Sr. Network Security Engineer III

Description:
Onsite in Washington, DC

The Sr. Network Security Engineer III will secure and harden mission-critical enterprise networks for our client within a federal environment. The role will design and manage firewalls, VPNs, IDS/IPS, and NAC, enforce segmentation, and support incident response. The engineer will act as a hands-on subject matter expert, communicate risk to diverse stakeholders, and enable secure mission delivery across the organization.

This is a full-time, permanent opportunity, offering a competitive salary and comprehensive benefits package. Qualified applicants must be willing and able to work on a w2 basis.

Salary: $230,000 - $290,000/ yr. w2

Responsibilities:

• Design, implement, and manage firewalls, VPNs, IPS, and NAC solutions in mission-critical environments.
• Secure network perimeters and internal network segments using defense-in-depth strategies.
• Respond rapidly to security incidents, vulnerabilities, and operational needs with urgency and discipline.
• Support continuous security hardening and improvement of network infrastructure.
• Participate in Agile execution, technical planning, and security risk discussions.
• Communicate security impacts, risks, and mitigation strategies clearly to technical and non-technical stakeholders.
• Recommend and implement security architecture and operational improvements.
• Serve as a hands-on technical SME, contributing immediately with minimal ramp-up.
• Establish and maintain a high level of customer trust and confidence through reliable, secure delivery.
• Apply creativity and engineering judgment to deliver practical, mission-focused security solutions.
• Design, implement, and manage next-generation firewalls, VPN solutions, intrusion prevention systems, and network access control platforms.
• Secure network perimeters and internal segments, including policy design, segmentation, and threat mitigation.
• Deploy and manage firewall rule sets, VPN tunnels, and security policies in mission-critical environments.
• Operate at least one enterprise security platform, such as Palo Alto Networks, Fortinet, or Cisco security technologies.
• Administer Cisco ISE and Cisco ASA environments.
• Implement and manage IDS and IPS solutions and endpoint configuration hardening in secure environments.
• Support Zero Trust architectures and identity-centric network security patterns.
• Contribute immediately with minimal ramp-up in a mission-critical operational environment.

Experience Requirements:

• Active Top Secret security clearance with SCI eligibility.
• Security+ and at least one platform-specific security certification such as PCNSE, Fortinet NSE, or a Cisco security certification.
• DoD 8140 certification aligned to the 441 Network Operations Specialist work role, such as Network+, Security+, Cloud+, SSCP, CASP+, CISSP, or CCNP Security.
• 10+ years of network engineering experience focused on enterprise network security infrastructure.
• Expertise designing, implementing, and managing next-generation firewalls, VPN solutions, intrusion prevention systems, and network access control platforms.
• Hands-on experience securing network perimeters and internal segments, including policy design, segmentation, and threat mitigation.
• Operational experience deploying and managing firewall rule sets, VPN tunnels, and security policies in mission-critical environments.
• Hands-on experience with at least one enterprise security platform, such as Palo Alto Networks, Fortinet, or Cisco security technologies.
• Hands-on experience with Cisco ISE and Cisco ASA environments.
• Hands-on experience with IDS and IPS solutions and endpoint configuration hardening in secure environments.
• Experience supporting Zero Trust architectures and identity-centric network security patterns.
• Ability to contribute immediately with minimal ramp-up in a mission-critical operational environment.
• Willingness to serve as essential personnel to support continuity of operations during shutdowns, emergencies, or other critical situations.

Education Requirements:

• Bachelor's degree in a technical field preferred.
• Security+ certification.
• Platform-specific security certification such as PCNSE, Fortinet NSE, or a Cisco security certification.
• DoD 8140-aligned certification such as Network+, Security+, Cloud+, SSCP, CASP+, CISSP, or CCNP Security.
• Active Top Secret with SCI eligibility security clearance.