DNS Engineer

DNS Engineer at Jobs via Dice

Position Overview

The DNS Engineer is sought as a Senior Level Subject Matter Expert (SME) in DNS, ideally with experience from a service provider environment. This role requires senior-level Linux administration skills, expertise in DNS configuration, specifically with BIND, and proficiency in Python scripting and automation. A key aspect of this position involves performing an end-to-end assessment and audit of the existing DNS environment. Following the audit, the engineer will deliver a comprehensive architectural report, provide strategic recommendations, and challenge current design paradigms.

Day To Day

• The DNS SME is responsible for the design, stability, performance, and security of DNS services.
• A significant portion of the work will involve implementing new DNS configurations.
• There will be a strong focus on upgrading and optimizing existing configurations.
• Designing and implementing new functionality that does not currently exist within the infrastructure.

Responsibilities

• Create a Current Design document detailing the enterprise DNS IT infrastructure.
• Highlight all DNS flows and zone forwarding within the network.
• Identify every Recursive Server and Authoritative Server, noting their location within the Green and Yellow zones of the network.
• Leveraging the Current Design Document, identify all gaps and opportunities to improve the design, creating a gap analysis document that highlights all potential enhancements for both functionality and security.
• Create and provide a new enterprise DNS design document that incorporates all enhancements addressing identified gaps and inefficiencies, with a primary focus on improving the security posture of the DNS infrastructure.
• Perform peer-level reviews with both internal network engineering and security architects.
• Obtain formal approval from Security on the new design.
• Break the new design into a phased approach, with each Data Center (DC) constituting a separate phase.
• Build the new DNS environment in each phase for each DC, including thorough testing, validation, and the establishment of monitoring and alerting systems.
• Complete new build documentation, creating an accurate "as-built" design record.
• Train personnel to effectively maintain the new environment.
• Create new disaster recovery documents and procedures for the DNS infrastructure.
• Perform comprehensive disaster recovery testing.
• Maintain and operate the new design, addressing and fixing any configuration changes required to adjust to new findings or evolving requirements.

Skills Needed

• BIND 9.X experience, including NAMED configuration.
• DNS administration experience with an industry-leading IPAM solution (e.g., Diamond IP, Infoblox).
• Linux (RHEL 8/9) experience.
• OS Kernel modifications.
• OS Access Control Hardening experience.
• Security policy enforcements (e.g., Net groups, power broker).
• Syslog configuration.
• Python scripting experience.
• Ansible automation platform experience.
• DNS monitoring experience, leveraging BIND stats information.

Key skills/competency

• DNS Administration
• BIND 9.X
• Linux (RHEL)
• Python Scripting
• Ansible Automation
• Network Security
• IPAM
• DNS Architecture
• Disaster Recovery
• System Auditing