Core Infrastructure Engineer

About The Position

Requirements

• 8+ years enterprise infrastructure experience.
• 5+ years advanced networking architecture (multi-site, segmentation, routing design).
• Deep experience with: Cisco routing/switching (architect-level). Firewall policy design (Fortinet and/or Cisco). SD-WAN architectures. VLAN, ACL, BGP/OSPF fundamentals.
• Experience designing segmented environments for regulated workloads (CUI preferred).
• Strong understanding of Zero-Trust Network Access models.
• Experience integrating on-prem networks with AWS & Azure environments.
• Experience implementing infrastructure observability frameworks and defining actionable health signals.
• Proven ability to move from reactive administration to architectural standardization.

Nice To Haves

• CCNP or CCIE-level capability (certification optional, skillset required).
• Experience supporting classified or mission-sensitive environments.
• Exposure to HPC networking or high-throughput compute clusters.
• Infrastructure-as-Code experience (Terraform, automation frameworks).
• Familiarity with CheckMK or similar infrastructure observability platforms.
• Experience operating in audit-driven environments (NIST, CMMC, SOC2).
• Identity & Access Management Engineering (Okta preferably).

Responsibilities

• Architect multi-site corporate network topology (Arlington, Reston, future locations).
• Design segmentation strategies for: Corporate workloads. Engineering compute environments. CUI and regulated use cases.
• Implement defense-in-depth controls across routing, firewall, VLAN, ACL, and zero-trust models.
• Develop standardized site build templates for repeatable deployment.
• Design and validate dual-ISP architectures across all sites.
• Engineer predictable failover behavior (BGP/static + health checks + SD-WAN policies).
• Test and measure reconvergence times during controlled failover simulations.
• Eliminate single points of failure across edge, firewall, routing, and switching layers.
• Standardize high-availability (HA) posture for network and security appliances.
• Mature Umbra’s infrastructure observability strategy across: Network devices (firewalls, switches, SD-WAN, edge), identity systems, Cloud landing zones, Core services (DNS, DHCP, PKI, secrets, backup/DR).
• Integrate all Core Infrastructure platforms into the enterprise observability system.
• Define and implement meaningful health signals, including: Failover events, Route instability, Resource saturation, Certificate expiration, Backup success/failure, Identity service degradation.
• Establish clear alert thresholds that promote proactive intervention rather than reactive firefighting.
• Ensure observability data is structured for: Real-time visibility, Incident response, Trend analysis, Capacity planning, Audit evidence.
• Design segmented environments aligned to CUI handling requirements.
• Engineer controlled interconnect boundaries between corporate and restricted zones.
• Ensure enclave segmentation persists during ISP failover events.
• Document network and logging posture to support InfoSec/GRC audit requirements.
• Partner with IS&PP for classified and physical security boundary enforcement.
• Own SD-WAN architecture and routing policies.
• Optimize firewall and edge routing behavior.
• Implement and refine ZTNA/VPN models.
• Standardize QoS for Engineering/HPC-related traffic patterns.
• Design secure connectivity between on-prem environments and cloud landing zones.
• Align network guardrails with AWS organization architecture.
• Engineer resilient hybrid connectivity for HPC and advanced compute workloads.
• Ensure network posture supports future HPC platform transitions.
• Design network architectures that support: High-throughput compute. Engineering toolchains (ECAD/MCAD/simulation). Burst compute workloads.
• Collaborate with forward-deployed engineers to understand traffic behavior and optimize accordingly.
• Ensure HPC adjacency does not destabilize corporate network baselines.
• Treat network and infrastructure configurations as version-controlled assets.
• Build reusable templates and deployment standards.
• Reduce snowflake environments.
• Publish architecture documentation and interface contracts.

Benefits

• Flexible Time Off, Sick, Family & Medical Leave
• Medical, Dental, Vision, Life, LTD, STD (employer funded)
• Vol Life, Critical Illness, Accidental, Hospital Indemnity, Pet Insurance (employee funded)
• 401k with 3% non-elective company contribution
• Stock Options
• Free Parking
• Free lunch in office daily