V

Senior WAN Encryption Engineer and Architect

Virginia Tech Applied Research Corporation - VT-ARC

Posted today

Job Requirements

Arlington, VA
Top Secret/SCI Polygraph Unspecified
Career Level not specified
Salary not specified
Join Premium to unlock estimated salaries

Job Description

About Us:

VT-ARC, a technical services and applied research company, has built an organizational culture marked by four primary values: Teamwork, Integrity, Excellence, and Service. Integral to our success is our staffs enthusiasm for solving tough problems by working together in teams to get the job done. We foster a culture where every employees contribution is valued and performed with integrity while maintaining a fun work environment. VT-ARC strives for excellence in all that is done for our clients, and such achievement is recognized through service/merit awards. Moreover, we promote a sense of community larger than VT-ARC alone, where staff and institutional resources can be applied in service to our country.

We are proud to be the recipient of the Best Workplace in Defense Award by Emergent Magazine, an honor that recognizes companies with positive cultures that not only impact their people but also make a meaningful difference in the community.

About You:

You are a senior WAN, network engineering, or secure transport professional who understands how encryption is actually deployed in complex enterprise and mission network architectures. You know how to decide where crypto belongs, what type of encryption approach is appropriate, how encrypted paths affect routing and transport behavior, and how to make those designs secure, supportable, accreditable, and operationally sustainable.

This is a network architecture and integration role, not a cryptographic algorithm-design role. Your value is in connecting mission requirements, transport design, encryption placement, commercial solution options, CSfC considerations, Type 1 dependencies, COMSEC/KMI realities, and day-two operations into one coherent secure transport architecture. This is not for a key manager, rather this is a Senior WAN and secure transport engineering first with heavy crypto expertise applied through network architecture and implementation decisions. This role will have substantial awareness to fluency across the commercial encryption solution space, including CSfC, COTS security products, IPsec, MACsec, TLS, PKI, VPN, SD-WAN, cloud interconnect, and secure enterprise transport patterns. In addition, this role will provide the ability to compare Type 1, CSfC, commercial COTS, and hybrid approaches based on mission need, classification, risk, accreditation, and operational supportability.

You are comfortable serving as the primary technical point of accountability for network encryption decisions across WAN, LAN, cloud interconnect, satellite, classified enclave, commercial transport, COMSEC, cybersecurity, and operations teams.

Position Overview:

VT-ARC is seeking a Senior Secure WAN Encryption Engineer & Architect (SME) to lead secure transport architecture, WAN encryption integration, CSfC-aware solution planning, commercial crypto solution evaluation, Type 1 inline encryption integration, and crypto modernization for mission-critical programs in secure zero-trust environments. The selected candidate will help determine where encryption should be deployed, what encryption approach is appropriate for each transport or enclave, how secure paths should be engineered, and how those designs should be validated, documented, transitioned, and sustained. This includes the ability to work across Type 1 / HAIPE solutions, CSfC-aligned commercial solution architectures, COTS IPsec/MACsec/TLS-based approaches, PKI-enabled transport designs, cloud and carrier connectivity, classified networks, and mission communications environments.

This role supports enterprise and mission networks across multiple transport layers, including WAN, LAN, private transport, commercial transport, cloud interconnect, satellite communications, classified enclaves, multi-enclave environments, and air-gapped networks. The person in this role will coordinate closely with program leadership, operations, and mission stakeholders.

Active Top Secret/SCI clearance is required.

VT-ARC offers a competitive signing bonus for qualified candidates.

Duties/Responsibilities:
  • Serve as the senior SME for secure WAN encryption, secure transport architecture, network crypto placement, and encrypted mission communications integration.
  • Lead architecture input and engineering decisions for where and how encryption should be deployed across enterprise WANs, classified enclaves, cloud interconnects, commercial transport, private transport, SATCOM, and air-gapped environments.
  • Evaluate and recommend appropriate encryption approaches, including Type 1 / HAIPE, CSfC-aligned layered commercial solutions, COTS IPsec VPN, MACsec, TLS-protected services, PKI-enabled transport, SD-WAN security, commercial firewall/VPN platforms, and hybrid architectures.
  • Translate mission requirements, classification constraints, network topology, routing domains, enclave boundaries, keying dependencies, and operational needs into practical secure transport designs.
  • Engineer A-side/B-side designs, red/black separation, crypto boundary placement, management paths, monitoring paths, failover behavior, high availability, MTU considerations, path diversity, latency implications, and troubleshooting approaches.
  • Support CSfC-aware architecture planning, including interpretation of applicable Capability Package concepts, commercial component categories, layered solution dependencies, registration/evidence considerations, and RMF/ATO alignment.
  • Assess commercial encryption and secure transport products for suitability within classified or high-assurance network architectures, including operational fit, scalability, management model, interoperability, vendor supportability, certification posture, and accreditation dependencies.
  • Coordinate dependencies across COMSEC, KMI, PKI, identity, WAN, LAN, cloud, UC, cybersecurity, infrastructure, systems engineering, operations, and mission teams.
  • Develop secure WAN encryption architectures, implementation plans, connection diagrams, migration plans, cutover runbooks, test procedures, configuration records, verification artifacts, and operational handoff documentation.
  • Support lab validation, proof-of-concept activities, integration events, site deployments, cutovers, path validation, packet capture analysis, failover testing, troubleshooting, operational acceptance testing, and transition to operations.
  • Support crypto modernization planning by assessing current encrypted transport designs, identifying architecture gaps, evaluating commercial and government-approved options, and developing migration strategies.
  • Ensure network encryption and secure transport designs support applicable DoD, NSA, CNSS, RMF, ATO, STIG, COMSEC, and program security requirements.
  • Mentor network and mission communications teams on encryption integration dependencies, commercial solution tradeoffs, secure transport design, CSfC considerations, and operational impacts.

Required Education, Certification, Skills, Capabilities:
  • Active Top Secret/SCI clearance and U.S. citizenship are required.
  • Senior-level experience as a WAN engineer, network engineer, secure transport engineer, network architect, mission communications engineer, or equivalent role supporting classified, DoD, IC, federal, or high-assurance enterprise networks.
  • Strong understanding of WAN architecture, routing, switching, segmentation, transport diversity, carrier services, high availability, failover, monitoring, path validation, and network troubleshooting.
  • Demonstrated experience integrating encryption, secure transport, Type 1, HAIPE, inline encryption, COMSEC-dependent transport, CSfC-aligned architectures, or commercial network encryption capabilities in classified or high-assurance environments.
  • Deep awareness of commercial crypto and secure transport solutions, including COTS IPsec VPN gateways/clients, MACsec devices, TLS-protected services, PKI/certificate authority dependencies, authentication services, software and hardware encryption approaches, MDM/EUD dependencies, secure voice/VoIP components, commercial firewall/VPN platforms, SD-WAN security, SASE/SSE concepts, cloud interconnect security, and managed carrier transport options.
  • Working knowledge of CSfC concepts, including Capability Packages, component categories, layered/composed commercial solutions, NIAP/Common Criteria considerations, FIPS-validated cryptography, CNSA/CNSA 2.0 awareness, and solution registration/accreditation dependencies.
  • Ability to assess when Type 1, CSfC, COTS commercial encryption, IPsec/MACsec/TLS overlays, cloud-native controls, or hybrid approaches are appropriate based on classification, mission requirements, threat/risk, performance, operational supportability, accreditation path, lifecycle, and cost/schedule tradeoffs.
  • Working knowledge of A-side/B-side design, red/black separation, crypto boundary placement, management path design, keying dependencies, enclave separation, and encrypted transport integration.
  • Experience supporting global or multi-site enterprise networks across WAN, LAN, MPLS, SD-WAN, private transport, commercial internet transport, classified enclaves, cloud connectivity, mission networks, or air-gapped environments.
  • Ability to coordinate complex technical dependencies among COMSEC, KMI, PKI, network engineering, cybersecurity, systems engineering, infrastructure, operations, vendors, integrators, and mission stakeholders.
  • Experience supporting RMF, ATO, STIG, security control implementation, continuous monitoring, or equivalent cybersecurity compliance activities for network infrastructure.
  • Ability to produce clear architecture diagrams, connection diagrams, implementation guides, migration plans, test procedures, validation artifacts, technical decision records, and operational handoff materials.

Desired Education, Certification, Skills, Capabilities:
  • Hands-on experience with CSfC solution planning, integration, evidence development, compliance checklist support, or work with a CSfC Trusted Integrator, government customer, or commercial component ecosystem.
  • Experience with NSA Type 1 inline encryptors, HAIPE environments, TACLANE or equivalent controlled cryptographic equipment, or modernization from Type 1-only designs toward commercial or hybrid secure transport solutions where appropriate.
  • Familiarity with CSfC Capability Packages and annexes such as Multi-Site Connectivity, Mobile Access, Campus WLAN, Data at Rest, Enterprise Gray, Key Management, Symmetric Key Management, Continuous Monitoring, Tactical, WIDS/WIPS, or similar CSfC architecture guidance.
  • Experience evaluating commercial network and security products for secure transport use cases, including enterprise VPN, firewall, SD-WAN, MACsec, TLS gateway/proxy, PKI/CA, authentication, MDM, EUD, VoIP, cloud networking, SASE/SSE, and monitoring/management platforms.
  • Experience with commercial and government security evaluation concepts such as NIAP, Common Criteria, FIPS 140 validation, CNSA/CNSA 2.0, approved protection profiles, supply chain considerations, and vendor sustainment requirements.
  • Experience integrating encryption with MPLS, carrier Ethernet, SD-WAN, commercial internet, satellite, tactical transport, cloud interconnect, unified communications, mission partner networks, or cross-domain-adjacent architectures.
  • Experience with packet capture, path validation, MTU analysis, crypto troubleshooting, network performance analysis, failover testing, telemetry, logging, monitoring, and operational acceptance testing.
  • Familiarity with Zero Trust principles, defense-in-depth network design, secure enclave integration, network segmentation, identity-aware access, and continuous monitoring.
  • Professional certifications such as CCNP, CCIE, JNCIP, JNCIE, Security+, CISSP, GSEC, GCIA, GDSA, SANS/GIAC credentials, cloud networking/security certifications, INCOSE CSEP/ESEP, or equivalent technical credentials.

Primary Work Location: Work is expected to be fully onsite in Arlington, VA.

Special Work Conditions: Travel may be required, up to 10%.

Security:
  • Must be a U.S. Citizen
  • Active Top Secret/SCI clearance is required

Competitive Salary: VT-ARC offers a competitive salary and benefits package designed to attract and retain senior technical talent supporting mission-critical programs.

Salary Range: $225,000$275,000 annually

Virginia Tech Applied Research Corporation: VT-ARC is a 501(c)(3), non-profit R&D organization affiliated with Virginia Polytechnic Institute and State University (Virginia Tech or VT). Our mission is to provide superior analytic and technology solutions across multiple domains by leveraging Virginia Techs multidisciplinary research and innovation ecosystem. With unique access to the broad and rich research enterprise found at Virginia Tech, VT-ARC forms multi-disciplinary teams to apply innovative solutions to the real-world problems that strain our social, political, industrial, and economic foundations.

To learn more about VT-ARCs Benefits, Perks, Culture & more visit our Careers page: https://vt-arc.org/careers/

Virginia Tech Applied Research Corporation is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, veteran status, or any other status protected by law. As a federal contractor, we are committed to providing equal employment opportunity and affirmative action for qualified individuals with disabilities under Section 503 of the Rehabilitation Act of 1973. If you need a reasonable accommodation to complete the application or interview process, please contact Human Resources at hr@vt-arc.org

Virginia Tech Applied Research Corporation uses E-Verify to confirm the employment eligibility of all newly hired employees. To learn more about E-Verify, including your rights and responsibilities, please visit www.E-Verify.gov .
group id: 10476023