Esrtreit2d ago

New

USD 155000–175000/yr

Sr. Network Engineer

United States·New YorkFull Timesenior

Network EngineerInfrastructure & Cloud

0 views0 saves0 applied

Apply Now

Quick Summary

Requirements Summary

Microsoft Azure — VNet design, hybrid connectivity (ExpressRoute / VPN Gateway), NSGs, Azure Firewall, and Azure AD / Entra Hybrid DNS resolution, cloud-to-on-premises connectivity patterns,

Technical Tools

Network EngineerInfrastructure & Cloud

COMPANY SUMMARY

Empire State Realty Trust, Inc. (NYSE: ESRT) is a NYC-focused REIT that owns and operates a portfolio of well-leased, top of tier, modernized, amenitized, and well-located office, retail, and multifamily assets. ESRT’s flagship Empire State Building, the “World's Most Famous Building,” features its iconic Observation Deck, ranked the #1 Top Attraction in New York City for the fifth consecutive year in Tripadvisor’s 2026 Travelers’ Choice Awards: Best of the Best Things to Do. The Company is a recognized leader in energy efficiency and indoor environmental quality. As of March 31, 2026, ESRT’s portfolio is comprised of approximately 8.0 million rentable square feet of office space, 0.8 million rentable square feet of retail space and 743 residential units. More information about Empire State Realty Trust can be found at esrtreit.com and by following ESRT on Facebook, Instagram, TikTok, X and LinkedIn.

The dedicated team at ESRT is a collection of diverse individuals with a shared passion for excellence and a keen eye toward future growth. Headquartered in New York City, we harness the energy of the city in everything we do. We care for one another, work hard, and have a lot of fun doing it! We are Certified™ as a Great Place to Work® by the global authority, Great Place to Work®, on workplace culture, employee experience, and leadership behaviors. We prioritize and invest in the health and wellness of employees to attract, develop, and retain top-tier talent. ESRT values continuous employee development and encourages colleagues to excel in their roles and adapt to emerging business needs. From our crown jewel, The Empire State Building, to incredible buildings modernized for the 21st century, to outstanding customer service, and our decade-long leadership position in sustainability and energy efficient portfolio that is 100% fully powered by renewable wind electricity, we take pride in our work. ESRT seeks an equally passionate colleague to join the team, understand the vision and help achieve that vision.

TECHNICAL LEADERSHIP & ESCALATION:

Serve as the primary escalation point for complex network incidents, outages, and performance issues owing problems through to resolution with clear communication to stakeholders

Provide expert guidance to internal engineers, MSP resources, and NOC personnel on architecture, troubleshooting methodology, and root cause analysis

Lead post-incident reviews, drive root cause identification, and implement lasting remediations to prevent recurrence

Evaluate complex vendor and MSP escalations; make technical decisions on design, tooling, and resolution approach

NETWORK ARCHITECTURE & DESIGN:

Work with the Director of Network & Infrastructure to architect scalable, resilient, and secure network solutions across LAN, WAN, wireless, cloud, and building infrastructure

Lead the design and evolution of network segmentation strategy including zero-trust principles, VRF separation, and secure OT/IT boundary enforcement

Develop and maintain network infrastructure standards, reference architectures, and design patterns for consistent deployment across properties

Evaluate emerging technologies and contribute to the long-term infrastructure roadmap, particularly around Palo Alto / Panorama, Aruba, and cloud connectivity platforms

NETWORK ENGINEERING & OPERATIONS:

Design, deploy, and manage enterprise network infrastructure across BMS, IoT, Wi-Fi, PropTech, AV, security systems, corporate offices, and the Observatory

Administer Palo Alto NGFWs via Panorama — policy management, threat prevention, VPN, NAT, and security profile lifecycle management

Manage and optimize Aruba switching and wireless infrastructure including configuration, upgrades, RF planning, and troubleshooting via Aruba Central

Own BGP, OSPF, VLANs, VPN, QoS, and DNS configurations across multi-site environments

Manage WAN and ISP connectivity including failover design and carrier-level troubleshooting

Support IoT and PropTech deployments in a secure manner with a focus on building systems, access control, and sustainability technology

SECURITY & COMPLIANCE:

Lead network security posture improvements including firewall policy lifecycle, ACL governance, and vulnerability remediation

Administer Zscaler ZIA and ZPA — URL filtering, SSL inspection, cloud firewall rules, and app connector management

Manage Proofpoint email security platform including anti-spam, anti-phishing, encryption, and threat response policies

Administer BitSight to track, triage, and coordinate remediation of external security posture findings

Maintain PCI-DSS and SOX compliance through adherence to and enforcement of network policies and procedures

Collaborate with the MSSP on security monitoring, threat analysis, and incident response

Ensure timely application of patches, hotfixes, and firmware upgrades across all network equipment

IDENTITY, ACCESS & CLOUD:

Administer Okta for SSO/SAML/OIDC, MFA enforcement, and user lifecycle management including SCIM provisioning and deprovisioning

Manage Conditional Access Policies and integrate identity platforms with Palo Alto User-ID, Zscaler IdP federation, and Azure AD
Design and manage Microsoft Azure cloud networking including hybrid connectivity, VNet architecture, NSGs, and Azure Firewall

Support Microsoft 365 and Exchange Online from a network and connectivity perspective including split tunneling and optimization

Support IAM and PAM platforms as they relate to network access control and privilege governance

PHYSICAL INFRASTRUCTURE & SYSTEMS:

Manage physical server infrastructure, rack equipment installation, and data center operations including cabling, power, and cooling

Administer building riser infrastructure and ensure secure integration of IT and OT devices on segregated network segments

Support VMware vSphere virtual networking environments and server resource management

Oversee SAN/NAS storage networking and business continuity / backup technologies

MONITORING, DOCUMENTATION & GOVERNANCE:

Drive network monitoring strategy and tooling to ensure proactive alerting and performance trending across the full infrastructure estate

Author and maintain high-quality documentation including topology diagrams, configuration baselines, SOPs, and runbooks

Contribute to business continuity and disaster recovery procedures; develop, test, and maintain failover runbooks

Adhere to change management and PMO best practices for all infrastructure changes; manage project milestones with clear stakeholder communication

Complex escalations are resolved decisively and thoroughly, with clear communication throughout the team and Director trust this person to own the hardest problems

Network architecture documentation, standards, and reference designs are developed and kept current, reducing reliance on tribal knowledge

Security posture improves measurably: firewall policies are rationalized, vulnerabilities remediated on time, and segmentation consistently enforced

Network stability and availability are maintained across all properties; incidents are detected proactively rather than reactively

New technologies and architectural improvements are identified and brought forward with well-reasoned business cases

Service Desk escalations are resolved efficiently with recurring patterns identified and addressed proactively

INTERPERSONAL SKILLS:

Communicates complex technical issues, architectural decisions, and incident status clearly to both engineering peers and executive leadership

Strong analytical and troubleshooting instincts works through ambiguous, high-pressure situations methodically and calmly

Collaborative mindset: works effectively with internal teams, MSP, MSSP, and vendors; shares knowledge freely and raises team capability

Self-directed and highly accountable that takes ownership without waiting to be asked and follows through to full resolution

Strong documentation discipline; leaves systems, configurations, and designs better documented than found

Proactively monitors industry developments and brings emerging technologies and best practices to the team's attention

PALO ALTO NGFWs & PANORAMA:

Expert-level policy management, troubleshooting, and architecture across a distributed multi-site environment

Panorama: centralized policy administration, device group management, log forwarding, and operational management at scale

Advanced firewall design: zone-based architecture, App-ID, User-ID, URL filtering, SSL decryption, threat prevention, and WildFire integration

GlobalProtect: VPN configuration, gateway management, and site-to-site connectivity

NAT policy design, security profile tuning, and firewall policy lifecycle management

PCNSE certification strongly preferred

ARUBA WIRELESS & SWITCHING:

Aruba CX / AOS-CX switching — configuration, troubleshooting, and lifecycle management across multi-site environments

Aruba Central management: RF planning, access point lifecycle, and performance optimization

Wireless security: 802.1X, RADIUS integration, guest network segmentation, and rogue AP detection

SD-WAN architecture awareness and WAN/ISP circuit failover design

ZSCALER ZIA / ZPA:

Zscaler Internet Access (ZIA) URL filtering, SSL inspection, cloud firewall, and policy configuration

Zscaler Private Access (ZPA) zero-trust application access, app connector management, and policy administration

Zscaler tenant administration, log streaming, and integration with SIEM and identity providers

OKTA / IAM & PAM:

Okta SSO/SAML/OIDC configuration, MFA enforcement, and user lifecycle management including SCIM provisioning

Okta integration with Palo Alto User-ID, Zscaler IdP federation, and Azure AD directory sync

PAM platform familiarity and IAM integration with network access controls and Conditional Access Policies

DNS & DOMAIN SECURITY:

Windows DNS / Active Directory-integrated internal DNS, external authoritative DNS, and split-brain DNS architectures

DNSSEC implementation and DNS-based threat detection and filtering

Domain protection — monitoring for lookalike/spoofed domains and unauthorized SSL/TLS certificate issuance

SSL/TLS certificate lifecycle management across internal and external services

BitSight or equivalent EASM platform administration

PROOFPOINT EMAIL SECURITY:

Anti-spam, anti-phishing, email encryption, and threat response policy management

Platform administration including quarantine management, allow/block lists, and reporting

Coordination with the security team on phishing investigations and incident response

Experience with a comparable enterprise email security platform considered equivalent

OT / BMS / IoT / PROPTECH:

Hands-on experience with network design for building management systems (BMS), IoT devices, and PropTech deployments

Network segmentation for OT/IT boundaries including VRF separation and secure access control

Experience supporting access control, CCTV, AV systems, and sustainability technology in a commercial real estate or multi-family residential environment

Awareness of OT security principles and protocols relevant to building infrastructure

PHYSICAL INFRASTRUCTURE & DATA CENTER:

Physical server management, rack installation, and data center operations including cabling, power, and cooling

VMware vSphere, virtual networking and server resource management

Microsoft Windows Server 2019/2022/2025 and Linux administration

Microsoft Active Directory, DNS, and DHCP infrastructure management

SAN/NAS storage networking and business continuity / backup technologies

PCI-DSS & SOX COMPLIANCE:

Working knowledge of PCI-DSS and SOX requirements for network segmentation, access control, and audit logging

Firewall ACL governance, policy review cycles, and evidence collection for compliance audits

Experience in a regulated industry (real estate, financial services, or similar) preferred

CLOUD & HYBRID NETWORKING:

Microsoft Azure — VNet design, hybrid connectivity (ExpressRoute / VPN Gateway), NSGs, Azure Firewall, and Azure AD / Entra

Hybrid DNS resolution, cloud-to-on-premises connectivity patterns, and identity federation

Microsoft 365 and Exchange Online — network requirements, split tunneling, and connectivity optimization

8–10 years of progressive, hands-on enterprise network engineering experience with demonstrated depth in complex, multi-site environments

At least 3 years in a senior or lead capacity managing complex, multi-site infrastructure

Proven experience serving as a technical escalation resource or informal architect on an infrastructure team

Experience in Real Estate, Financial Services, or a similarly regulated industry preferred

PCNSE (Palo Alto Networks Certified Network Security Engineer) strongly preferred; Panorama hands-on experience is a firm requirement

Aruba/HPE (ACSA/ACCP), Zscaler (ZCCA-IA/PA), Azure (AZ-104), or Okta Certified Administrator are a plus

CCNP Enterprise or equivalent routing/switching certification considered; demonstrated production depth matters most

Associate's or Bachelor's Degree in Computer Science, Information Technology, or related field preferred; equivalent professional experience considered

Prolonged periods of sitting at a desk and working on a computer

Must be able to lift up to 15 pounds at times

At ESRT, like our tenants, our employees come from everywhere. We foster a collaborative work environment that captures top talent and cultivates the best ideas. As a Great Place to Work® Certified employer, we are committed to maintaining our positive work culture where employees are engaged and can grow and develop. In addition, ESRT employees embody our Company Culture & Success Factors -

Adaptable – you are a self-starter who’s able to quickly digest and execute new processes to work both collaboratively and independently

Dynamic – you are solutions-oriented, aim to improve processes and implement efficiency, and offer insightful feedback to improve ESRT

Dependable – you take a strong sense of ownership and accountability over your work

Passionate – you keep up with industry trends and are excited about the potential to propel the industry forward with a “roll-up-your-sleeves” attitude

Curious – you consistently look for new ways to work smarter, not just harder

Ethical – you treat others with respect, act with integrity in how you perform your work, and embrace our collaborative culture

Positive – you possess a service-oriented attitude with excellent follow through

Competitive base salary and bonus

Health/Dental/Vision insurance

Company sponsored Life, AD&D, STD (with Salary Continuation), and LTD Insurance

Voluntary Enhanced LTD Program

Voluntary Hospital, Accident, and Cancer Programs

401(k) with 100% match up to 5%

Paid parental leave

Pre-tax transit accounts

Employee Assistance Program for emotional, financial, and legal support

Generous paid time off

Flex remote work time

Flex Summer Fridays

Employee engagement programs

Volunteer time off

Continuing education

Complimentary Empire State Building Observatory access

Complimentary gym membership and other wellness benefits

Employee Discount Programs

ESRT is an equal opportunity employer and is committed to providing a workplace free from harassment and discrimination. We celebrate the unique differences of our employees because they drive curiosity, innovation, and the success of our business. We do not discriminate based on race, religion, color, creed, national origin, sex, sexual orientation, gender identity or expression, reproductive choices, age, marital status, veteran status, disability status, pregnancy, parental status, caregiver status, genetic information, political affiliation, or any other status protected by the laws or regulations in the locations where we operate. This policy applies to all aspects of employment, including hiring, promotion, demotion, compensation, training, working conditions, transfer, job assignments, benefits, layoff, and termination. Reasonable accommodations that do not create an undue hardship for the Company are available for applicants and employees with disabilities or sincerely held religious beliefs.