Job Title: Network Administrator (RDL and SONic)
Client: Private Sector Technology Company
Duration: 6-12 months contract (potential extensions)
Location: Remote - Canada - EST
Position Summary
- We are seeking a proactive and detail-oriented RDL Network Administrator to manage the day-to-day operations and administration of our global Research and Development Lab (RDL) networks. Reporting directly to the Lead Network Architect, you will be responsible for the run-and-maintain aspects of our isolated, air-gapped networks.
- This role uniquely focuses on cutting-edge open networking. The majority of our RDL network
- infrastructure runs on SONiC (Software for Open Networking in the Cloud) deployed on
- Furthermore, security inside the air-gap relies heavily on Zscaler technology acting as internal firewalls integrated with local VLANs for precise, policy-driven access control
- Since this environment operates under strict security isolation without typical enterprise automated management tools, this role requires a hands-on, highly disciplined administrator who excels at executing manual and semi-automated workflows securely and consistently.
- Traditional Cisco-based networking skills are considered secondary to expertise in SONiC, Linux networking, and Zscaler-driven zero-trust security.
- This role requires regular on-site presence within the RDL environment and participation in a 24x7 on-call rotation supporting global RDL infrastructure, including after-hours incident response and scheduled maintenance activities
Core Responsibilities
1. SONiC & Open Network Operations
- SONiC Infrastructure Management: Monitor, configure, and maintain the health,
performance, and uptime proprietary open network switches running the SONiC operating system.
- Configuration & Segmentation: Implement localized VLAN adjustments, IP address
allocations, and switch port provisioning within the SONiC environment to isolate
multi-tenant engineering projects.
- Routine Maintenance: Execute hardware diagnostics, physical cabling checks, and
- SONiC OS/firmware updates following strict maintenance window guidelines.
- Secondary Infrastructure Support: Perform operational support, troubleshooting, and
maintenance of legacy secondary network components, including Check Point 3980
firewalls, Silver Peak SD-WAN appliances, and Cisco Catalyst 9400/9200 switches as
required.
2. Zscaler & Internal Security Policy Administration
- Zero-Trust Internal Firewalling: Administer and configure Zscaler ZTNA / App
- Connectors to serve as internal firewalls, establishing secure boundaries and controlling data flow across isolated local VLANs.
- Access Control & Identity: Provision local user accounts, configure role-based
permissions, and manage decentralized credentials on Linux-based jump hosts.
- Remote Session Security: Manage secure engineer connections using CyberArk vPAM
(Virtual Privileged Access Management).
Security Auditing: Conduct weekly audits of active user sessions, ACL configurations,
and local accounts to maintain an uncompromising security posture.
3. Data Transfer & Repository Sync Operations
- Multi-Tier Sync Execution: Execute and monitor the secure transfer of "transfer
bundles" containing OS packages (Rocky Linux, Ubuntu, CentOS, etc.), drivers, and
software libraries across the physical air gap.
- Repository Services Administration: Ensure repository services remain operational,
synchronized, and accessible to authorized systems within segmented and isolated RDL
environments.
- Integrity Validation: Verify cryptographic hashes (SHA-256 checksums) of all data packages moving from the Global Repository Server to the RDL Local Repository Server.
4. Support Ticket Resolution & SLA Adherence
- End-User Support: Act as the primary technical point of contact for design center
engineers needing open network troubleshooting, VLAN routing resolution, or new
package requests.
- Ticketing Operations: Process, update, and resolve secure lab support tickets in
accordance with established Service Level Agreements (SLAs).
Escalation Point: Identify complex open-networking bugs, design deviations, or routing
limitations and escalate them directly to the Lead Network Architect.
5. Compliance & Environment Enforcement
- Software Auditing: Conduct regular logical audits of systems within the RDL to ensure
strictly banned corporate agents (e.g., CrowdStrike, Threat Locker, Big Fix, ServiceNow
Agents, ClearPass NAC) are not installed.
- Asset Tracking: Maintain a flawless inventory of all owned assets inside the RDL physical rooms, including servers, switches, wireless access points (Aruba 755), and connected lab machines.
Technical Qualifications
- Bachelor's degree in Network Administration, Information Technology, Computer Science,
or equivalent hands-on experience.
- 4+ years of experience in network administration or system administration, preferably managing secure, segmented, or laboratory networks.
Required Technical Skills
- Network & Security Hardware: Practical experience configuring and troubleshooting
Layer 2 and Layer 3 network environments including VLANs, routing, ACLs, packet capture
analysis, and protocol troubleshooting using tools such as Wireshark and tcpdump.
- Monitoring & Visibility: Experience with SNMP-based monitoring and alerting platforms
such as SolarWinds, including device health monitoring, performance analysis, fault
identification, and capacity trending.
- Linux System Administration: Mid-to-senior level Linux administration experience
including user management, shell scripting, package management, service administration,
repository hosting, and network troubleshooting.
- Access Tools: Experience working with remote access tools such as Zscaler ZTNA / App
- Connectors and Privilege Access Management solutions (specifically CyberArk).
- Virtualization Administration: Experience provisioning, maintaining, and troubleshooting virtual machines, clustered hosts, storage resources, and virtual networking within
- VMware vSphere, Nutanix AHV, and/or Microsoft Hyper-V environments.
- Air-Gap Protocols: Working knowledge of secure file transfer protocols (SFTP, SCP,
rsync) and security scanning methodologies.
Preferred Certifications
- CCNA (Cisco Certified Network Associate)
- Check Point Certified Security Administrator (CCSA)
- CompTIA Security+ or Linux+
- CyberArk Certified Trustee or Defender
- High Operational Discipline: Ability to strictly adhere to Standard Operating Procedures
(SOPs) without cutting corners, even during urgent troubleshooting.
- Excellent Communicator: Strong written and verbal communication skills, necessary for translating technical issues to designers and coordinating with corporate security teams.
- Multi-Tasker: Capable of balancing ticket requests from multiple global labs concurrently
while maintaining accurate records
#IndKyn
**Please note this is for a contract position with one of our clients and not a fulltime employment role with Kyndryl Canada**