The Opportunity:
TCS is looking for a Lead Firewall Engineer to oversee the NSS Boundary Team. This role will report directly to the Branch Chief of Cyber Technology Services. This position is responsible for maintaining compliance with quality assurance standards and ensuring service level agreements are met or exceeded within this service area.

Experience in reviewing, validating, and implementing requirements within enterprise Change Requests (CRQs) and determining impacts to network and cyber operations across the enterprise. This role is also responsible for providing technical oversight of troubleshooting efforts and solutions development executed by the subordinate team.

Responsibilities:
Serve as the focal point for all firewall tasks, operations, and projects
•Lead, direct, and manage execution of all daily operations, troubleshooting, and maintenance activities of the NSS Boundary work center.
•            Design, implement Manage security solutions using F5, Juniper SRX, and Palo Alto for project-based requirements.
•            Ensure systems, devices, and application under your responsibility and span of control meet applicable STIG/SRG and organizational configuration baselines
•            Lead regular compliance evaluations and audits
•            Develop, oversee, maintain, and enforce configuration management processes, Standard Operational Procedures (SOPs), and other documentation as needed/required.
•            Monitor platform performance, logs, software version(s), and configuration drift to identify and mitigate performance, compliance, and security issues. 
•            Develop and maintain network architecture diagrams, inventories, and licensing status for the various capabilities within the scope of the team.
•            Provide written reports and oral briefings to contract and government leadership
•            Coordinate issues with the appropriate stakeholders to ensure task completeness and overall customer satisfaction.
•            Provide recommendations on newly submitted customer requests.
•            Evaluate and report on new/emerging network/communication technologies to enhance capacity, performance and reliability of the network.
•            Evaluate and recommend changes and/or technology upgrades to address performance, standardization and industry best practices.
•            Conduct performance assessments, mentor, and coach personnel.

Qualifications:

•            Security Clearance: Active TS/SCI

• 8+ years related technical experience network security technologies, tools, and techniques
• 5+ years' experience with large-scale enterprise/global networks in a high paced diverse environment
• Understanding and experience with the DoD Architecture Framework and other key DoD network architecture and strategic planning instructions

•            Demonstrated knowledge in planning, directing, and managing a Firewall / Boundary Security Team in an organization similar in size
•            Firewall experience within the DoW or IC
•            Demonstrated knowledge of implementation of Perimeter and Internal Firewalls (both physical and virtual contexts)
•            Demonstrated advanced experience in managing baseline configurations across numerous firewalls
•            Demonstrated advanced experience in evaluating rules to ensure maximum security while minimizing redundancy and processing overhead
•            Demonstrated experience with researching and fielding new and innovative firewall technology
•            Experience with F5 platforms/technologies (APM, AFM, SSLO, etc.)
•            Experience with Palo Alto platforms/technologies (Threat Prevention, Wildfire, URL Filtering, Global Protect)
•            Experience with Juniper SRX platforms/technologies
•            Experience with Online Certificate Status Protocol OCSP revocation
•            Familiar with DoD PKI, Kerberos, LDAP, Active Directory, Authentication (SAML, OAuth)
•            Ability to describe and troubleshoot TLS/SSL handshake/connection issues
•            Network design, engineering, and implementation (Advanced Level)
•            Creation of network related Rough Order Magnitude (ROM) equipment lists and costing, Level of Effort (LOE) estimation for labor
•            Understanding of DoW, DISA, and IC standards and processes
•            Ability to work weekends and evening hours as needed
•            Ability to obtain and maintain a CI polygraph
•            DoD 8140.01 and DoD 8570.01-M IAT Level II compliant certification (current). Must be able to successfully obtain/maintain CSSP Infrastructure Support certification within 120 days.

Desired:

• BS or MS degree in Computer Science, Cyber Security, Network Security or related field
• F5 Networks certifications
• Juniper JNCIS/JNCIP, Palo Alto PCNSE (or equivalent)

Pay Range:

There are a host of factors that can influence final salary including, but not limited to, geographic location, Federal Government contract labor categories and contract wage rates, relevant prior work experience, specific skills and competencies, education, and certifications. Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives. We offer competitive compensation, benefits and learning and development opportunities. Our broad and competitive mix of benefits options is designed to support and protect employees and their families. At CACI, you will receive comprehensive benefits such as; healthcare, wellness, financial, retirement, family support, continuing education, and time off benefits.

The proposed salary range for this position is: