Network Security Firewall Engineer (NAC) / Active Secret

About The Position

Requirements

• Education & Experience Requirements (TESA): Bachelor’s degree in Computer Science, Cybersecurity, or related field and 8 years of relevant experience, OR Associate’s Degree and 10 years relevant experience, OR High School Diploma and 12 years relevant experience.
• Certifications (8140 DCWF Code 441): DCWF Code: 441 Required Certifications: SecurityX / CASP+ CCNP Security, CCSP, GCIA, GCED, GCIH AND ONE of the following: Network Firewall, IDS, F5-CA, F5-CTS, F5-CSE, BCCPA, CCNP Security, CCIE Security, Cisco CyberOps Professional
• Hands-On Expertise: Minimum 8 years designing and administering Cisco ASA or Firepower Firewall, Cisco ISE in large-scale environments.
• Experience with Cisco Firepower management platforms (FMC and FDM).
• Understanding of network security principles, including ACLs, NAT, and IPS/IDS.
• Deep understanding of 802.1X, RADIUS, TACACS+, TrustSec, Software-Defined Access.
• Familiarity with command-line interfaces (like TMSH), networking concepts and protocols, and security principles.
• Strong command of Cisco routing/switching, firewalls (ASA/FW-A), remote-access VPNs, IPS/IDS, F5 Big-IP, Blue Coat proxy.
• In-depth knowledge of F5 Big-IP platforms and technologies like LTM, GTM, and TMOS.
• Familiarity with PKI, certificate lifecycle management, and AAA integrations.
• Soft Skills & Clearance: Demonstrated analytical, troubleshooting, and communication experience and capabilities.
• Ability to thrive in fast-paced, mission-critical settings.
• U.S. citizenship required.
• Active DoD Secret security clearance required.

Responsibilities

• Cisco ASA & Firepower Lead design, implementation, and maintenance of Cisco Firepower infrastructure.
• Focus on threat prevention, intrusion detection/prevention, and policy management.
• Perform OS upgrades on Cisco ASA, FTD, and FMC platforms.
• Troubleshoot VPNs, policies, and connectivity issues related to FTD and FMC.
• Conduct security audits and performance tuning for high availability.
• Cisco Identity Services Engine (ISE) Design, deploy, configure, and maintain ISE across the Army Top-Level Architecture (ATLA).
• Implement 802.1X authentication for wired and wireless users.
• Develop posture-assessment policies and TrustSec segmentation strategies.
• Configure and administer TACACS+ and RADIUS for AAA services.
• Integrate ISE with Active Directory, PKI, RAVPN, and other technologies.
• Provide Tier-3 support for identity and access incidents.
• Monitor ISE health and generate compliance reports.
• F5 Load Balancers Design and implement F5 BIG-IP solutions including LTM and GTM.
• Configure virtual servers, pools, SNATs, and network settings.
• Perform firmware upgrades and configuration changes.
• Monitor traffic and troubleshoot F5-related performance issues.
• Documentation & Collaboration Maintain architecture diagrams, runbooks, and SOPs.
• Participate in formal change-control processes.
• Collaborate with network, application, and security teams to integrate solutions.