Posted today
Unspecified
Unspecified
IT - Networking
University of Maryland, MD (On/Off-Site)
Organization's Summary Statement: The Applied Research Laboratory for Intelligence and Security (ARLIS) at the University of Maryland conducts interdisciplinary research in support of the U.S. Intelligence Community and national security enterprise. ARLIS operates within a rigorous federal compliance environment, maintaining infrastructure and systems that meet CMMC, NIST 800-171, and FedRAMP requirements. The Lead IT Network Engineer will serve as a senior technical authority responsible for the design, implementation, and security of enterprise network infrastructure supporting classified and unclassified research operations, while fostering collaboration with academic researchers and federal sponsors.
Physical Demands: This position requires the ability to work in data center environments, including lifting and installing network equipment up to 50 pounds, working in confined spaces such as server racks and wiring closets, and performing tasks that may require standing, bending, or reaching for extended periods. Occasional travel to off-site facilities and sponsor locations may be required. The position may require work outside standard business hours to perform maintenance or respond to critical incidents.
Preferences: Prior experience supporting research or academic computing environments with federal security requirements is highly desirable. Candidates with demonstrated expertise in Palo Alto Networks firewalls, Azure GCC HIGH or government cloud environments, and software-defined networking technologies will receive priority consideration. Experience with post-quantum cryptography implementations and FIPS-validated solutions is valued. Familiarity with the Intelligence Community's technical requirements and working relationships with IC sponsors is advantageous.
Licenses/Certifications:
Required: Ability to obtain and maintain a U.S. Government security clearance at the Top-Secret level or higher.
Preferred: CCNP or CCIE certification, Palo Alto Networks Certified Network Security Engineer (PCNSE), and cloud security certifications such as AZ-500 or CCSP.
Education: A Bachelor's degree in Computer Science, Information Technology, Network Engineering, Cybersecurity, or a closely related field is required. A Master's degree in a relevant discipline may substitute for one year of experience. Equivalent combinations of education and professional experience demonstrating the required competencies will be considered.
Experience: A minimum of seven years of progressive experience in enterprise network engineering is required, with at least three years in a senior or lead capacity. The candidate must demonstrate hands-on experience designing and operating complex network architectures including LAN, WAN, SD-WAN, and VPN technologies. Direct experience implementing and maintaining network infrastructure within federal compliance frameworks such as NIST 800-171, CMMC, or FedRAMP is essential. Prior work in higher education, federally funded research laboratories, or Department of Defense environments is strongly preferred.
Other: U.S. citizenship is required due to the nature of the work and federal sponsor requirements. The selected candidate must successfully complete a background investigation and obtain the appropriate security clearance. This position may require access to classified information and facilities. The incumbent will participate in an on-call rotation for critical infrastructure support.
KNOWLEDGE, SKILLS, & ABILITIES
Technical Knowledge: The successful candidate must possess expert-level knowledge of network protocols, routing, and switching technologies including OSPF, BGP, VLANs, and MPLS. Deep familiarity with next-generation firewall platforms—particularly Palo Alto Networks—including policy configuration, threat prevention, GlobalProtect VPN, and Panorama management is required. The candidate should understand Zero Trust Architecture principles and their application in high-security environments. Knowledge of federal compliance frameworks including NIST 800-53, NIST 800-171, CMMC, and FedRAMP control families as they pertain to network infrastructure is essential. Familiarity with Azure networking services in government cloud environments (GCC HIGH), including virtual networks, ExpressRoute, and network security groups, is expected.
Technical Skills: The Lead Engineer must demonstrate proficiency in network monitoring, analysis, and troubleshooting using tools such as Wireshark, NetFlow analyzers, and SNMP-based platforms. Experience with infrastructure-as-code and automation using Terraform, Ansible, or Python scripting for network configuration management is required. The candidate should possess skills in network segmentation strategies for protecting sensitive research data and implementing micro segmentation. Competency in PKI, certificate management, and cryptographic implementations—including awareness of post-quantum cryptographic considerations—is valued. Experience integrating network infrastructure with SIEM platforms and security operations workflows is expected.
Leadership & Communication Abilities: The position requires the ability to lead technical projects from conception through implementation while coordinating with cross-functional teams including system administrators, security analysts, and research computing staff. The candidate must communicate complex technical concepts effectively to both technical and non-technical stakeholders, including faculty researchers and federal sponsors. Strong documentation skills are essential for maintaining network diagrams, standard operating procedures, and compliance artifacts. The Lead Engineer will mentor junior network engineers and contribute to workforce development initiatives. The ability to manage vendor relationships, evaluate emerging technologies, and make strategic infrastructure recommendations to leadership is expected.
Interpersonal & Organizational Abilities: The candidate must demonstrate sound judgment in balancing security requirements with the operational needs of a dynamic research environment. The ability to work independently while maintaining alignment with organizational objectives is required. The Lead Engineer should exhibit a commitment to continuous learning and professional development in a rapidly evolving technical landscape. A collaborative approach to problem-solving and a willingness to support the broader mission of advancing national security research are essential qualities for success in this role.
Physical Demands: This position requires the ability to work in data center environments, including lifting and installing network equipment up to 50 pounds, working in confined spaces such as server racks and wiring closets, and performing tasks that may require standing, bending, or reaching for extended periods. Occasional travel to off-site facilities and sponsor locations may be required. The position may require work outside standard business hours to perform maintenance or respond to critical incidents.
Preferences: Prior experience supporting research or academic computing environments with federal security requirements is highly desirable. Candidates with demonstrated expertise in Palo Alto Networks firewalls, Azure GCC HIGH or government cloud environments, and software-defined networking technologies will receive priority consideration. Experience with post-quantum cryptography implementations and FIPS-validated solutions is valued. Familiarity with the Intelligence Community's technical requirements and working relationships with IC sponsors is advantageous.
Licenses/Certifications:
Required: Ability to obtain and maintain a U.S. Government security clearance at the Top-Secret level or higher.
Preferred: CCNP or CCIE certification, Palo Alto Networks Certified Network Security Engineer (PCNSE), and cloud security certifications such as AZ-500 or CCSP.
Education: A Bachelor's degree in Computer Science, Information Technology, Network Engineering, Cybersecurity, or a closely related field is required. A Master's degree in a relevant discipline may substitute for one year of experience. Equivalent combinations of education and professional experience demonstrating the required competencies will be considered.
Experience: A minimum of seven years of progressive experience in enterprise network engineering is required, with at least three years in a senior or lead capacity. The candidate must demonstrate hands-on experience designing and operating complex network architectures including LAN, WAN, SD-WAN, and VPN technologies. Direct experience implementing and maintaining network infrastructure within federal compliance frameworks such as NIST 800-171, CMMC, or FedRAMP is essential. Prior work in higher education, federally funded research laboratories, or Department of Defense environments is strongly preferred.
Other: U.S. citizenship is required due to the nature of the work and federal sponsor requirements. The selected candidate must successfully complete a background investigation and obtain the appropriate security clearance. This position may require access to classified information and facilities. The incumbent will participate in an on-call rotation for critical infrastructure support.
KNOWLEDGE, SKILLS, & ABILITIES
Technical Knowledge: The successful candidate must possess expert-level knowledge of network protocols, routing, and switching technologies including OSPF, BGP, VLANs, and MPLS. Deep familiarity with next-generation firewall platforms—particularly Palo Alto Networks—including policy configuration, threat prevention, GlobalProtect VPN, and Panorama management is required. The candidate should understand Zero Trust Architecture principles and their application in high-security environments. Knowledge of federal compliance frameworks including NIST 800-53, NIST 800-171, CMMC, and FedRAMP control families as they pertain to network infrastructure is essential. Familiarity with Azure networking services in government cloud environments (GCC HIGH), including virtual networks, ExpressRoute, and network security groups, is expected.
Technical Skills: The Lead Engineer must demonstrate proficiency in network monitoring, analysis, and troubleshooting using tools such as Wireshark, NetFlow analyzers, and SNMP-based platforms. Experience with infrastructure-as-code and automation using Terraform, Ansible, or Python scripting for network configuration management is required. The candidate should possess skills in network segmentation strategies for protecting sensitive research data and implementing micro segmentation. Competency in PKI, certificate management, and cryptographic implementations—including awareness of post-quantum cryptographic considerations—is valued. Experience integrating network infrastructure with SIEM platforms and security operations workflows is expected.
Leadership & Communication Abilities: The position requires the ability to lead technical projects from conception through implementation while coordinating with cross-functional teams including system administrators, security analysts, and research computing staff. The candidate must communicate complex technical concepts effectively to both technical and non-technical stakeholders, including faculty researchers and federal sponsors. Strong documentation skills are essential for maintaining network diagrams, standard operating procedures, and compliance artifacts. The Lead Engineer will mentor junior network engineers and contribute to workforce development initiatives. The ability to manage vendor relationships, evaluate emerging technologies, and make strategic infrastructure recommendations to leadership is expected.
Interpersonal & Organizational Abilities: The candidate must demonstrate sound judgment in balancing security requirements with the operational needs of a dynamic research environment. The ability to work independently while maintaining alignment with organizational objectives is required. The Lead Engineer should exhibit a commitment to continuous learning and professional development in a rapidly evolving technical landscape. A collaborative approach to problem-solving and a willingness to support the broader mission of advancing national security research are essential qualities for success in this role.
group id: 91122244
