Back to Jobs
New York, United States of America Hybrid Full-time USD 155,000 – 175,000 / year

Empire State Realty Trust is hiring a Sr. Network Engineer

Responsibilities

  • Serve as the primary escalation point for complex network incidents, outages, and performance issues owing problems through to resolution with clear communication to stakeholders
  • Provide expert guidance to internal engineers, MSP resources, and NOC personnel on architecture, troubleshooting methodology, and root cause analysis
  • Lead post-incident reviews, drive root cause identification, and implement lasting remediations to prevent recurrence
  • Evaluate complex vendor and MSP escalations; make technical decisions on design, tooling, and resolution approach
  • Work with the Director of Network & Infrastructure to architect scalable, resilient, and secure network solutions across LAN, WAN, wireless, cloud, and building infrastructure
  • Lead the design and evolution of network segmentation strategy including zero-trust principles, VRF separation, and secure OT/IT boundary enforcement
  • Develop and maintain network infrastructure standards, reference architectures, and design patterns for consistent deployment across properties
  • Evaluate emerging technologies and contribute to the long-term infrastructure roadmap, particularly around Palo Alto / Panorama, Aruba, and cloud connectivity platforms
  • Design, deploy, and manage enterprise network infrastructure across BMS, IoT, Wi-Fi, PropTech, AV, security systems, corporate offices, and the Observatory
  • Administer Palo Alto NGFWs via Panorama — policy management, threat prevention, VPN, NAT, and security profile lifecycle management
  • Manage and optimize Aruba switching and wireless infrastructure including configuration, upgrades, RF planning, and troubleshooting via Aruba Central
  • Own BGP, OSPF, VLANs, VPN, QoS, and DNS configurations across multi-site environments
  • Manage WAN and ISP connectivity including failover design and carrier-level troubleshooting
  • Support IoT and PropTech deployments in a secure manner with a focus on building systems, access control, and sustainability technology
  • Lead network security posture improvements including firewall policy lifecycle, ACL governance, and vulnerability remediation
  • Administer Zscaler ZIA and ZPA — URL filtering, SSL inspection, cloud firewall rules, and app connector management
  • Manage Proofpoint email security platform including anti-spam, anti-phishing, encryption, and threat response policies
  • Administer BitSight to track, triage, and coordinate remediation of external security posture findings
  • Maintain PCI-DSS and SOX compliance through adherence to and enforcement of network policies and procedures
  • Collaborate with the MSSP on security monitoring, threat analysis, and incident response
  • Ensure timely application of patches, hotfixes, and firmware upgrades across all network equipment
  • Administer Okta for SSO/SAML/OIDC, MFA enforcement, and user lifecycle management including SCIM provisioning and deprovisioning
  • Manage Conditional Access Policies and integrate identity platforms with Palo Alto User-ID, Zscaler IdP federation, and Azure AD
  • Design and manage Microsoft Azure cloud networking including hybrid connectivity, VNet architecture, NSGs, and Azure Firewall
  • Support Microsoft 365 and Exchange Online from a network and connectivity perspective including split tunneling and optimization
  • Support IAM and PAM platforms as they relate to network access control and privilege governance
  • Manage physical server infrastructure, rack equipment installation, and data center operations including cabling, power, and cooling
  • Administer building riser infrastructure and ensure secure integration of IT and OT devices on segregated network segments
  • Support VMware vSphere virtual networking environments and server resource management
  • Oversee SAN/NAS storage networking and business continuity / backup technologies
  • Drive network monitoring strategy and tooling to ensure proactive alerting and performance trending across the full infrastructure estate
  • Author and maintain high-quality documentation including topology diagrams, configuration baselines, SOPs, and runbooks
  • Contribute to business continuity and disaster recovery procedures; develop, test, and maintain failover runbooks
  • Adhere to change management and PMO best practices for all infrastructure changes; manage project milestones with clear stakeholder communication

Requirements

  • 8–10 years of progressive, hands-on enterprise network engineering experience with demonstrated depth in complex, multi-site environments
  • At least 3 years in a senior or lead capacity managing complex, multi-site infrastructure
  • Proven experience serving as a technical escalation resource or informal architect on an infrastructure team
  • Firm requirement: Panorama hands-on experience
  • Communicates complex technical issues, architectural decisions, and incident status clearly to both engineering peers and executive leadership
  • Strong analytical and troubleshooting instincts works through ambiguous, high-pressure situations methodically and calmly
  • Collaborative mindset: works effectively with internal teams, MSP, MSSP, and vendors; shares knowledge freely and raises team capability
  • Self-directed and highly accountable that takes ownership without waiting to be asked and follows through to full resolution
  • Strong documentation discipline; leaves systems, configurations, and designs better documented than found
  • Proactively monitors industry developments and brings emerging technologies and best practices to the team's attention
  • Expert-level policy management, troubleshooting, and architecture across a distributed multi-site environment on Palo Alto NGFWs & Panorama
  • Panorama: centralized policy administration, device group management, log forwarding, and operational management at scale
  • Advanced firewall design: zone-based architecture, App-ID, User-ID, URL filtering, SSL decryption, threat prevention, and WildFire integration
  • GlobalProtect: VPN configuration, gateway management, and site-to-site connectivity
  • NAT policy design, security profile tuning, and firewall policy lifecycle management
  • Aruba CX / AOS-CX switching — configuration, troubleshooting, and lifecycle management across multi-site environments
  • Aruba Central management: RF planning, access point lifecycle, and performance optimization
  • Wireless security: 802.1X, RADIUS integration, guest network segmentation, and rogue AP detection
  • SD-WAN architecture awareness and WAN/ISP circuit failover design
  • Zscaler Internet Access (ZIA) URL filtering, SSL inspection, cloud firewall, and policy configuration
  • Zscaler Private Access (ZPA) zero-trust application access, app connector management, and policy administration
  • Zscaler tenant administration, log streaming, and integration with SIEM and identity providers
  • Okta SSO/SAML/OIDC configuration, MFA enforcement, and user lifecycle management including SCIM provisioning
  • Okta integration with Palo Alto User-ID, Zscaler IdP federation, and Azure AD directory sync
  • PAM platform familiarity and IAM integration with network access controls and Conditional Access Policies
  • Windows DNS / Active Directory-integrated internal DNS, external authoritative DNS, and split-brain DNS architectures
  • DNSSEC implementation and DNS-based threat detection and filtering
  • Domain protection — monitoring for lookalike/spoofed domains and unauthorized SSL/TLS certificate issuance
  • SSL/TLS certificate lifecycle management across internal and external services
  • BitSight or equivalent EASM platform administration
  • Anti-spam, anti-phishing, email encryption, and threat response policy management on Proofpoint
  • Platform administration including quarantine management, allow/block lists, and reporting
  • Coordination with the security team on phishing investigations and incident response
  • Hands-on experience with network design for building management systems (BMS), IoT devices, and PropTech deployments
  • Network segmentation for OT/IT boundaries including VRF separation and secure access control
  • Experience supporting access control, CCTV, AV systems, and sustainability technology in a commercial real estate or multi-family residential environment
  • Awareness of OT security principles and protocols relevant to building infrastructure
  • Physical server management, rack installation, and data center operations including cabling, power, and cooling
  • VMware vSphere, virtual networking and server resource management
  • Microsoft Windows Server 2019/2022/2025 and Linux administration
  • Microsoft Active Directory, DNS, and DHCP infrastructure management
  • SAN/NAS storage networking and business continuity / backup technologies
  • Working knowledge of PCI-DSS and SOX requirements for network segmentation, access control, and audit logging
  • Firewall ACL governance, policy review cycles, and evidence collection for compliance audits

Nice to Have

  • Experience in Real Estate, Financial Services, or a similarly regulated industry
  • PCNSE (Palo Alto Networks Certified Network Security Engineer) strongly preferred
  • Aruba/HPE (ACSA/ACCP), Zscaler (ZCCA-IA/PA), Azure (AZ-104), or Okta Certified Administrator are a plus
  • CCNP Enterprise or equivalent routing/switching certification considered; demonstrated production depth matters most
  • Associate's or Bachelor's Degree in Computer Science, Information Technology, or related field preferred; equivalent professional experience considered

Benefits

  • Competitive base salary and bonus
  • Health/Dental/Vision insurance
  • Company sponsored Life, AD&D, STD (with Salary Continuation), and LTD Insurance
  • Voluntary Enhanced LTD Program
  • Voluntary Hospital, Accident, and Cancer Programs
  • 401(k) with 100% match up to 5%
  • Paid parental leave
  • Pre-tax transit accounts
  • Employee Assistance Program for emotional, financial, and legal support
  • Generous paid time off
  • Flex remote work time
  • Flex Summer Fridays
  • Employee engagement programs
  • Volunteer time off
  • Continuing education
  • Complimentary Empire State Building Observatory access
  • Complimentary gym membership and other wellness benefits
  • Employee Discount Programs

Work Arrangement

Hybrid — New York City

Additional Information

  • Physical requirements: Prolonged periods of sitting at a desk and working on a computer
  • Must be able to lift up to 15 pounds at times
  • May use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses and identifying potential inconsistencies or verification signals in application materials based on available information
  • Final hiring decisions are ultimately made by humans
  • Reasonable accommodations that do not create an undue hardship for the Company are available for applicants and employees with disabilities or sincerely held religious beliefs
Required Skills
Real estate
About company
Empire State Realty Trust

Empire State Realty Trust is a self-managed REIT that operates a portfolio of office, retail, and multifamily properties within Manhattan and the greater New York metropolitan area – including the Empire State Building, the World’s Most Famous Building. As the leader in Sustainability and Energy Efficiency, with a focus on ROI-driven investment, ESRT’s commitment to Indoor Environment Quality is unmatched.

The company owns, manages, and operates modernized office and retail properties, emphasizing energy efficiency, sustainability, and tenant well-being. Its environmental sustainability program sets standards in innovation and technology, focusing on quantifiable improvements in energy and water efficiency, recycling, and waste diversion.

ESRT offers move-in-ready office spaces, retail locations, and residential properties, with a strong emphasis on providing tenants with healthy, productive, and amenity-rich environments. The company has achieved carbon neutrality for its commercial portfolio through energy efficiency initiatives and forest preservation agreements.

All jobs at Empire State Realty Trust Visit website
Job Details
Department Information Technology – Network & Infrastructure
Category infrastructure
Posted 22 days ago