma (or 2-Year Specialized Post Secondary Program) with minimum 4 years’ related and relevant experience or 4-Year Honours Degree with minimum 1 year related and relevant experience

Additional Requirements

Frequent after-hours work is required.
Ability to work an on-call rotation.
Valid MTO G class driver’s license in good standing and ability to travel to various city locations.

Knowledge, Skills, And Abilities

Strong troubleshooting skills and the ability to diagnose complex, cross‑domain issues.
Ability to mentor team members and share knowledge.
Excellent technical documentation and communication skills, able to collaborate with technical and non‑technical stakeholders.
Strong written and verbal communication skills.
Security‑first mindset with proven ability to balance risk, usability and operational efficiency.
Demonstrates professionalism, discretion and the ability to work effectively in a collaborative municipal environment.
Ability to perform hands‑on work in data centers, communications closets, and City facilities, including occasional lifting and on‑site troubleshooting.
Exposure to OSPF/BGP, VPNs, RADIUS, TCP/IP, DNS, DHCP, and LAN/WAN architecture.
Working knowledge of Windows Server/Linux, Active Directory, DNS/DHCP, and cloud networking (e.g. Azure) is an asset.
Reliable with a good attitude and employment record.