Network/Security Engineer- On-site- local only

Network/Security Engineer3 Month ContractOn-site in Foxboro, MA*US Citizens or GC HoldersThis is a server segmentation engagement. Vendor will provide an Engineer to support the company’s Server team in migrating from a flat server segment to a Layer 3, highly segmented server farm. Initially, Engineer will be onsite to assist with discovery, design alignment, and migration planning.one (1)network segmentation Engineer (lead) to provide and/or oversee thefollowing professional services activities:Server farm segmentation discovery and current-state review (VLANs, IP ranges, routing, dependencies)Target-state Layer 3 segmentation approach (VRFs as applicable, routing boundaries, policy requirements) in coordination with CompanyMigration plan and runbook (phasing, change windows, rollback, stakeholder communications)Post-change validation and documentation updates (reachability, routing verification, and handoff)Engagement Management:Provide engagement management and coordination (schedule, risks/issues, action items) for the segmentation workstreamCoordinate working sessions with company stakeholders (Server, Network, Security) and schedule change windows as neededProvide engagement status upon request, including periodic (assumed weekly, but upon a schedule to be determined in conjunction with Company virtual status meetingsEngage with company resources and relevant third parties (as applicable) to obtainaccess to appropriate personnel, environments, tools, and systems requiredto implement and validate segmentation changes Pre-Implementation Tasks:Collect current-state network and server connectivity information (VLANs, subnets, IP ranges, routing, firewall/policy dependencies)Identify application/server dependencies and traffic flows to inform segmentation boundaries and required policyDefine target-state Layer 3 segmentation approach (e.g., segmentation tiers, routing domains/VRFs as applicable, inter-segment controls)Develop an implementation plan/runbook (phases, change windows, test plan, rollback plan, communications)Confirm required access (switching, routing, firewall, virtualization, monitoring) and validate prerequisites prior to executionBuild & Implement Tasks:Discovery & Requirements Validation:Validate current-state routing, VLAN/subnet inventory, and server/application dependencies; confirm segmentation objectives, constraints, and success criteria with Company stakeholders.Target-State Design & Configuration Planning:Define Layer 3 segmentation boundaries, routing design (including VRFs as applicable), addressing impacts, and requiredACL/firewall policy; documentplanned configuration changes and sequencing.Pilot / Lab Validation (as applicable):Where feasible,validate routing and policy changesin a non-production environment or via limited pilot segments; confirm monitoring/telemetry and update the runbook based on results.Implementation & Migration Support:Support execution during approved change windows: implement routing and segmentation changes,coordinate required policyupdates, validate connectivity, and execute rollback plans if needed.Testing & Validation:Execute validation testing (reachability, routingverification, application checks)and confirm that required inter-segment traffic is permitted while unnecessary traffic is restricted per agreed policyDocumentation & Knowledge Transfer:Provide updatedas-built diagrams and configuration summaries, update the runbook based on actual execution, and conduct a handoff sessionwith TKG coveringsupport considerations and operational procedures. Engagement Closeout:Perform a closeout session which includes:A presentation, walk-through and handover of the segmentation design, implemented configuration approach, and all related as-built documentation.Questions and answersPerform formal engagement closeout (customer satisfaction survey, etc.).Perform administrative turnover of all documentation.DeliverablesImplementation Runbook: change steps, test steps, and rollback procedures.As-built documentation: updated segmentation diagrams, IP/subnet inventory (as applicable), routing/policy summary, and configuration excerpts sufficient for operations.Any changes to target-state design summary: Update Layer 3segmentation approach and intended inter-segment controls (VRFs as applicable, routing boundaries, policy requirements).Validation evidence: summary of completed verification steps and any open issues/risks at handoff.ExclusionsProcurement, installation, or replacement ofnetwork/server hardware andsoftware licensing.Major redesignof the overall enterprise networkbeyond the serverfarm segmentation scope, including campus/WAN architecture changes.AssumptionsCompany will provide appropriate access to required environments and systems (switching/routing, firewall/policy platforms, virtualization, monitoring) anda suitable workspace for onsite activities, as needed.Company stakeholders will be available to participate indiscovery, review/approve design decisions, and support testing during change windows.Relevant current-state documentation (network diagrams,IP plans, firewall/policy standards, and known application dependencies) will be made available promptly when requested.Best regards,