Position requires an active Top Secret/SCI clearance with ability to obtain additional security requirements. Please do not apply if you do not possess the required Top-Secret Clearance.
We offer competitive compensation and an extraordinary benefits package including health, dental and vision insurance, 401K with company matching, flexible spending accounts, paid holidays, three weeks paid time off, and more.
Position Summary:We are seeking a highly skilled
Senior Network Engineer (Security) who will serve as the
Subject Matter Expert (SME) for enterprise network security infrastructure. The engineer will design, implement, manage, and optimize critical security controls, including firewalls, VPN systems, intrusion prevention systems (IPS), and network access control (NAC). This role is responsible for securing both perimeter and internal network segments, ensuring resilient, compliant, and mission-ready operations. The selected candidate will support security operations at Joint Base Anacostia-Bolling and must
maintain an active TS/SCI clearance. Candidates who do not hold a TS/SCI please do not apply.Key Responsibilities:- Serve as the Subject Matter Expert (SME) for network security infrastructure across mission systems.
- Design, deploy, configure, and maintain enterprise firewalls, IPS, NAC, VPNs, and segmentation technologies.
- Engineer secure network architectures that protect the perimeter and internal network segments from advanced threats.
- Administer and maintain Palo Alto Networks next-generation firewalls (PA-5000 series) and Cisco Adaptive Security Appliance (ASA) platforms.
- Manage site-to-site and remote-access VPN solutions, including security policy enforcement and identity-based access controls.
- Analyze security logs, events, and packet data to detect and respond to threats.
- Support zero-trust initiatives, access segmentation, and least-privilege network design.
- Develop, implement, and maintain security baselines and configuration standards.
- Provide Tier III operational support and perform root cause analysis for complex network security issues.
- Collaborate with cybersecurity teams to ensure compliance with DoD security frameworks, STIGs, and enterprise policies.
- Document configurations, changes, engineering updates, and architectural decisions.
Required Technical Certifications (at least one):- CISSP (or CCNP Security + CASP+)
- Platform-specific certification (e.g., Palo Alto, Cisco, or equivalent)
Preferred Technical Certifications (Plus):- CCNP Security
- GCIH or GCIA
- CySA+
- CCIE Security
- GIAC advanced certifications (e.g., GCIA, GWAPT)
- CCSP
Required Technical Knowledge:Strong understanding of:
- Palo Alto Networks PA-5000 series next-generation firewall platforms
- Cisco ASA firewall technologies
- VPN design and management (IPsec, SSL/TLS, DMVPN)
- Intrusion Prevention Systems (IPS)
- Network Access Control (NAC) technologies
- Security zoning, segmentation, micro-segmentation, and zero-trust principles
- Secure routing, switching, and firewall policy design
- Network monitoring, packet capture, and threat detection tools
Preferred Experience:- Designing enterprise network security architectures in DoD or IC environments.
- Implementing segmentation in hybrid or multi-site mission networks.
- Performing threat analysis, incident response, or vulnerability mitigation for network infrastructure.
- Supporting enterprise security toolsets, SIEM, and intrusion-detection platforms.
- Working with STIGs, SRGs, compliance frameworks, and accreditation processes.
Requirements:TS/SCI security clearance required, candidate will not be considered without.#LI-CT1
