Job Requirements
Remote Washingtn, DC Alexandria, VA
Secret Polygraph not specified
Senior Level Career (10+ yrs experience)
Salary not specified
Join Premium to unlock estimated salaries 
Job Description
ROLE & RESPONSIBILITIES
The Senior Network Architect / Security Integration Engineer (SME) serves as the technical lead for the architecture, design, integration, testing, and deployment of Software Defined Networking (SDN), Zero Trust Architecture (ZTA), Software Defined Perimeter (SDP), and Micro-Segmentation capabilities within federal/DOD environments.
This role is responsible for translating mission requirements into secure, scalable network architectures while developing and enforcing advanced security policies that support Zero Trust initiatives. The position serves as the senior technical authority for software-defined networking, security segmentation, traffic flow analysis, policy engineering, endpoint validation, and enterprise integration activities.
The successful candidate will lead technical design efforts, develop test strategies, oversee engineering documentation, troubleshoot complex network and security issues, and coordinate directly with government stakeholders, engineering teams, cybersecurity personnel, and enterprise service owners.
Enterprise Architecture & Design
• Lead end-to-end design of SDN, ZTA, SDP, and micro-segmentation architectures across DoDIN and DHS enterprise environments
• Develop High-Level Designs (HLDs) and Low-Level Designs (LLDs) for software-defined networking and security environments
• Define network segmentation, policy enforcement, and Zero Trust security architectures
• Ensure interoperability with enterprise transport services, security infrastructure, and mission systems
• Translate mission requirements into secure, scalable, and supportable technical architectures
Software Defined Networking (SDN) Leadership
• Architect and guide deployment of software-defined networking solutions including Cisco SD-WAN, Cisco Software Defined Access (SDA), VMware NSX or equivalent technologies
• Define controller-based architectures, orchestration strategies, and policy frameworks
• Establish automation strategies using APIs, Ansible, Python, and Infrastructure-as-Code methodologies
• Drive standardization of templates, configurations, deployment models, and operational procedures
Zero Trust Architecture (ZTA) & Security Integration Leadership
• Lead design and implementation of Zero Trust Architecture capabilities across enterprise environments
• Architect Software Defined Perimeter (SDP) solutions utilizing AppGate or equivalent Zero Trust technologies
• Design and implement micro-segmentation architectures utilizing Illumio or equivalent segmentation platforms
• Develop security policies based on application dependencies, user identity, device posture, and mission requirements
• Translate cybersecurity requirements into enforceable security policies and access control models
• Analyze traffic flows and dependency mappings to create hardened least-privilege security architectures
• Integrate identity services, PKI infrastructure, certificates, authentication services, and access control mechanisms into Zero Trust environments
Test Plan Development & Validation Engineering
• Develop comprehensive technical test plans and endpoint validation strategies
• Establish security enforcement testing procedures and operational validation methodologies
• Lead lab testing, pilot deployments, and operational acceptance testing activities
• Validate segmentation boundaries, access control policies, and application dependency mappings
• Develop repeatable test frameworks supporting mission and operational use cases
Cybersecurity & Compliance
• Ensure designs align with Risk Management Framework (RMF), DISA STIG requirements, NIST Zero Trust Architecture guidance and DoD Cybersecurity policies
• Support Authorization to Operate (ATO) activities and accreditation efforts
• Integrate security controls including encryption, identity enforcement, segmentation, and policy management
• Support compliance documentation and security engineering reviews
• Coordinate firewall path validation, identity integrations, PKI services, and directory service dependencies
• Provide technical leadership during design reviews, IPT meetings, PMO syncs, and engineering reviews
Traffic Flow Analysis & Security Engineering
• Analyze live network traffic and application dependencies
• Develop dependency matrices and communication flow mappings
• Engineer highly accurate security policies based on observed application behavior
• Validate routing, switching, security, and authentication paths supporting enterprise applications
Advanced Troubleshooting & Operations Support
• Serve as Tier III escalation authority for SDN, SDP, and micro-segmentation deployments
• Utilize Wireshark and packet-level analysis to troubleshoot communication failures
• Diagnose routing issues, policy conflicts, firewall enforcement problems, authentication failures, and application connectivity issues
• Validate client-to-controller communication paths and security policy enforcement mechanisms
Technical Leadership & Delivery Excellence
• Serve as lead architect across programs, projects, and task orders
• Mentor engineers and provide technical oversight for implementation teams
• Validate solutions in lab environments, integration facilities, and operational test environments
• Drive delivery discipline ensuring architectures are executable, supportable, secure, and scalable
Documentation & Governance
• Produce and maintain:
Architecture diagrams
High-Level Designs (HLD)
Low-Level Designs (LLD)
Test plans
Validation plans
Security policy documentation
Technical implementation plans
• Review and approve engineering artifacts generated during pilots and production deployments
• Support Configuration Control Boards (CCB) and Engineering Review Boards (ERB)
• Provide technical inputs to executive briefings and strategic planning efforts
Requirements
• Bachelor’s Degree in Engineering, Computer Science, Information Systems, Cybersecurity, or related field
• Master’s Degree preferred
• 10+ years of progressive experience supporting enterprise networking, cybersecurity environments and firewall technologies
• 5+ years designing or implementing Software Defined Networking (SDN), Zero Trust Architecture (ZTA) and Enterprise Security Architectures
• Experience supporting federal regulated enterprise environments; ability to work in secure DoDIN environments required
• Active Secret clearance or higher
Technical Requirements
Deep expertise in:
• Routing and Switching (BGP, OSPF, MPLS)
• Layer 2 and Layer 3 network architectures
• Network segmentation and security architecture
• Stateful firewalls and policy enforcement
• Zero Trust Architecture
• Software Defined Perimeter concepts
• Micro-segmentation architectures
• PKI and certificate-based authentication
• Active Directory and LDAP integration
• Wireshark or equivalent packet capture and analysis tools
• Automation (Ansible, Python, REST APIs)
• VMware environments
• AWS GovCloud
• Microsoft Azure Government
• Infrastructure orchestration technologies
• Hands-on experience with Cisco SD-WAN, Cisco SDA, Cisco ISE, Firepower (FTD), Palo Alto, or equivalent firewall platforms
Preferred Skills
• Experience supporting large-scale SD-WAN deployments
• Experience implementing Zero Trust initiatives within federal environments
• Experience with AppGate, Illumio, Guardicore, Zscaler, or equivalent technologies
• Experience developing micro-segmentation policies from application dependency mapping
• Experience supporting federal C5I environments
• Experience in lab-based integration and validation environments
Required Certifications
• Cisco Certified Network Professional (CCNP Enterprise or Security)
• CompTIA Security+
Preferred Certifications
• Cisco CCIE Enterprise Infrastructure
• Cisco CCIE Security
• CISSP
• VMware VCP-NV
• Zero Trust Architecture or similar
Work Environment
• Hybrid work environment with some travel to customer and integration lab locations as required
• Participation in after-hours maintenance windows, cutovers, and incident response activities as required
The Senior Network Architect / Security Integration Engineer (SME) serves as the technical lead for the architecture, design, integration, testing, and deployment of Software Defined Networking (SDN), Zero Trust Architecture (ZTA), Software Defined Perimeter (SDP), and Micro-Segmentation capabilities within federal/DOD environments.
This role is responsible for translating mission requirements into secure, scalable network architectures while developing and enforcing advanced security policies that support Zero Trust initiatives. The position serves as the senior technical authority for software-defined networking, security segmentation, traffic flow analysis, policy engineering, endpoint validation, and enterprise integration activities.
The successful candidate will lead technical design efforts, develop test strategies, oversee engineering documentation, troubleshoot complex network and security issues, and coordinate directly with government stakeholders, engineering teams, cybersecurity personnel, and enterprise service owners.
Enterprise Architecture & Design
• Lead end-to-end design of SDN, ZTA, SDP, and micro-segmentation architectures across DoDIN and DHS enterprise environments
• Develop High-Level Designs (HLDs) and Low-Level Designs (LLDs) for software-defined networking and security environments
• Define network segmentation, policy enforcement, and Zero Trust security architectures
• Ensure interoperability with enterprise transport services, security infrastructure, and mission systems
• Translate mission requirements into secure, scalable, and supportable technical architectures
Software Defined Networking (SDN) Leadership
• Architect and guide deployment of software-defined networking solutions including Cisco SD-WAN, Cisco Software Defined Access (SDA), VMware NSX or equivalent technologies
• Define controller-based architectures, orchestration strategies, and policy frameworks
• Establish automation strategies using APIs, Ansible, Python, and Infrastructure-as-Code methodologies
• Drive standardization of templates, configurations, deployment models, and operational procedures
Zero Trust Architecture (ZTA) & Security Integration Leadership
• Lead design and implementation of Zero Trust Architecture capabilities across enterprise environments
• Architect Software Defined Perimeter (SDP) solutions utilizing AppGate or equivalent Zero Trust technologies
• Design and implement micro-segmentation architectures utilizing Illumio or equivalent segmentation platforms
• Develop security policies based on application dependencies, user identity, device posture, and mission requirements
• Translate cybersecurity requirements into enforceable security policies and access control models
• Analyze traffic flows and dependency mappings to create hardened least-privilege security architectures
• Integrate identity services, PKI infrastructure, certificates, authentication services, and access control mechanisms into Zero Trust environments
Test Plan Development & Validation Engineering
• Develop comprehensive technical test plans and endpoint validation strategies
• Establish security enforcement testing procedures and operational validation methodologies
• Lead lab testing, pilot deployments, and operational acceptance testing activities
• Validate segmentation boundaries, access control policies, and application dependency mappings
• Develop repeatable test frameworks supporting mission and operational use cases
Cybersecurity & Compliance
• Ensure designs align with Risk Management Framework (RMF), DISA STIG requirements, NIST Zero Trust Architecture guidance and DoD Cybersecurity policies
• Support Authorization to Operate (ATO) activities and accreditation efforts
• Integrate security controls including encryption, identity enforcement, segmentation, and policy management
• Support compliance documentation and security engineering reviews
• Coordinate firewall path validation, identity integrations, PKI services, and directory service dependencies
• Provide technical leadership during design reviews, IPT meetings, PMO syncs, and engineering reviews
Traffic Flow Analysis & Security Engineering
• Analyze live network traffic and application dependencies
• Develop dependency matrices and communication flow mappings
• Engineer highly accurate security policies based on observed application behavior
• Validate routing, switching, security, and authentication paths supporting enterprise applications
Advanced Troubleshooting & Operations Support
• Serve as Tier III escalation authority for SDN, SDP, and micro-segmentation deployments
• Utilize Wireshark and packet-level analysis to troubleshoot communication failures
• Diagnose routing issues, policy conflicts, firewall enforcement problems, authentication failures, and application connectivity issues
• Validate client-to-controller communication paths and security policy enforcement mechanisms
Technical Leadership & Delivery Excellence
• Serve as lead architect across programs, projects, and task orders
• Mentor engineers and provide technical oversight for implementation teams
• Validate solutions in lab environments, integration facilities, and operational test environments
• Drive delivery discipline ensuring architectures are executable, supportable, secure, and scalable
Documentation & Governance
• Produce and maintain:
Architecture diagrams
High-Level Designs (HLD)
Low-Level Designs (LLD)
Test plans
Validation plans
Security policy documentation
Technical implementation plans
• Review and approve engineering artifacts generated during pilots and production deployments
• Support Configuration Control Boards (CCB) and Engineering Review Boards (ERB)
• Provide technical inputs to executive briefings and strategic planning efforts
Requirements
• Bachelor’s Degree in Engineering, Computer Science, Information Systems, Cybersecurity, or related field
• Master’s Degree preferred
• 10+ years of progressive experience supporting enterprise networking, cybersecurity environments and firewall technologies
• 5+ years designing or implementing Software Defined Networking (SDN), Zero Trust Architecture (ZTA) and Enterprise Security Architectures
• Experience supporting federal regulated enterprise environments; ability to work in secure DoDIN environments required
• Active Secret clearance or higher
Technical Requirements
Deep expertise in:
• Routing and Switching (BGP, OSPF, MPLS)
• Layer 2 and Layer 3 network architectures
• Network segmentation and security architecture
• Stateful firewalls and policy enforcement
• Zero Trust Architecture
• Software Defined Perimeter concepts
• Micro-segmentation architectures
• PKI and certificate-based authentication
• Active Directory and LDAP integration
• Wireshark or equivalent packet capture and analysis tools
• Automation (Ansible, Python, REST APIs)
• VMware environments
• AWS GovCloud
• Microsoft Azure Government
• Infrastructure orchestration technologies
• Hands-on experience with Cisco SD-WAN, Cisco SDA, Cisco ISE, Firepower (FTD), Palo Alto, or equivalent firewall platforms
Preferred Skills
• Experience supporting large-scale SD-WAN deployments
• Experience implementing Zero Trust initiatives within federal environments
• Experience with AppGate, Illumio, Guardicore, Zscaler, or equivalent technologies
• Experience developing micro-segmentation policies from application dependency mapping
• Experience supporting federal C5I environments
• Experience in lab-based integration and validation environments
Required Certifications
• Cisco Certified Network Professional (CCNP Enterprise or Security)
• CompTIA Security+
Preferred Certifications
• Cisco CCIE Enterprise Infrastructure
• Cisco CCIE Security
• CISSP
• VMware VCP-NV
• Zero Trust Architecture or similar
Work Environment
• Hybrid work environment with some travel to customer and integration lab locations as required
• Participation in after-hours maintenance windows, cutovers, and incident response activities as required
group id: 91173057