Senior Network Engineer

Sofia Stars is a fast-growing global service provider that guides high-growth businesses to success. Our range of tailored solutions includes R&D, Customer Support, Sales, KYC, Risk, and Anti-Fraud services. We make every connection shine with fresh tech and cultural understanding.

The Corporate IT department is seeking a Senior Network Engineer to design, implement, and own the reliability of our corporate network infrastructure.

You’ll work in a dynamic and fast‑moving environment where priorities can shift quickly — flexibility, ownership, and problem‑solving under changing conditions are key to success.

Responsibilities:

• Network Design & High Availability: Architect and maintain corporate network infrastructure using MikroTik, UniFi, and Fortinet. Design and operate HA topologies with VRRP and Fortinet HA (active-passive and active-active clusters). Own the routing and switching stack: BGP, OSPF, VLANs, QoS, Multi-ISP load balancing and traffic-shaping policies.

• Infrastructure as Code & Configuration Management: Apply Infrastructure-as-Code principles across the entire network device estate — all configurations are defined in code (Ansible,Terraform ,etc), stored in version control, and reproducible on demand, with no manually managed devices.
Enterprise Wireless: Design, deploy, and continuously optimise Wi-Fi across UniFi and Fortinet FortiAP environments. Perform deep RF analysis: channel planning, power tuning, roaming optimisation (802.11r/k/v), and interference mitigation. Implement and maintain WPA3-Enterprise authentication with RADIUS and EAP-TLS. Own certificate lifecycle for EAP-TLS in close collaboration with the Endpoint Engineer who manages device-side MDM provisioning. Troubleshoot complex wireless issues end-to-end — from RF captures and supplicant logs to RADIUS debug and switch-port traces.

• Wired Access Control & Network Segmentation: Implement and maintain 802.1X port-based authentication for wired endpoints across the corporate environment. Design and enforce granular VLAN segmentation aligned to user roles, device types, and trust levels. Manage RADIUS policies for wired authentication and integrate with identity providers (Okta IdP) for dynamic VLAN assignment and CoA.

• VPN & Remote Access: Operate and scale VPN infrastructure across WireGuard (site-to-site), OpenVPN (remote access), and GlobalProtect (Palo Alto). Integrate VPN gateways with RADIUS and identity providers for MFA-enforced authentication. Define and enforce firewall policy, split tunnelling, and RBAC-driven access segmentation.

• Monitoring, Observability & Incident Response: Build and own network observability: SNMP, NetFlow/sFlow, syslog pipelines, and dashboards in Grafana / VictoriaMetrics. Define alerting thresholds, on-call runbooks, and postmortem processes. Lead resolution of P1/P2 network incidents and drive permanent root-cause fixes.

• Automation & Scripting: Develop Python-based tooling for network management tasks: configuration rendering, compliance checks, bulk changes, and operational reporting. Write and maintain reusable scripts that integrate with network APIs and Git-based configuration workflows

• Collaboration & Documentation: Cooperate with DevOps, Security, Identity, and Endpoint Engineering teams to align workflows and support cross-functional goals. Stay adaptable — priorities may shift rapidly as new critical initiatives arise. Create and maintain technical documentation; share best practices and mentor teammates on network automation and IaC culture.

Role Requirements:

• 5+ years in network engineering or infrastructure roles.

• Advanced knowledge of MikroTik RouterOS: routing, firewall, scripting, and CHR.

• Expertise with Ubiquiti UniFi: controller management, RF tuning, and L3 adoption.

• Expertise with Fortinet FortiGate: HA configuration, policy management, and FortiAP.

• Proven experience with VRRP and multi-vendor HA failover design.

• Solid IaC background applied to network devices: Ansible, Terraform, or equivalent, with Git-based change management.

• Hands-on experience with 802.1X wired authentication and dynamic VLAN assignment via RADIUS.

• Deep wireless troubleshooting skills: RF captures, supplicant debugging, EAP-TLS tracing, and roaming analysis.

• Solid VPN experience covering WireGuard, OpenVPN, and GlobalProtect.

• Working knowledge of Python for network automation and management tooling.

• Familiarity with RADIUS integration with identity providers (Okta, Entra ID, or equivalent).

• Strong monitoring and observability skills: SNMP, NetFlow, syslog, and dashboarding.

• Excellent troubleshooting, communication, and cross-team collaboration skills.

• Comfortable working in a fast-paced, ever-changing environment with shifting priorities.

Nice to Have:

• Experience with Palo Alto firewalls beyond GlobalProtect (Panorama, security policies, NGFW features).

• Familiarity with SecureW2 or similar cloud RADIUS / PKI platforms.

• Kubernetes and cloud networking awareness (AWS VPC, Transit Gateway, security groups).

• Experience with compliance frameworks (SOC 2, ISO 27001, or equivalent) in a network context.

• Exposure to FinOps practices applied to corporate network infrastructure cost management.

Our Excellent Benefits:

• Food vouchers (102 EUR)

• Appreciation gifts (birthday, wedding, newborn, etc.)

• Up to 25 vacation days

• 6 undocumented sick leaves

• Medical insurance and dental coverage

• Sport card 70% coverage (Multisport and/or CoolFit)

• Office massages

• Breakfast, lunch & snacks in the office

• Education budget

• Monthly team events

• Great office location

Important information:

• This is an office-based position in Sofia, Bulgaria.

Grow fast, shine globally

By submitting your application, you agree to our Privacy Policy.