Network Engineer

How you move is why we're here.
Now more than ever.

Get back to what you need and love to do.
The possibilities are endless...

Now more than ever, our guiding principles are helping us in our search for exceptional talent - candidates who align with our unique workplace culture and who want to maximize the abundant opportunities for growth and success.

If this describes you then let's talk!

HSS is consistently among the top-ranked hospitals for orthopedics and rheumatology by U.S. News & World Report. As a recipient of the Magnet Award for Nursing Excellence, HSS was the first hospital in New York City to receive the distinguished designation. Whether you are early in your career or an expert in your field, you will find HSS an innovative, supportive and inclusive environment.

Working with colleagues who love what they do and are deeply committed to our Mission, you too can be part of our transformation across the enterprise.

Emp Status
Regular Full time

Work Shift

Compensation Range
The base pay scale for this position is $95,500.00 - $145,750.00. In addition, this position will be eligible for additional benefits consistent with the role. The salary of the finalist selected for this role will be determined based on various factors, including but not limited to: scope of role, level of experience, education, accomplishments, internal equity, budget, and subject to Fair Market Value evaluation. The hiring range listed is a good faith determination of potential compensation at the time of this job advertisement and may be modified in the future.

What you will be doing

Overview

We are seeking a highly skilled and experienced Network Engineer to join our technology team. This role will be responsible for architecting, implementing, optimizing, and troubleshooting our complex enterprise network infrastructure. The ideal candidate will bring deep technical expertise across multiple vendor platforms, routing protocols, security frameworks, and cloud environments to ensure our organization maintains a resilient, scalable, and secure network foundation.

Responsibilities

Network Infrastructure Management

• Design, deploy, and maintain our multi-vendor network environment featuring Arista switching fabric (including Arista EOS, CloudVision, and spine-leaf architectures)
• Configure and optimize Palo Alto next-generation firewalls, including application-based security policies, threat prevention, URL filtering, and GlobalProtect VPN services
• Manage Cisco ASA and Firepower security appliances, including policy implementation, security zones, VPN configurations, and deep packet inspection capabilities
• Develop comprehensive network diagrams and documentation that clearly articulate current state and planned architecture enhancements

Routing & Switching Expertise

• Implement and troubleshoot dynamic routing protocols, specifically OSPF for internal routing optimization across multiple areas and address summarization
• Configure and maintain BGP for external connectivity, including route filtering, path selection, communities, and multihoming scenarios
• Optimize traffic flows between data centers and cloud environments using advanced routing mechanisms and QoS implementations
• Design and implement network segmentation strategies using VLANs, VRFs, and microsegmentation techniques

Cloud Integration

• Architect and deploy AWS networking components, including VPCs, subnets, Transit Gateways, Direct Connect, and VPN connectivity. Experience with Aviatrix is a plus.
• Establish secure, redundant hybrid connectivity between on-premises data centers and AWS cloud environments
• Implement consistent security controls across cloud and on-premises networks
• Work with cloud teams to optimize network performance for critical applications

Infrastructure as Code & Automation

• Design and implement network infrastructure using Infrastructure as Code (IaC) principles with Terraform for consistent, repeatable deployments
• Create and maintain Terraform modules for network components including VPCs, subnets, security groups, and routing tables
• Implement version-controlled infrastructure definitions and CI/CD pipelines for network changes
• Utilize Python scripts or Ansible playbooks to reduce manual configuration tasks and enhance consistency
• Develop custom automation solutions for repetitive network management tasks

Security & Compliance

• Implement defense-in-depth network security controls aligned with industry frameworks
• Conduct regular security assessments of network infrastructure to identify vulnerabilities
• Collaborate with security teams on incident response for network-related events
• Ensure network designs comply with regulatory requirements and internal policies

Required Qualifications

• 5+ years of hands-on network engineering experience in enterprise environments
• Demonstrated expertise configuring and troubleshooting Arista switches, including experience with EOS, MLAG, VXLAN, and fabric management
• In-depth knowledge of Palo Alto firewall implementation, including security policies, NAT, VPN, and advanced threat prevention features
• Practical experience with Cisco ASA/Firepower deployment
• Strong understanding of OSPF and BGP routing protocols, including practical implementation across complex network topologies
• Experience designing and implementing AWS networking components and hybrid connectivity solutions
• Experience with Infrastructure as Code (IaC) methodologies and Terraform for network provisioning is a plus
• Exceptional troubleshooting abilities for complex, multi-vendor network issues
• Strong documentation skills and attention to detail

Preferred Qualifications

• Python scripting for network automation and API interactions
• Experience with Ansible for configuration management and automated deployments
• Advanced Terraform skills, including creation of custom modules and providers
• Experience with GitOps workflows for infrastructure management
• Knowledge of software-defined networking (SDN) principles and implementations
• Familiarity with network monitoring tools like SolarWinds, PRTG, or Datadog
• Experience designing and implementing large-scale network migrations with minimal disruption
• Experience working in the Hospital or healthcare industry.
• Industry certifications such as Arista ACE/ACE-A, PCNSE, Cisco CCNP, AWS Advanced Networking Specialty, HashiCorp Terraform Associate

Education

• Bachelor's degree in Computer Science, Network Engineering, Information Technology, or related technical field
• Equivalent combination of advanced technical certifications and hands-on experience will be considered

This challenging position offers the opportunity to work with cutting-edge networking technologies in a dynamic environment that values technical excellence and innovation. The selected candidate will have significant input into shaping our network architecture as we continue to evolve our infrastructure to meet business demands.

Non-Discrimination Policy
Hospital for Special Surgery is committed to providing high quality care and skilled, compassionate, reliable service to our community in a safe and healing environment. Consistent with this commitment, Hospital for Special Surgery provides care, admits, and treats patients and provides all services without regard to age, race, color, creed, ethnicity, religion, national origin, culture, language, physical or mental disability, socioeconomic status, veteran or military status, marital status, sex, sexual orientation, gender identity or expression, or any other basis prohibited by federal, state, or local law or by accreditation standards.