Job Requirements
Washington, DC
Secret Polygraph not specified
Mid Level Career (5+ yrs experience)
$145,000 - $147,000
Job Description
Title: Cloud Network Engineer (Network SME), DoD AWS GovCloud — Secret Clearance
Summary
We need a builder, not a ticket-closer. You will stand up and own DoD network connectivity into AWS GovCloud, and you will be the person the program leans on when a BCAP cutover has to go right the first time. This is hands-on, end to end, and it carries real ownership.
What you will own
The BCAP cutover from planning through execution, including coordination with DISA where required.
Route table topology across the Inspection, Egress, and Perimeter VPCs, plus any Transit Gateway route table changes needed to bring new workload accounts online.
DISA SNAP submissions and NIPRNet IP block assignment using DISA-issued /24 ranges.
Connectivity design and trade-off calls across BCAP, Direct Connect, and Transit Gateway routing patterns, including when to reach for DXGW versus VGW.
AWS Network Firewall configuration, which means authoring Suricata rules and tuning stateful inspection for both east-west and north-south traffic.
Required
Demonstrated, hands-on experience standing up DoD network connectivity into AWS GovCloud.
Working fluency across BCAP, Direct Connect, and Transit Gateway routing patterns.
Direct experience with DISA SNAP submissions and DISA-issued NIPRNet /24 assignment.
AWS Network Firewall depth: Suricata rule authoring and stateful east-west and north-south inspection.
A clear grasp of DXGW versus VGW trade-offs and when each one fits.
Strong plus
Familiarity with the DISA Cloud Permission to Connect (CPTC) workflow.
Exposure to JWCC-style pass-through architecture.
Summary
We need a builder, not a ticket-closer. You will stand up and own DoD network connectivity into AWS GovCloud, and you will be the person the program leans on when a BCAP cutover has to go right the first time. This is hands-on, end to end, and it carries real ownership.
What you will own
The BCAP cutover from planning through execution, including coordination with DISA where required.
Route table topology across the Inspection, Egress, and Perimeter VPCs, plus any Transit Gateway route table changes needed to bring new workload accounts online.
DISA SNAP submissions and NIPRNet IP block assignment using DISA-issued /24 ranges.
Connectivity design and trade-off calls across BCAP, Direct Connect, and Transit Gateway routing patterns, including when to reach for DXGW versus VGW.
AWS Network Firewall configuration, which means authoring Suricata rules and tuning stateful inspection for both east-west and north-south traffic.
Required
Demonstrated, hands-on experience standing up DoD network connectivity into AWS GovCloud.
Working fluency across BCAP, Direct Connect, and Transit Gateway routing patterns.
Direct experience with DISA SNAP submissions and DISA-issued NIPRNet /24 assignment.
AWS Network Firewall depth: Suricata rule authoring and stateful east-west and north-south inspection.
A clear grasp of DXGW versus VGW trade-offs and when each one fits.
Strong plus
Familiarity with the DISA Cloud Permission to Connect (CPTC) workflow.
Exposure to JWCC-style pass-through architecture.
group id: 90970085