Posted today
Top Secret/SCI
$85,800 - $180,200
Unspecified
IT - Hardware
Fort Bragg, NC (On-Site/Office)
Job Title: Senior Network Engineer SME - Service Delivery
Job Category: Information Technology
Time Type: Full time
Minimum Clearance Required to Start: TS/SCI
Employee Type: Regular
Percentage of Travel Required: Up to 25%
Type of Travel: Local
* * *
The Opportunity:
CACI is seeking a talented Senior Network Engineer SME who is quickly deployable to customer locations worldwide. As a member of the CACI Technical Service Delivery Team, you will be part of a global team of engineers supporting our customers remotely and/or at their premises during product deployment and operation phases of networking and network security products. You will be assisting with the design and deployment of secure communications architectures utilizing leading-edge IT technologies, with a particular emphasis on IPsec VPN solutions and Commercial Solutions for Classified (CSfC) implementations.
You will be responsible for deploying and troubleshooting IPsec-based VPN infrastructures supporting both site-to-site and remote access connectivity across classified and unclassified environments. You will implement CSfC-compliant solutions that leverage layered encryption to enable the secure transmission of classified information over customer infrastructure, ensuring compliance with NSA CSfC Capability Packages.
You will also be isolating and analyzing complex networking issues and providing solutions working with OEM vendors and customer teams. In this role, your team will be the technical implementation point of contact for our customers for all their service and deployment support needs as a subject matter expert in a high-impact and fast-paced environment. Ideal candidates should have excellent customer relationship skills with broad and solid networking knowledge to build a high-quality and long-lasting relationship with the customers and be the trusted technical advisor. This position requires up to 25% travel to customer sites worldwide, including OCONUS locations.
Responsibilities:
• Understand customer business and mission requirements and develop architecture and design documents for secure network solutions, including IPsec VPN topologies (hub-and-spoke, full-mesh, DMVPN, FlexVPN) and CSfC multi-vendor layered encryption architectures
• Design and document IPsec VPN solutions incorporating IKEv2 negotiation, ESP/AH encapsulation, perfect forward secrecy (PFS), and suite-B cryptographic algorithms (AES-256-GCM, SHA-384, ECDH P-384/P-521) in accordance with CNSA suite requirements
• Engineer CSfC solutions aligned with NSA Capability Packages (CPs), including Multi-Site Connectivity, Mobile Access, and Data at Rest, ensuring dual-layer encryption with inner and outer tunnel independence
• Develop and execute Proof of Concept and/or Deployment Acceptance test plans and test reports for CSfC implementations
• Develop implementation guides with configuration templates and deployment plans for customers deploying secure data center networking products
• Execute or assist customers in executing deployment plans for IPsec VPN infrastructures, including PKI/certificate-based authentication, RADIUS/TACACS+ integration, and centralized key management systems
• Deploy and configure CSfC solution components including inner layer encryption devices, outer layer VPN gateways, and associated key management infrastructure (KMI), ensuring compliance with CSfC registration and monitoring requirements
• Implement IPsec VPN solutions across multi-vendor environments (Cisco, Juniper, Palo Alto, Aruba, etc.), ensuring interoperability and adherence to RFC standards (RFC 7296, RFC 4303, RFC 4301)
• Configure and validate GRE-over-IPsec, VTI-based, and policy-based VPN tunnels supporting dynamic routing protocols (OSPF, BGP, EIGRP) over encrypted overlays
• Resolve complex technical issues as a product expert working with Customer Network Operation Center Engineers, as well as with OEM partner Escalation and Development Engineers
• Troubleshoot IPsec VPN connectivity issues including IKE Phase 1/Phase 2 negotiation failures, NAT-Traversal complications, MTU/fragmentation issues, and cryptographic mismatch conditions
• Diagnose CSfC solution failures across inner and outer encryption layers, identify component-level root causes
Qualifications:
Required:
Desired:
-
What You Can Expect:
A culture of integrity.
At CACI, we place character and innovation at the center of everything we do. As a valued team member, you'll be part of a high-performing group dedicated to our customer's missions and driven by a higher purpose - to ensure the safety of our nation.
An environment of trust.
CACI values the unique contributions that every employee brings to our company and our customers - every day. You'll have the autonomy to take the time you need through a unique flexible time off benefit and have access to robust learning resources to make your ambitions a reality.
A focus on continuous growth.
Together, we will advance our nation's most critical missions, build on our lengthy track record of business success, and find opportunities to break new ground - in your career and in our legacy.
Pay Range :
There are a host of factors that can influence final salary including, but not limited to, geographic location, Federal Government contract labor categories and contract wage rates, relevant prior work experience, specific skills and competencies, education, and certifications. Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives. We offer competitive compensation, benefits and learning and development opportunities. Our broad and competitive mix of benefits options is designed to support and protect employees and their families. At CACI, you will receive comprehensive benefits such as; healthcare, wellness, financial, retirement, family support, continuing education, and time off benefits.
The proposed salary range for this position is:
$85,800 - $180,200
CACI is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, age, national origin, disability, status as a protected veteran, or any other protected characteristic.
Job Category: Information Technology
Time Type: Full time
Minimum Clearance Required to Start: TS/SCI
Employee Type: Regular
Percentage of Travel Required: Up to 25%
Type of Travel: Local
* * *
The Opportunity:
CACI is seeking a talented Senior Network Engineer SME who is quickly deployable to customer locations worldwide. As a member of the CACI Technical Service Delivery Team, you will be part of a global team of engineers supporting our customers remotely and/or at their premises during product deployment and operation phases of networking and network security products. You will be assisting with the design and deployment of secure communications architectures utilizing leading-edge IT technologies, with a particular emphasis on IPsec VPN solutions and Commercial Solutions for Classified (CSfC) implementations.
You will be responsible for deploying and troubleshooting IPsec-based VPN infrastructures supporting both site-to-site and remote access connectivity across classified and unclassified environments. You will implement CSfC-compliant solutions that leverage layered encryption to enable the secure transmission of classified information over customer infrastructure, ensuring compliance with NSA CSfC Capability Packages.
You will also be isolating and analyzing complex networking issues and providing solutions working with OEM vendors and customer teams. In this role, your team will be the technical implementation point of contact for our customers for all their service and deployment support needs as a subject matter expert in a high-impact and fast-paced environment. Ideal candidates should have excellent customer relationship skills with broad and solid networking knowledge to build a high-quality and long-lasting relationship with the customers and be the trusted technical advisor. This position requires up to 25% travel to customer sites worldwide, including OCONUS locations.
Responsibilities:
• Understand customer business and mission requirements and develop architecture and design documents for secure network solutions, including IPsec VPN topologies (hub-and-spoke, full-mesh, DMVPN, FlexVPN) and CSfC multi-vendor layered encryption architectures
• Design and document IPsec VPN solutions incorporating IKEv2 negotiation, ESP/AH encapsulation, perfect forward secrecy (PFS), and suite-B cryptographic algorithms (AES-256-GCM, SHA-384, ECDH P-384/P-521) in accordance with CNSA suite requirements
• Engineer CSfC solutions aligned with NSA Capability Packages (CPs), including Multi-Site Connectivity, Mobile Access, and Data at Rest, ensuring dual-layer encryption with inner and outer tunnel independence
• Develop and execute Proof of Concept and/or Deployment Acceptance test plans and test reports for CSfC implementations
• Develop implementation guides with configuration templates and deployment plans for customers deploying secure data center networking products
• Execute or assist customers in executing deployment plans for IPsec VPN infrastructures, including PKI/certificate-based authentication, RADIUS/TACACS+ integration, and centralized key management systems
• Deploy and configure CSfC solution components including inner layer encryption devices, outer layer VPN gateways, and associated key management infrastructure (KMI), ensuring compliance with CSfC registration and monitoring requirements
• Implement IPsec VPN solutions across multi-vendor environments (Cisco, Juniper, Palo Alto, Aruba, etc.), ensuring interoperability and adherence to RFC standards (RFC 7296, RFC 4303, RFC 4301)
• Configure and validate GRE-over-IPsec, VTI-based, and policy-based VPN tunnels supporting dynamic routing protocols (OSPF, BGP, EIGRP) over encrypted overlays
• Resolve complex technical issues as a product expert working with Customer Network Operation Center Engineers, as well as with OEM partner Escalation and Development Engineers
• Troubleshoot IPsec VPN connectivity issues including IKE Phase 1/Phase 2 negotiation failures, NAT-Traversal complications, MTU/fragmentation issues, and cryptographic mismatch conditions
• Diagnose CSfC solution failures across inner and outer encryption layers, identify component-level root causes
Qualifications:
Required:
- Active TS/SCI security clearance
- Prior military or DoD civilian experience with tactical or strategic network communications systems
- Cisco CCNA and Security+ CE, or equivalent industry certifications
- 7+ years of progressive experience in enterprise network engineering with a focus on secure communications and VPN technologies
- Deep hands-on experience with IPsec VPN design, deployment, and troubleshooting across multi-vendor platforms (Cisco, Juniper, Palo Alto, Fortinet)
- Strong understanding of IKEv1/IKEv2 protocols, ESP/AH encapsulation modes, cryptographic suites (including Suite B/CNSA), and PKI-based certificate authentication
Desired:
- CCNP Security, CCIE (Security or Enterprise Infrastructure), JNCIS-SEC, PCNSE, or equivalent industry certifications
- NSA CSfC Trusted Integrator experience or certification
- Experience with DISA STIGs and DoD network security compliance requirements
- Familiarity with SD-WAN overlay architectures and their integration with IPsec-based WAN encryption
- Experience with zero-trust network architectures and micro-segmentation strategies
-
What You Can Expect:
A culture of integrity.
At CACI, we place character and innovation at the center of everything we do. As a valued team member, you'll be part of a high-performing group dedicated to our customer's missions and driven by a higher purpose - to ensure the safety of our nation.
An environment of trust.
CACI values the unique contributions that every employee brings to our company and our customers - every day. You'll have the autonomy to take the time you need through a unique flexible time off benefit and have access to robust learning resources to make your ambitions a reality.
A focus on continuous growth.
Together, we will advance our nation's most critical missions, build on our lengthy track record of business success, and find opportunities to break new ground - in your career and in our legacy.
Pay Range :
There are a host of factors that can influence final salary including, but not limited to, geographic location, Federal Government contract labor categories and contract wage rates, relevant prior work experience, specific skills and competencies, education, and certifications. Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives. We offer competitive compensation, benefits and learning and development opportunities. Our broad and competitive mix of benefits options is designed to support and protect employees and their families. At CACI, you will receive comprehensive benefits such as; healthcare, wellness, financial, retirement, family support, continuing education, and time off benefits.
The proposed salary range for this position is:
$85,800 - $180,200
CACI is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, age, national origin, disability, status as a protected veteran, or any other protected characteristic.
group id: caci
N
CACI Careers – Your potential is limitless. So is ours.
