Sr. Network Engineer

COMPANY SUMMARY
 
Empire State Realty Trust, Inc. (NYSE: ESRT) is a NYC-focused REIT that owns and operates a portfolio of well-leased, top of tier, modernized, amenitized, and well-located office, retail, and multifamily assets. ESRT’s flagship Empire State Building, the “World's Most Famous Building,” features its iconic Observation Deck, ranked the #1 Top Attraction in New York City for the fifth consecutive year in Tripadvisor’s 2026 Travelers’ Choice Awards: Best of the Best Things to Do. The Company is a recognized leader in energy efficiency and indoor environmental quality. As of March 31, 2026, ESRT’s portfolio is comprised of approximately 8.0 million rentable square feet of office space, 0.8 million rentable square feet of retail space and 743 residential units. More information about Empire State Realty Trust can be found at esrtreit.com and by following ESRT on Facebook, Instagram, TikTok, X and LinkedIn.
 
The dedicated team at ESRT is a collection of diverse individuals with a shared passion for excellence and a keen eye toward future growth. Headquartered in New York City, we harness the energy of the city in everything we do. We care for one another, work hard, and have a lot of fun doing it! We are Certified™ as a Great Place to Work® by the global authority, Great Place to Work®, on workplace culture, employee experience, and leadership behaviors. We prioritize and invest in the health and wellness of employees to attract, develop, and retain top-tier talent. ESRT values continuous employee development and encourages colleagues to excel in their roles and adapt to emerging business needs. From our crown jewel, The Empire State Building, to incredible buildings modernized for the 21st century, to outstanding customer service, and our decade-long leadership position in sustainability and energy efficient portfolio that is 100% fully powered by renewable wind electricity, we take pride in our work. ESRT seeks an equally passionate colleague to join the team, understand the vision and help achieve that vision. 

RESPONSIBILITIES

TECHNICAL LEADERSHIP & ESCALATION:

• ​Serve as the primary escalation point for complex network incidents, outages, and performance issues owing problems through to resolution with clear communication to stakeholders


• ​Provide expert guidance to internal engineers, MSP resources, and NOC personnel on architecture, troubleshooting methodology, and root cause analysis


• ​Lead post-incident reviews, drive root cause identification, and implement lasting remediations to prevent recurrence


• ​Evaluate complex vendor and MSP escalations; make technical decisions on design, tooling, and resolution approach

​NETWORK ARCHITECTURE & DESIGN:

• ​Work with the Director of Network & Infrastructure to architect scalable, resilient, and secure network solutions across LAN, WAN, wireless, cloud, and building infrastructure


• ​Lead the design and evolution of network segmentation strategy including zero-trust principles, VRF separation, and secure OT/IT boundary enforcement


• ​Develop and maintain network infrastructure standards, reference architectures, and design patterns for consistent deployment across properties


• ​Evaluate emerging technologies and contribute to the long-term infrastructure roadmap, particularly around Palo Alto / Panorama, Aruba, and cloud connectivity platforms

​NETWORK ENGINEERING & OPERATIONS:

• ​Design, deploy, and manage enterprise network infrastructure across BMS, IoT, Wi-Fi, PropTech, AV, security systems, corporate offices, and the Observatory


• ​Administer Palo Alto NGFWs via Panorama — policy management, threat prevention, VPN, NAT, and security profile lifecycle management


• ​Manage and optimize Aruba switching and wireless infrastructure including configuration, upgrades, RF planning, and troubleshooting via Aruba Central


• ​Own BGP, OSPF, VLANs, VPN, QoS, and DNS configurations across multi-site environments


• ​Manage WAN and ISP connectivity including failover design and carrier-level troubleshooting


• ​Support IoT and PropTech deployments in a secure manner with a focus on building systems, access control, and sustainability technology

​SECURITY & COMPLIANCE:

• ​Lead network security posture improvements including firewall policy lifecycle, ACL governance, and vulnerability remediation


• ​Administer Zscaler ZIA and ZPA — URL filtering, SSL inspection, cloud firewall rules, and app connector management


• ​Manage Proofpoint email security platform including anti-spam, anti-phishing, encryption, and threat response policies


• ​Administer BitSight to track, triage, and coordinate remediation of external security posture findings


• ​Maintain PCI-DSS and SOX compliance through adherence to and enforcement of network policies and procedures


• ​Collaborate with the MSSP on security monitoring, threat analysis, and incident response


• ​Ensure timely application of patches, hotfixes, and firmware upgrades across all network equipment

​IDENTITY, ACCESS & CLOUD:

• ​Administer Okta for SSO/SAML/OIDC, MFA enforcement, and user lifecycle management including SCIM provisioning and deprovisioning


• ​Manage Conditional Access Policies and integrate identity platforms with Palo Alto User-ID, Zscaler IdP federation, and Azure AD


• ​Design and manage Microsoft Azure cloud networking including hybrid connectivity, VNet architecture, NSGs, and Azure Firewall


• ​Support Microsoft 365 and Exchange Online from a network and connectivity perspective including split tunneling and optimization


• ​Support IAM and PAM platforms as they relate to network access control and privilege governance

​PHYSICAL INFRASTRUCTURE & SYSTEMS:

• ​Manage physical server infrastructure, rack equipment installation, and data center operations including cabling, power, and cooling


• ​Administer building riser infrastructure and ensure secure integration of IT and OT devices on segregated network segments


• ​Support VMware vSphere virtual networking environments and server resource management


• ​Oversee SAN/NAS storage networking and business continuity / backup technologies

​MONITORING, DOCUMENTATION & GOVERNANCE:

• ​Drive network monitoring strategy and tooling to ensure proactive alerting and performance trending across the full infrastructure estate


• ​Author and maintain high-quality documentation including topology diagrams, configuration baselines, SOPs, and runbooks


• ​Contribute to business continuity and disaster recovery procedures; develop, test, and maintain failover runbooks


• ​Adhere to change management and PMO best practices for all infrastructure changes; manage project milestones with clear stakeholder communication

• ​​Complex escalations are resolved decisively and thoroughly, with clear communication throughout the team and Director trust this person to own the hardest problems


• ​Network architecture documentation, standards, and reference designs are developed and kept current, reducing reliance on tribal knowledge


• ​Security posture improves measurably: firewall policies are rationalized, vulnerabilities remediated on time, and segmentation consistently enforced


• ​Network stability and availability are maintained across all properties; incidents are detected proactively rather than reactively


• ​New technologies and architectural improvements are identified and brought forward with well-reasoned business cases


• ​Service Desk escalations are resolved efficiently with recurring patterns identified and addressed proactively

​​​INTERPERSONAL SKILLS:

• ​Communicates complex technical issues, architectural decisions, and incident status clearly to both engineering peers and executive leadership


• ​Strong analytical and troubleshooting instincts works through ambiguous, high-pressure situations methodically and calmly


• ​Collaborative mindset: works effectively with internal teams, MSP, MSSP, and vendors; shares knowledge freely and raises team capability


• ​Self-directed and highly accountable that takes ownership without waiting to be asked and follows through to full resolution


• ​Strong documentation discipline; leaves systems, configurations, and designs better documented than found


• ​Proactively monitors industry developments and brings emerging technologies and best practices to the team's attention

​PALO ALTO NGFWs & PANORAMA:

• ​Expert-level policy management, troubleshooting, and architecture across a distributed multi-site environment


• ​Panorama: centralized policy administration, device group management, log forwarding, and operational management at scale


• ​Advanced firewall design: zone-based architecture, App-ID, User-ID, URL filtering, SSL decryption, threat prevention, and WildFire integration


• ​GlobalProtect: VPN configuration, gateway management, and site-to-site connectivity


• ​NAT policy design, security profile tuning, and firewall policy lifecycle management


• ​PCNSE certification strongly preferred

​ARUBA WIRELESS & SWITCHING:

• ​Aruba CX / AOS-CX switching — configuration, troubleshooting, and lifecycle management across multi-site environments


• ​Aruba Central management: RF planning, access point lifecycle, and performance optimization


• ​Wireless security: 802.1X, RADIUS integration, guest network segmentation, and rogue AP detection


• ​SD-WAN architecture awareness and WAN/ISP circuit failover design

​ZSCALER ZIA / ZPA:

• ​Zscaler Internet Access (ZIA) URL filtering, SSL inspection, cloud firewall, and policy configuration


• ​Zscaler Private Access (ZPA) zero-trust application access, app connector management, and policy administration


• ​Zscaler tenant administration, log streaming, and integration with SIEM and identity providers

​OKTA / IAM & PAM:

• ​Okta SSO/SAML/OIDC configuration, MFA enforcement, and

This listing is from ats_lever. View original listing ↗