Lead Network/Security Engineer

Job Title: Lead Network/Security Engineer (Server Segmentation)
Location: Foxboro, MA (100% On-site Daily) Type: Contract / Engagement-based Relocation: No (Local candidates only) 
Job Overview
We are seeking a high-caliber Network & Security Engineer to lead a critical server segmentation engagement. The successful candidate will support our Server Team in migrating from a traditional flat network segment to a highly secure, Layer 3 segmented server farm. You will be responsible for the end-to-end lifecycle of the project—from initial discovery and design to implementation and final handoff.
Key Responsibilities
1. Discovery & Design Alignment
Conduct a deep-dive review of the current state, including VLANs, IP ranges, routing protocols, and server dependencies.
Define the target-state Layer 3 segmentation strategy, utilizing VRFs and routing boundaries to ensure robust security policy enforcement.
Identify application traffic flows to inform firewall policy and segmentation boundaries.
2. Migration Planning & Implementation
Develop a comprehensive Implementation Runbook, detailing phasing, change windows, test plans, and rollback procedures.
Execute routing and segmentation changes during approved windows.
Coordinate with Server, Network, and Security stakeholders to implement ACLs and firewall policies.
3. Validation & Documentation
Perform post-migration testing to verify reachability and ensure inter-segment traffic is restricted as per policy.
Create and update "As-Built" documentation, including network diagrams and IP/Subnet inventories.
Conduct formal knowledge transfer and handoff sessions with the operational support teams.
4. Engagement Management
Lead the segmentation workstream by managing schedules, tracking risks, and providing weekly status updates to leadership.
Act as the primary technical point of contact for relevant third parties and internal resources.
Technical Qualifications
Networking: Expert-level knowledge of Layer 3 routing, VLAN management, and VRF (Virtual Routing and Forwarding).
Security: Strong experience in firewall policy design, ACLs, and network security micro-segmentation.
Environment: Proven track record in migrating flat networks to segmented architectures within large-scale server farms.
Infrastructure: Familiarity with virtualization platforms and enterprise-grade monitoring tools.
Soft Skills & Requirements
Ability to lead working sessions with cross-functional technical teams.
Strong documentation skills (Visio diagrams, technical runbooks).
Compliance: Successful candidate must send a copy of their driver's license as part of the onboarding/security process.
Deliverables Expected
Full Implementation Runbook (Steps, Testing, & Rollback).
Updated Segmentation Diagrams & Routing/Policy Summaries.
Validation Evidence and Handoff Documentation.