Posted today
Top Secret
Senior Level Career (10+ yrs experience)
$107,900 - $175,050
IT - Networking
Lorton, VA (On-Site/Office)
Cyber Network Engineer
Location: Lorton, Virginia
Remote Type: No Remote
Clearance: Top Secret/SCI
Pay Range $107,900.00 - $175,050.00
Primary Responsibilities
The Network Engineer (with a strong security background) is responsible for designing, implementing, and maintaining secure, highly available network infrastructure in support of the Department of Homeland Security. This role blends traditional network engineering (routing, switching, wireless, WAN) with hands-on security responsibilities, including firewall management, VPN design, network segmentation, and support for vulnerability management and compliance activities.
The ideal candidate has deep experience with Cisco-based enterprise networking and Palo Alto next-generation firewalls, is comfortable in complex, mission-critical environments, and collaborates closely with cybersecurity, systems engineering, and operations teams.
Implement and maintain secure network architectures (e.g., segmentation, zoning, DMZs, zero-trust-aligned designs) in accordance with organizational policies and industry best practices.
Support vulnerability management efforts by assisting with scans, reviewing network-related findings, and implementing remediation (e.g., ACL changes, firewall rule updates, network device patching).
Monitor network performance, availability, and security using enterprise monitoring tools; identify and resolve issues proactively.
Create and maintain network documentation, including diagrams, IP address management, configuration baselines, and SOPs.
Collaborate with cybersecurity, systems, and application teams to ensure network designs support security, performance, and scalability requirements.
Participate in incident response activities involving network components (e.g., traffic captures, log analysis, isolation/containment actions).
Assist with audits and compliance activities by providing network configurations, evidence, and technical explanations as needed.
Maintain all Body of Evidence (BOE) documentation for which they are the prime author for the duration of the contract. The Contractor shall update the documentation to correspond with product updates released in response to software updates and patches. The Contractor shall document all changes to the security posture of the system and provide those documents to the government for review and approval.
Basic Qualifications
Bachelor’s degree in Information Technology, Computer Science, Engineering, or related field and 8+ years of experience; or additional equivalent combination of education and experience may be considered in lieu of a degree.
US Citizen, An active TS/SCI security clearance is required.
5–8+ years of hands-on experience as a Network Engineer (or similar role) supporting enterprise networks.
Strong experience with Cisco routing and switching (e.g., BGP, OSPF, EIGRP, VLANs, STP, EtherChannel, QoS) in medium-to-large enterprise environments.
Demonstrated experience managing Palo Alto next-generation firewalls (including security policies, NAT, VPNs, and Panorama) and Cisco firewall/VPN solutions (e.g., ASA, Firepower).
Solid understanding of network security concepts: segmentation, least privilege, zero trust principles, IDS/IPS, NAC, and secure remote access.
Familiarity with vulnerability management tools and processes, and the ability to interpret and act on scan results related to network devices.
Experience with network monitoring and logging tools (e.g., SolarWinds, Splunk, ELK, or similar).
Strong troubleshooting skills across OSI layers 1–7, including packet capture and analysis (e.g., Wireshark).
Excellent written and verbal communication skills, with the ability to document and explain complex technical topics to both technical and non-technical stakeholders.
Preferred Qualifications
Current industry certifications such as Cisco CCNA/CCNP, Palo Alto PCNSA/PCNSE, Network+, Security+, CySA+, CISSP, or equivalent.
Experience working in regulated or compliance-driven environments (e.g., FISMA, FedRAMP, NIST 800-53, HIPAA, PCI-DSS, etc.).
Experience supporting hybrid or cloud environments (e.g., AWS, Azure, GCP) including cloud networking and security services (VPCs, security groups, transit gateways, etc.).
Experience with automation and scripting for network tasks (e.g., Python, Ansible, PowerShell).
Experience with Zero Trust architecture and modern identity-centric security models.
Location: Lorton, Virginia
Remote Type: No Remote
Clearance: Top Secret/SCI
Pay Range $107,900.00 - $175,050.00
Primary Responsibilities
The Network Engineer (with a strong security background) is responsible for designing, implementing, and maintaining secure, highly available network infrastructure in support of the Department of Homeland Security. This role blends traditional network engineering (routing, switching, wireless, WAN) with hands-on security responsibilities, including firewall management, VPN design, network segmentation, and support for vulnerability management and compliance activities.
The ideal candidate has deep experience with Cisco-based enterprise networking and Palo Alto next-generation firewalls, is comfortable in complex, mission-critical environments, and collaborates closely with cybersecurity, systems engineering, and operations teams.
Implement and maintain secure network architectures (e.g., segmentation, zoning, DMZs, zero-trust-aligned designs) in accordance with organizational policies and industry best practices.
Support vulnerability management efforts by assisting with scans, reviewing network-related findings, and implementing remediation (e.g., ACL changes, firewall rule updates, network device patching).
Monitor network performance, availability, and security using enterprise monitoring tools; identify and resolve issues proactively.
Create and maintain network documentation, including diagrams, IP address management, configuration baselines, and SOPs.
Collaborate with cybersecurity, systems, and application teams to ensure network designs support security, performance, and scalability requirements.
Participate in incident response activities involving network components (e.g., traffic captures, log analysis, isolation/containment actions).
Assist with audits and compliance activities by providing network configurations, evidence, and technical explanations as needed.
Maintain all Body of Evidence (BOE) documentation for which they are the prime author for the duration of the contract. The Contractor shall update the documentation to correspond with product updates released in response to software updates and patches. The Contractor shall document all changes to the security posture of the system and provide those documents to the government for review and approval.
Basic Qualifications
Bachelor’s degree in Information Technology, Computer Science, Engineering, or related field and 8+ years of experience; or additional equivalent combination of education and experience may be considered in lieu of a degree.
US Citizen, An active TS/SCI security clearance is required.
5–8+ years of hands-on experience as a Network Engineer (or similar role) supporting enterprise networks.
Strong experience with Cisco routing and switching (e.g., BGP, OSPF, EIGRP, VLANs, STP, EtherChannel, QoS) in medium-to-large enterprise environments.
Demonstrated experience managing Palo Alto next-generation firewalls (including security policies, NAT, VPNs, and Panorama) and Cisco firewall/VPN solutions (e.g., ASA, Firepower).
Solid understanding of network security concepts: segmentation, least privilege, zero trust principles, IDS/IPS, NAC, and secure remote access.
Familiarity with vulnerability management tools and processes, and the ability to interpret and act on scan results related to network devices.
Experience with network monitoring and logging tools (e.g., SolarWinds, Splunk, ELK, or similar).
Strong troubleshooting skills across OSI layers 1–7, including packet capture and analysis (e.g., Wireshark).
Excellent written and verbal communication skills, with the ability to document and explain complex technical topics to both technical and non-technical stakeholders.
Preferred Qualifications
Current industry certifications such as Cisco CCNA/CCNP, Palo Alto PCNSA/PCNSE, Network+, Security+, CySA+, CISSP, or equivalent.
Experience working in regulated or compliance-driven environments (e.g., FISMA, FedRAMP, NIST 800-53, HIPAA, PCI-DSS, etc.).
Experience supporting hybrid or cloud environments (e.g., AWS, Azure, GCP) including cloud networking and security services (VPCs, security groups, transit gateways, etc.).
Experience with automation and scripting for network tasks (e.g., Python, Ansible, PowerShell).
Experience with Zero Trust architecture and modern identity-centric security models.
group id: 10507520
