Sr. Network Administrator (58998)

Summary of Position:

The Senior Network Administrator designs, implements, maintains, and monitors Circle the City’s network and core infrastructure to ensure secure, reliable operations across all clinics and mobile programs. This role owns day-to-day network operations (routing, switching, firewalls, VPN/SD-WAN, Wi-Fi), Microsoft 365/Entra ID identity and device management (no on-prem Active Directory), and partners with Security/Compliance and our EHR vendor (Athena) to support clinical workflows and protect ePHI. The Senior Network Administrator leads incident response for network issues, drives continuous hardening aligned to HIPAA Security Rule, NIST, and HITRUST, and mentors service desk and systems staff.

Essential Duties & Responsibilities

A. Network & Infrastructure Operations (55%)

· Architect, implement, and maintain Sophos firewalls and switches; manage routing, VLANs, ACLs, high availability, and firmware lifecycle.

· Administer Ubiquiti (UniFi) wireless (controllers, APs, site RF planning, guest access, WPA2/3-Enterprise) with attention to coverage, capacity, and security.

· Operate perimeter and internal security controls: firewall policies, IPS/IDS, web filtering, SSL inspection (as appropriate), VPN/SD-WAN, DNS/DHCP.

· Manage site-to-site and remote access VPNs; maintain resilient Internet/Fiber links, failover, and QoS for clinical apps, VoIP, and telehealth.

· Monitor capacity, performance, and availability; tune for low latency and high reliability of EHR, imaging, and cloud services.

· Coordinate installations, upgrades, and maintenance windows; provide after-hours support as part of an on-call rotation.

· Oversee cabling standards, rack/stack, labeling, environmental monitoring, and physical security of network closets and data rooms.

B. Identity, Endpoint & SaaS Administration (20%) (Entra ID–only)

· Own Microsoft Entra ID: identity lifecycle, Conditional Access, MFA, SSO (SAML/OAuth), and privileged access guardrails.

· Administer Intune/Endpoint Manager for Windows 10/11 and mobile: compliance baselines, device health, app deployment, BitLocker, Autopilot.

· Use NinjaOne RMM for endpoint visibility, patching, secure remote support, software deployment, alerting, and ticketing workflows.

· Administer Microsoft 365 (Exchange Online, Teams, SharePoint/OneDrive) and other SaaS (e.g., MedTrainer, SnapComm) using least-privilege access.

· Automate configuration and reporting with PowerShell; maintain configuration baselines and security benchmarks.

C. Security, Compliance & Monitoring (15%)

· Implement and maintain technical safeguards aligned with HIPAA, NIST, and HITRUST; document controls and evidence.

· Partner on risk assessments, vulnerability management, and remediation; manage logging/alerting across Sophos, UniFi, Microsoft 365, and NinjaOne.

· Triage and resolve security and availability incidents; perform root-cause analysis and preventive hardening.

· Maintain current network diagrams, inventories/CMDB, recovery procedures, and change control documentation.

D. Application/EHR & Vendor Coordination (5%)

· Serve as network/infrastructure SME for Athena EHR projects and integrations; ensure secure connectivity, access, and performance.

· Coordinate with vendors/ISPs for new sites, circuit turn-ups, RMAs, and service escalations; validate against SLAs.

E. Training, Documentation & Communication (5%)

· Develop/maintain runbooks, SOPs, and user-facing guides; ensure asset and licensing records are accurate (NinjaOne/CMDB).

· Provide targeted training/mentorship to IT staff; deliver clear change and incident communications.

Minimum Qualifications

· 5 years progressively responsible experience in enterprise networking and systems administration (healthcare or regulated environment preferred).

· Expert knowledge of IP networking (L2/L3), VLANs, STP, routing protocols, VPNs, wireless, and firewall administration.

· Hands-on administration of Microsoft Entra ID and Intune in a cloud-only identity model (no on-prem AD).

· Demonstrated experience with Sophos firewalls/switches and Ubiquiti (UniFi) wireless in multi-site environments.

· Proficiency with Microsoft 365 (Exchange Online, Teams, SharePoint), Windows 10/11.

· Experience implementing controls aligned to HIPAA Security Rule, NIST (e.g., 800-53/171), and/or HITRUST.

· Strong troubleshooting skills across network, identity, endpoint, and SaaS layers; adept with packet capture and log analysis.

· Clear written and verbal communication skills; ability to translate technical issues for non-technical stakeholders.

· Must be at least 21 years of age.

Preferred Qualifications

· Experience with SD-WAN, NAC, VoIP/QoS, wireless site surveys/heat-mapping.

· Scripting/automation using PowerShell (and/or Python) for configuration, compliance, and reporting.

· Exposure to healthcare systems and data flows (Athena EHR, HIEs).

· Experience with vulnerability scanning and SIEM solutions; familiarity with change/advisory processes.

Tools & Platforms (used at Circle the City)

· Network & Security: Sophos firewalls and switches, IPS/IDS, site-to-site/remote VPN, web filtering.

· Wireless: Ubiquiti (UniFi) controllers and access points.

· Identity & Endpoint: Microsoft Entra ID, Intune/Endpoint Manager, Conditional Access, Autopilot, BitLocker.

· RMM & Ticketing: NinjaOne RMM for device management, patching, remote support, monitoring, and ITSM/ticketing.

· Collaboration/SaaS: Microsoft 365, Teams, SharePoint/OneDrive; MedTrainer; SnapComm

· Monitoring/Management: Network monitoring, syslog, config backup, and asset/CMDB tied to NinjaOne.

Physical and Mental Requirements:

· The ability to regularly bend, stoop, kneel, and crawl in order to work behind and under equipment.

We are an equal-opportunity employer. All resumes will be reviewed for education and experience. Employment practices will not be influenced or affected by an applicant's or employee's race, color, religion, sex (including pregnancy), national origin, age, disability, genetic information, sexual orientation, gender identity or expression, veteran status, or any other legally protected status.

Salary : $98,415 - $133,149