Senior Network Engineer

The Corporate IT department is seeking a Senior Network Engineer to design, implement, and own the reliability of our corporate network infrastructure. You’ll work in a dynamic and fast‑moving environment where priorities can shift quickly — flexibility, ownership, and problem‑solving under changing conditions are key to success.

• Architect and maintain corporate network infrastructure using MikroTik, UniFi, and Fortinet.
• Design and operate HA topologies with VRRP and Fortinet HA (active-passive and active-active clusters).
• Own the routing and switching stack: BGP, OSPF, VLANs, QoS, Multi-ISP load balancing and traffic-shaping policies.
• Apply Infrastructure-as-Code principles across the entire network device estate — all configurations are defined in code (Ansible,Terraform ,etc), stored in version control, and reproducible on demand, with no manually managed devices.
• Design, deploy, and continuously optimise Wi-Fi across UniFi and Fortinet FortiAP environments.
• Perform deep RF analysis: channel planning, power tuning, roaming optimisation (802.11r/k/v), and interference mitigation.
• Implement and maintain WPA3-Enterprise authentication with RADIUS and EAP-TLS.
• Own certificate lifecycle for EAP-TLS in close collaboration with the Endpoint Engineer who manages device-side MDM provisioning.
• Troubleshoot complex wireless issues end-to-end — from RF captures and supplicant logs to RADIUS debug and switch-port traces.
• Implement and maintain 802.1X port-based authentication for wired endpoints across the corporate environment.
• Design and enforce granular VLAN segmentation aligned to user roles, device types, and trust levels.
• Manage RADIUS policies for wired authentication and integrate with identity providers (Okta IdP) for dynamic VLAN assignment and CoA.
• Operate and scale VPN infrastructure across WireGuard (site-to-site), OpenVPN (remote access), and GlobalProtect (Palo Alto).
• Integrate VPN gateways with RADIUS and identity providers for MFA-enforced authentication.
• Define and enforce firewall policy, split tunnelling, and RBAC-driven access segmentation.
• Build and own network observability: SNMP, NetFlow/sFlow, syslog pipelines, and dashboards in Grafana / VictoriaMetrics.
• Define alerting thresholds, on-call runbooks, and postmortem processes.
• Lead resolution of P1/P2 network incidents and drive permanent root-cause fixes.
• Develop Python-based tooling for network management tasks: configuration rendering, compliance checks, bulk changes, and operational reporting.
• Write and maintain reusable scripts that integrate with network APIs and Git-based configuration workflows.
• Cooperate with DevOps, Security, Identity, and Endpoint Engineering teams to align workflows and support cross-functional goals.
• Stay adaptable — priorities may shift rapidly as new critical initiatives arise.
• Create and maintain technical documentation; share best practices and mentor teammates on network automation and IaC culture.

• 5+ years in network engineering or infrastructure roles.
• Advanced knowledge of MikroTik RouterOS: routing, firewall, scripting, and CHR.
• Expertise with Ubiquiti UniFi: controller management, RF tuning, and L3 adoption.
• Expertise with Fortinet FortiGate: HA configuration, policy management, and FortiAP.
• Proven experience with VRRP and multi-vendor HA failover design.
• Solid IaC background applied to network devices: Ansible, Terraform, or equivalent, with Git-based change management.
• Hands-on experience with 802.1X wired authentication and dynamic VLAN assignment via RADIUS.
• Deep wireless troubleshooting skills: RF captures, supplicant debugging, EAP-TLS tracing, and roaming analysis.
• Solid VPN experience covering WireGuard, OpenVPN, and GlobalProtect.
• Working knowledge of Python for network automation and management tooling.
• Familiarity with RADIUS integration with identity providers (Okta, Entra ID, or equivalent).
• Strong monitoring and observability skills: SNMP, NetFlow, syslog, and dashboarding.
• Excellent troubleshooting, communication, and cross-team collaboration skills.
• Comfortable working in a fast-paced, ever-changing environment with shifting priorities.

• Learning and development opportunities and interesting, challenging tasks.
• Relocation package (tickets, staying in a hotel for up to 2 weeks, and visa relocation support for our employees and their family members).
• Opportunity to develop language skills, with partial compensation for the cost of English and Portuguese language classes (for localization purposes).
• Partial compensation for tennis and padel lessons.
• Urban Sport membership benefit (the most diverse sports and wellness offering in Europe, with more than 50+ activities).
• Private medical coverage, including inpatient, outpatient, dental care, annual check-ups, and maternity support.
• Time for proper rest, with 24 non-business days per year and an additional 6 paid sick days.
• Transport compensation - 200 euros net per month.
• Competitive remuneration level with annual review.
• Teambuilding activities.