iGov is seeking a highly skilled
Network Engineer to provide comprehensive engineering and operational support for our enterprise Cisco network environment. This role focuses on strengthening the security, reliability, and resilience of the network infrastructure while directly addressing identified Incident Response (IR) remediation requirements. The successful candidate will design, implement, and maintain secure network architectures that enforce Zero Trust principles, network segmentation, and least-privilege access controls. This is a core mid-to-senior execution and operations role. The candidate serves as a technical adviser for complicated service desk tickets, while focusing on the active implementation, daily optimization, troubleshooting, and continuous monitoring of the Cisco-based infrastructure.
THIS POSITION IS CONTINGENT UPON CONTRACT AWARD!!Key Responsibilities:- NIST SP 800-53 Control Alignment: Implement and maintain enterprise network security controls precisely aligned with federal standards, mapping directly to the Access Control (AC), Configuration Management (CM), System and Communications Protection (SC), and Audit and Accountability (AU) control families.
- Zero Trust Architecture Engineering: Enforce strict Zero Trust network architecture principles in accordance with NIST SP 800-207, establishing continuous verification of all users and devices regardless of location.
- Micro-Segmentation Strategy: Establish and maintain secure network segmentation and micro-segmentation strategies to limit lateral movement across all network layers and protect high-value assets and sensitive environments.
- Least-Privilege & Identity Access: Design and implement least-privilege network access controls, ensuring granular, role-based and identity-aware access management across all network layers.
- Edge Port Authentication: Manage 802.1X port-based network access control to strictly prevent unauthorized device connectivity and enforce authentication at the network edge.
- Centralized SIEM Logging: Configure and maintain centralized logging and audit capabilities for all network devices, ensuring all log traffic is securely forwarded to enterprise SIEM platforms and retained in compliance with requirements.
- Continuous Risk Assessments: Conduct continuous monitoring and technical vulnerability assessments of the network infrastructure to actively identify risks and coordinate remediation paths in alignment with the NIST Risk Management Framework (RMF) practices.
- Secure Device Hardening: Harden all enterprise network devices using secure configuration baselines (e.g., Cisco Secure Configuration Guides), ensuring the disabling of unnecessary services, enforcement of strong encryption protocols, and lockdown of management interfaces.
- Perimeter and Public Asset Security: Secure public-facing and perimeter network assets by implementing strict ingress/egress filtering, firewall rule optimization, and multi-factor authentication (MFA) for administrative access.
- Incident Response & Forensics: Support incident response activities by providing network-level analysis, rapid containment actions (such as localized segmentation or blocking malicious traffic), and forensic data collection.
- Rigorous Change Control: Ensure all network changes follow formal change control processes backed by a security impact analysis to support compliance with NIST configuration management requirements.
- SOP Development: Develop, implement, and maintain Network Standard Operating Procedures (SOPs), reviewing and updating all SOPs on at least an annual basis to reflect changes in technology, policy, or security requirements.
- Hardware Baseline Lifecycle: Document and maintain highly detailed hardware and configuration baselines for all network devices-including Cisco switches, routers, firewalls, and related infrastructure-conducting formal annual reviews and updates.
- Root Cause Analysis (RCA): Perform root cause analysis for network incidents, including performance degradation, unexpected outages, and security events, fully documenting findings to implement corrective and preventive actions.
- Automated Patch Orchestration: Maintain automated network patch management and firmware update procedures in complete accordance with Cisco best practices and organizational security policies.
- Enterprise Diagram Architecture: Develop, maintain, and update comprehensive network diagrams that accurately reflect the enterprise network architecture across cloud, production, and secure environments, executing updates annually or dynamically as changes occur.
- Core Infrastructure Services: Troubleshoot and maintain enterprise DNS services, maintaining configuration changes, performance tuning, and prompt issue resolution.
- 24/7 Monitoring Integration: Support continuous, real-time monitoring of network infrastructure (24/7 operations) through the integration of network management and security monitoring tools.
- Audit Readiness: Maintain accurate, up-to-date documentation of network configurations, physical assets, and operational procedures to ensure permanent audit readiness and operational continuity.
- Escalation Support: Serve as the technical adviser for complicated service desk tickets and modifications to better support network operations, while collaborating with cloud, Microsoft engineering, and cybersecurity teams.
Required Qualifications & Experience:- Core Engineering Experience: A minimum of eight (8) years of overall experience in Information Technology, Endpoint Engineering, or Cybersecurity. At least six (6) years must be specifically performing engineering functions (not help desk) in enterprise environments.
- Governance Familiarity: Proven experience working under formal change control, audit, and security governance processes. Extensive familiarity implementing and maintaining security controls aligned with NIST SP 800-53 (specifically Access Control, Configuration Management, System and Communications Protection, and Audit and Accountability families).
Required Credentials & Certifications:- Active Security Clearance: Must be eligible for and successfully pass a Public Trust Tier 2 background check and fingerprinting process conducted through the U.S. Capitol Police.
- Professional Certifications: Must possess current, professional-level network engineering and security credentials (e.g., Cisco professional-level certifications or equivalents).
- Note: These credentials must have been actively maintained and utilized professionally for a minimum of five (5) years. Expired or unused certifications will not be considered
iGov offers a competitive salary package and excellent benefits to include:
ESOP
401(k) matching
Medical, Dental, Vision insurance
Professional Development
Disability Insurance
Health Savings Account
Flexible Spending Account
Paid Holidays
PTO
