Job Requirements
Chantilly, VA
Top Secret/SCI CI Polygraph
Mid Level Career (5+ yrs experience)
Salary not specified
Join Premium to unlock estimated salaries 
Job Description
Position Summary
The Campus & WAN Firewall Engineer is a senior-level security routing and infrastructure specialist responsible for the architectural design, implementation, and steady-state optimization of network security controls across a large-scale Wide Area Network (WAN) and enterprise campus environment. This role specializes in managing high-throughput firewall deployments that enforce zero-trust boundary controls across heavily segmented networks containing numerous Virtual Routing and Forwarding (VRF) instances.
The ideal candidate bridges the gap between deep network engineering and advanced perimeter defense, possessing extensive hands-on experience interfacing enterprise firewalls with Juniper or Cisco routing platforms via dynamic routing protocols. The engineer ensures that security boundaries are strictly maintained without compromising high-performance WAN throughput, resiliency, or enterprise-grade network availability.
Essential Duties and Responsibilities
Multi-VRF & WAN Security Architecture: Design, configure, and maintain Next-Generation Firewall (NGFW) policies mapped across highly complex, multi-tenant network infrastructures utilizing multiple VRFs and secure logical systems.
Routing infrastructure Integration: Establish, troubleshoot, and optimize secure dynamic routing adjacencies (including BGP, OSPF, and MP-BGP) directly between security appliances and Juniper or Cisco core/edge routers.
Perimeter Policy & Rule Engineering: Construct, audit, and systematically prune centralized firewall rule sets, complex NAT pools, and advanced security profiles to prevent inter-VRF leakage while enabling legitimate cross-boundary application traffic.
Enterprise Security Platform Management: Oversee the lifecycle management, patching, and policy deployment of distributed Forcepoint and Palo Alto firewall estates utilizing vendor centralized management systems.
Advanced Traffic Analysis & Inter-VRF Troubleshooting: Perform high-level packet analysis, deep-packet inspections (DPI), and trace-route diagnostics across complex transit VRFs to isolate and resolve advanced network connectivity, performance drops, or asymmetric routing anomalies.
Secure Encapsulation & Tunneling: Architect and maintain scalable, high-throughput site-to-site VPN networks, GRE tunnels, and IPsec implementations over the WAN fabric to safeguard remote locations and critical datalink infrastructures.
Vulnerability & Compliance Audits: Ensure the perimeter defense framework complies with strict federal and organizational guidelines, leading efforts in security posture audits, config hardening, and log delivery configurations into SIEM engines.
Required Qualifications
Clearance: TS//SCI with CI Poly preferred
Education: Bachelor's degree in Computer Science, Cybersecurity, Network Engineering, Information Technology, or a related technical field; or an equivalent combination of education and professional experience.
Experience: 5–8 years of specialized enterprise networking experience focused heavily on firewall administration, WAN engineering, and multi-tenant segmentation.
Mandatory Professional-Level Certification Requirement:
Must hold at least one of the following professional certifications:
Palo Alto Networks Certified Network Security Engineer (PCNSE) or Palo Alto Networks Certified Network Security Professional (PCNSP).
Forcepoint Next Generation Firewall (NGFW) System Engineer or Forcepoint NGFW Advanced Network Operations Specialist.
Required Technical Skills:
Routing & Switching: Expert-level knowledge of advanced routing mechanics over WAN environments, including VRF-lite, MPLS, MP-BGP, OSPF, and strict path-isolation techniques.
Hardware Interfacing: Hands-on competency configuring, monitoring, and operating Juniper Junos OS or Cisco IOS/IOS-XE/NX-OS routing environments alongside enterprise security appliances.
Security Toolsets: Deep technical command over Intrusion Detection/Prevention Systems (IDS/IPS), Network Access Control (NAC), SSL decryption, and granular application identification policies.
Diagnostics: Advanced proficiency using Wireshark, tcpdump, and enterprise logging fabrics (e.g., Splunk, Panorama, Forcepoint SMC) to trace packet flow across multi-layered routing zones.
Preferred Qualifications
Professional-level Cisco or Juniper networking certifications (e.g., CCNP Enterprise, JNCIP-ENT, JNCIP-SP).
Experience utilizing Network Automation frameworks (such as Ansible, Python, PyEZ, or Terraform) to programmatically audit, manipulate, and deploy broad firewall policies and routing statements uniformly across a global WAN topology.
Company Information
Arion Systems (ASI) seeks professionals with outstanding technical and operational qualifications who demonstrate an uncommon work ethic and a commitment to mission. We enjoy the benefits of an ethnically diverse work place and strive to make it more diverse.
ASI is an Equal Opportunity and Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, national origin, gender, religion, age, disability, veteran's status, or any other classification as required by law.
The Campus & WAN Firewall Engineer is a senior-level security routing and infrastructure specialist responsible for the architectural design, implementation, and steady-state optimization of network security controls across a large-scale Wide Area Network (WAN) and enterprise campus environment. This role specializes in managing high-throughput firewall deployments that enforce zero-trust boundary controls across heavily segmented networks containing numerous Virtual Routing and Forwarding (VRF) instances.
The ideal candidate bridges the gap between deep network engineering and advanced perimeter defense, possessing extensive hands-on experience interfacing enterprise firewalls with Juniper or Cisco routing platforms via dynamic routing protocols. The engineer ensures that security boundaries are strictly maintained without compromising high-performance WAN throughput, resiliency, or enterprise-grade network availability.
Essential Duties and Responsibilities
Multi-VRF & WAN Security Architecture: Design, configure, and maintain Next-Generation Firewall (NGFW) policies mapped across highly complex, multi-tenant network infrastructures utilizing multiple VRFs and secure logical systems.
Routing infrastructure Integration: Establish, troubleshoot, and optimize secure dynamic routing adjacencies (including BGP, OSPF, and MP-BGP) directly between security appliances and Juniper or Cisco core/edge routers.
Perimeter Policy & Rule Engineering: Construct, audit, and systematically prune centralized firewall rule sets, complex NAT pools, and advanced security profiles to prevent inter-VRF leakage while enabling legitimate cross-boundary application traffic.
Enterprise Security Platform Management: Oversee the lifecycle management, patching, and policy deployment of distributed Forcepoint and Palo Alto firewall estates utilizing vendor centralized management systems.
Advanced Traffic Analysis & Inter-VRF Troubleshooting: Perform high-level packet analysis, deep-packet inspections (DPI), and trace-route diagnostics across complex transit VRFs to isolate and resolve advanced network connectivity, performance drops, or asymmetric routing anomalies.
Secure Encapsulation & Tunneling: Architect and maintain scalable, high-throughput site-to-site VPN networks, GRE tunnels, and IPsec implementations over the WAN fabric to safeguard remote locations and critical datalink infrastructures.
Vulnerability & Compliance Audits: Ensure the perimeter defense framework complies with strict federal and organizational guidelines, leading efforts in security posture audits, config hardening, and log delivery configurations into SIEM engines.
Required Qualifications
Clearance: TS//SCI with CI Poly preferred
Education: Bachelor's degree in Computer Science, Cybersecurity, Network Engineering, Information Technology, or a related technical field; or an equivalent combination of education and professional experience.
Experience: 5–8 years of specialized enterprise networking experience focused heavily on firewall administration, WAN engineering, and multi-tenant segmentation.
Mandatory Professional-Level Certification Requirement:
Must hold at least one of the following professional certifications:
Palo Alto Networks Certified Network Security Engineer (PCNSE) or Palo Alto Networks Certified Network Security Professional (PCNSP).
Forcepoint Next Generation Firewall (NGFW) System Engineer or Forcepoint NGFW Advanced Network Operations Specialist.
Required Technical Skills:
Routing & Switching: Expert-level knowledge of advanced routing mechanics over WAN environments, including VRF-lite, MPLS, MP-BGP, OSPF, and strict path-isolation techniques.
Hardware Interfacing: Hands-on competency configuring, monitoring, and operating Juniper Junos OS or Cisco IOS/IOS-XE/NX-OS routing environments alongside enterprise security appliances.
Security Toolsets: Deep technical command over Intrusion Detection/Prevention Systems (IDS/IPS), Network Access Control (NAC), SSL decryption, and granular application identification policies.
Diagnostics: Advanced proficiency using Wireshark, tcpdump, and enterprise logging fabrics (e.g., Splunk, Panorama, Forcepoint SMC) to trace packet flow across multi-layered routing zones.
Preferred Qualifications
Professional-level Cisco or Juniper networking certifications (e.g., CCNP Enterprise, JNCIP-ENT, JNCIP-SP).
Experience utilizing Network Automation frameworks (such as Ansible, Python, PyEZ, or Terraform) to programmatically audit, manipulate, and deploy broad firewall policies and routing statements uniformly across a global WAN topology.
Company Information
Arion Systems (ASI) seeks professionals with outstanding technical and operational qualifications who demonstrate an uncommon work ethic and a commitment to mission. We enjoy the benefits of an ethnically diverse work place and strive to make it more diverse.
ASI is an Equal Opportunity and Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, national origin, gender, religion, age, disability, veteran's status, or any other classification as required by law.
group id: 10188992