Network Administrator

To apply, please visit our career portal found at: https://waltonclerkfl.munisselfservice.com/employmentopportunities/default.aspx

Network Administrator
 
General Responsibilities:
The Network Administrator is responsible for owning the day-to-day security monitoring across SIEM, EDR/XDR, IDS/IPS, and vulnerability management. Triage and investigate alerts, convert true positives into cases, and handle incidents end-to-end per NIST SP 800-61 (prepare, detect/analyze, contain/eradicate, recover, lessons learned). Run authenticated vulnerability scans and drive remediation per NIST SP 800-40; publish weekly/monthly metrics aligned to CIS Controls v8.1; propose pragmatic coverage and detection improvements.
 
Essential Job Functions:
Core Network Operations

• Administer: VLANs, 802.1Q, STP, and LACP/LAGs; L3 with inter-VLAN/site dynamic routing.
• Maintain firewall policies/objects, NAT, VIPs, and SD-WAN rules. Implement firewall changes with proper change-control artifacts.
• Operate IPSec site-to-site tunnels (phase1/phase2, IKEv2, selectors, DPD, replay/window, rekey scheduling); monitor SA health and troubleshoot asymmetric routing.
• Manage DHCP relay and IPAM hygiene (document subnets within the address space; enforce addressing standards).

• Operate 802.1X EAP-TLS for wired/wireless; maintain RADIUS policies and switch authentication settings (CoA, reauth timers, guest/failed VLANs).
• Implement and maintain FortiNAC on managed FortiSwitch; handle profiling, posture exceptions, and MAB fallbacks for non-802.1X endpoints (phones, printers, IoT).
• Enforce least privilege in the network and at the edge; maintain device groups and network-access policies aligned to NIST controls.

• Administer a diverse wireless network; maintain PSK/EAP profiles, RADIUS assignment, and RF basics (channels, power, client load).
• Configure LLDP-MED and voice/data VLANs; ensure QoS trust boundaries (DSCP/802.1p) from phone to switch to firewall; validate call-quality across sites.

• Use FortiSIEM/FortiAnalyzer/FortiManager logs and diagnostics (packet-capture, flow, sniffer, debugs) to isolate faults; maintain syslog targets and event filters.
• Track link utilization, errors, and optics health; produce monthly capacity and availability reports.
• Maintain: network diagrams; hardware inventories; data inventories including version, IPAM, and port-maps; keep runbooks/current-state docs in version control.

• Apply baseline hardening to FortiGate/Switch/AP (admin profiles, RBAC, MFA, trusted hosts); maintain firmware and signatures within approved windows.
• Support audit evidence collection (rule reviews, change logs, NAC policy exports). Remediate vulnerability findings related to network assets.
• Participate in incident response (containment at the switchport/VLAN/firewall layer; packet captures; timeline contributions).

• Prepare MOPs (Methods of Procedure) with back-out plans; execute changes during maintenance windows.
• Coordinate with leads on network requirements for HCI platforms, VDI environments, application delivery controllers, enterprise ERP, and cloud productivity integrations.
• Provide Tier-3 support to Helpdesk for network escalations and site cutovers.

• Participate in training, workshops, and technical events to stay current with relevant technologies and certifications.
• Perform additional duties aligned with departmental objectives and organizational initiatives as assigned by leadership.
• Comply with all Clerk and Comptroller policies and procedures.
• Maintain regular and punctual attendance.
• Work cooperatively with others.
• Perform all duties outlined within the job description and other job duties and special tasks as assigned.

• Knowledge of OSPFv2 in multi-area WANs (area 0 backbone discipline, neighbor adjacency states/timers, DR/BDR on multi-access networks, LSA types/scope, route summarization and stability trade-offs).
• Knowledge of Dedicated Internet Access (DIA) characteristics (symmetric, uncontended, SLA-backed service), circuit handoffs, and implications for SaaS/voice performance, policy, and capacity planning.
• Knowledge of site-to-site IPsec fundamentals (ESP tunnel mode, selectors, anti-replay, NAT-T, PMTUD/MSS effects) and IKEv2 negotiation/rekeying for interoperability.
• Knowledge of Layer-2 segmentation and switching (802.1Q tagging, access vs trunk ports, native-VLAN hygiene) and loop-avoidance/convergence with RSTP/MSTP.
• Knowledge of enterprise Wi-Fi security and design (WPA3/WPA2-Enterprise, 802.1X/EAP with RADIUS, dynamic VLANs, RF/channel planning basics for coverage vs capacity).
• Skill in end-to-end QoS using DiffServ (traffic classification/marking with DSCP, EF/AF behaviors, queueing/policing/shaping at WAN edges).

• Knowledge of core network services for segmented environments (authoritative DNS, DHCP scoping and options, NTPv4 strata/peering/authentication for reliable time).
• Skill in network observability (SNMPv3 auth/privacy and access control, structured syslog for SIEM ingestion, flow telemetry with NetFlow/IPFIX for capacity and anomaly detection).
• Knowledge of network-layer security architecture (ingress/egress anti-spoofing per BCP-38/84, bogon filtering, baseline ACLs) and application of Zero Trust principles to segmentation and access.
• Ability to maintain rigorous documentation and change/risk management (diagramming and inventory, standardized change plans and reviews, mapping controls to frameworks such as NIST SP 800-53).
• Proven ability to read/produce packets (pcap) and translate findings into actionable fixes.
• Strong troubleshooting in multi-vendor paths (e.g. Fortinet ↔ Cisco ↔ Cloud).
• Thorough knowledge of the structure and content of the English language including the meaning and spelling of words, rules of composition, and grammar.
• Knowledge of applicable laws and policies.
• Ability to prepare and maintain a variety of moderately complex to complex records, compile data, and prepare reports.
• Ability to communicate clearly and effectively in a prompt, courteous, and professional manner.
• Ability to make sound judgments.
• Ability to develop and maintain good working relationships.

• Graduation from an accredited college or university with a bachelor’s degree in information technology, computer science, or related field; supplemented with at least three (3) years administering enterprise networks with hands-on deployment/upgrade projects (switching/routing, WLAN, firewalls/VPNs). Must demonstrate ownership of planning, implementing, and operating network services.
• In lieu of a formal degree or certificate, candidates may qualify with a minimum of five (5) years of experience in administering enterprise networks.
• An equivalent combination of training and experience, which provides the required knowledge, skills, and abilities to perform the job may be considered.

• Experience with Fortinet ecosystems and multi-site WAN fabrics.
• Exposure to FortiSIEM or equivalent SIEM.
• Scripting familiarity (Python/PowerShell/Ansible/etc.) for config linting/reporting.

• Possession of a valid driver’s license.
• Must be eligible to earn, and maintain, CJIS certification with FDLE.

• Fortinet FCP Network Security
• CCNA (or equivalent)
• Network+
• Security+