Posted today
Unspecified
Mid Level Career (5+ yrs experience)
Unspecified
No Traveling
IT - Networking
Rochester, NY (On/Off-Site)
Secure Overlay / VPN Engineer
(Zero-Trust, NAT-Traversing Secure Connectivity)
Clearancejobs.com is currently seeking a Secure Overlay/VPN Engineer in Rochester, NY, Clifton, NJ, Columbia, MD Sunrise, FL ,San Diego.
The Secure Overlay / VPN Engineer designs, implements, and operates identity-based, encrypted network overlays that function reliably across NAT-restricted, mobile, and unreliable transport environments. This role focuses on secure peer discovery, tunnel establishment, and resilient traffic protection across radios, edge devices, and cloud gateways.
This position treats network security as software, not as traditional firewall rule administration.
If you would like the opportunity to build systems that automatically form, maintain, and recover secure connectivity in dynamic, distributed environments, then we want to speak to you!
Please apply!
Core Responsibilities
Design, implement, and maintain VPN gateways and peer-to-peer secure overlay networks
Support NAT traversal, VPN hole punching, and decentralized peer discovery mechanisms
Optimize encrypted tunnels for latency, jitter, packet loss, and intermittent connectivity
Manage cryptographic identities, including key generation, rotation, and certificate lifecycles
Ensure multicast and control-plane traffic can traverse encrypted overlays when required
Collaborate with SDN, routing, and platform teams to align overlay behavior with network and security policy
Troubleshoot complex overlay networking issues across heterogeneous transports and endpoints
Required Technical Expertise
VPN & Overlay Technologies
WireGuard (preferred)
StrongSwan / IPsec
Familiarity with ZeroTier / Tailscale architectural concepts
NAT Traversal & Connectivity
STUN / TURN / ICE fundamentals
UDP/TCP hole punching strategies
Experience operating across carrier-grade NAT, mobile networks, and constrained links
Security Fundamentals
Public key cryptography
Certificate-based authentication
Secure key management and automated rotation
Linux Networking
Network interface configuration and management
Routing behavior and policy-based routing
Understanding of firewall interactions with encrypted tunnels
Distributed Systems Thinking
Peer discovery and membership management
Failure detection and recovery
Autonomous reconnection and self-healing behaviors
Ideal Background
Secure communications platforms
Peer-to-peer or overlay networking systems
Telecommunications security engineering
Defense, government, or other regulated environments
What Success Looks Like
Secure overlays form automatically with minimal manual intervention
Connectivity survives NAT, mobility, and unstable transports
Cryptographic identity and trust are enforced consistently across the network
Overlay behavior aligns cleanly with routing, SDN, and security policy
No fields configured
Please contact your admin to configure this card
(Zero-Trust, NAT-Traversing Secure Connectivity)
Clearancejobs.com is currently seeking a Secure Overlay/VPN Engineer in Rochester, NY, Clifton, NJ, Columbia, MD Sunrise, FL ,San Diego.
The Secure Overlay / VPN Engineer designs, implements, and operates identity-based, encrypted network overlays that function reliably across NAT-restricted, mobile, and unreliable transport environments. This role focuses on secure peer discovery, tunnel establishment, and resilient traffic protection across radios, edge devices, and cloud gateways.
This position treats network security as software, not as traditional firewall rule administration.
If you would like the opportunity to build systems that automatically form, maintain, and recover secure connectivity in dynamic, distributed environments, then we want to speak to you!
Please apply!
Core Responsibilities
Design, implement, and maintain VPN gateways and peer-to-peer secure overlay networks
Support NAT traversal, VPN hole punching, and decentralized peer discovery mechanisms
Optimize encrypted tunnels for latency, jitter, packet loss, and intermittent connectivity
Manage cryptographic identities, including key generation, rotation, and certificate lifecycles
Ensure multicast and control-plane traffic can traverse encrypted overlays when required
Collaborate with SDN, routing, and platform teams to align overlay behavior with network and security policy
Troubleshoot complex overlay networking issues across heterogeneous transports and endpoints
Required Technical Expertise
VPN & Overlay Technologies
WireGuard (preferred)
StrongSwan / IPsec
Familiarity with ZeroTier / Tailscale architectural concepts
NAT Traversal & Connectivity
STUN / TURN / ICE fundamentals
UDP/TCP hole punching strategies
Experience operating across carrier-grade NAT, mobile networks, and constrained links
Security Fundamentals
Public key cryptography
Certificate-based authentication
Secure key management and automated rotation
Linux Networking
Network interface configuration and management
Routing behavior and policy-based routing
Understanding of firewall interactions with encrypted tunnels
Distributed Systems Thinking
Peer discovery and membership management
Failure detection and recovery
Autonomous reconnection and self-healing behaviors
Ideal Background
Secure communications platforms
Peer-to-peer or overlay networking systems
Telecommunications security engineering
Defense, government, or other regulated environments
What Success Looks Like
Secure overlays form automatically with minimal manual intervention
Connectivity survives NAT, mobility, and unstable transports
Cryptographic identity and trust are enforced consistently across the network
Overlay behavior aligns cleanly with routing, SDN, and security policy
No fields configured
Please contact your admin to configure this card
group id: ClearanceJobsSC
