user avatar

Lab Network Engineer

The Judge Group

Yesterday
Secret
Unspecified
Unspecified
IT - Hardware
Colorado Springs, CO (On-Site/Office)
Location: Colorado Springs, CO (100% onsite)

Employment: Full-time

Clearance: Active DoD Secret (minimum) on Day 1; U.S. citizenship required

About the job

You will engineer, secure, and test the network fabric that powers a missile-defense command-and-control program. The role blends hands-on lab buildouts with deep packet forensics, enabling reliable integration of new sensors/feeds and releases into operations.

Responsibilities

  • Design, implement, and harden lab/production-like networks (Juniper + Cisco).
  • Configure and troubleshoot BGP/OSPF, UDP multicast (PIM/IGMP/RPF), VLANs, NAT, GRE/IPsec-GRE.
  • Perform packet capture/analysis (Wireshark/tcpdump); produce evidence for defect closure and performance SLAs (latency/jitter/throughput).
  • Implement STIG hardening; contribute to RMF artifacts (SCAP/ACAS, POA&M), and integrate TACACS+ / AD.
  • Tune firewall and IDS/IPS policies across multiple enclaves.
  • Operate within Agile sprints; maintain diagrams (Visio) and test documentation (slides/reports).
  • Use vSphere/vCenter for testbed modeling; apply Python/Ansible for config templating and capture/replay.
  • Validate network timing (NTP/PTP) and MTU/PMTUD across encapsulated paths.
  • Support occasional deployments and onsite test events (


Minimum qualifications

  • Active DoD Secret (or higher); compliant with DoD 8570 IAT II (e.g., Security+ CE).
  • 3-7 years hands-on routing/switching/firewall experience in secured networks.
  • Proficiency with BGP/OSPF, multicast, VLAN/NAT/GRE, and Wireshark.
  • Experience applying DISA STIGs and supporting RMF accreditation activities.
  • Comfort with Juniper JUNOS and Cisco IOS/ASA/Firepower.


Preferred qualifications

  • Prior work on U.S. DoD/IC programs or missile-defense/C2 environments.
  • Juniper/Cisco certifications (JNCIS/JNCIP, CCNP), plus Python/Ansible automation.
  • vSphere networking (vSwitch/dvSwitch, port groups), NetFlow/IPFIX, QoS/CoS.
  • IDS/IPS tuning (Snort/Suricata), Type-1 crypto familiarity (e.g., TACLANE), WAN optimizers.
  • Strong documentation habits (Visio, PPT) and evidence-driven troubleshooting.


Technologies you'll use

  • Routing/Segmentation: BGP, OSPF, PIM/IGMP/RPF, VLAN, NAT, GRE/IPsec-GRE
  • Vendors: Juniper (EX/MX/SRX), Cisco (IOS/IOS-XE/ASA/Firepower)
  • Security/Compliance: STIG, RMF, SCAP/ACAS, TACACS+, AD, IDS/IPS
  • Observability: Wireshark/tcpdump, NetFlow/IPFIX, syslog/SNMP
  • Virtualization & Automation: VMware vSphere/vCenter, Python/Ansible
  • Timing/Perf: NTP/PTP, PMTUD/MTU validation
group id: cxjudgpa
R
Recruiter
Find The Judge Group on Social Media
FacebookFacebookInstagramInstagramXXother imageOther
Network Employers
user avatar
About Us
The Judge Group is an international leader in talent solutions that specializes in bridging technology talent gaps. Judge Technical Services, a Judge company, participates in the National Industrial Security Program and can obtain, maintain and service clearances up to and including Top Secret. For decades, Judge has worked with clients across all aspects of the government, aerospace and defense, and commercial sectors. Our greatest asset is the talent we work with.
See The Judge Group profile

The Judge Group Jobs

Job Category
IT - Hardware
Clearance Level
Secret