Senior Cybersecurity & Network Systems Engineer

About The Position

Requirements

• Bachelor's degree in related field and 7+ years of cybersecurity and network engineering experience supporting federal or enterprise environments.
• Strong hands-on experience with Cisco ACI/APIC, SD-Access, AAA/TACACS+, VLAN segmentation.
• Demonstrated capability implementing NIST-aligned cybersecurity controls and Zero Trust architectures.
• Experience with IAM solutions including Keycloak, policy-based authentication, and SSO federations.
• Hands-on experience with Docker, Kubernetes, Helm, Proxmox VE, and infrastructure automation.
• Experience operating IDS/IPS systems (Suricata), OPNsense, Grafana, and packet analysis platforms.
• CompTIA Security+ and A+ certifications.

Nice To Haves

• Experience supporting RMF, eMASS package inputs, STIG compliance and vulnerability remediation.
• Familiarity with Army networks, TDL/TDP processes, and DISA STIG/SRG baseline configurations.
• Experience with wireless surveys, RF spectrum analysis, and site infrastructure validation.
• Experience with deployment of Zero Trust overlays (OpenZiti, Pomerium) and NAC solutions (PacketFence).
• Exposure to Cisco Security training: SCOR, SAUI, CBROPS.
• Experience with large migration efforts, Windows Server 2016 networking/identity, and secure endpoint integration.
• Familiarity with CHESS procurement processes, and IUID-tagging environments.

Responsibilities

• Engineer, harden, and deploy enterprise-grade network solutions including Cisco ACI/APIC, SD-Access, VLAN segmentation, AAA/TACACS+, and secure routing/switching architectures.
• Lead site surveys, spectrum assessments, infrastructure validation, OPSEC-compliant data gathering, and deliver inputs to the Test Network Modernization Plan (TNMP).
• Support creation and updates to Technical Direction Plans (TDPs), including equipment strategy, risk identification, ROM inputs, SLAs, and cyber requirements.
• Lead modernization of legacy environments to NIST-aligned architectures while maintaining operational continuity.
• Apply NIST, RMF, and Zero Trust principles to all network modernization efforts.
• Develop STIG and eSTIG checklists, perform vulnerability scans, document findings, and support POA&M development.
• Architect and implement Zero Trust and IAM solutions using technologies such as Keycloak, Pomerium, PacketFence, and identity-centric access controls.
• Deploy and tune IDS/IPS tools such as Suricata, integrate with OPNsense, and enhance monitoring with Grafana/Prometheus.
• Automate configurations and infrastructure using Ansible, Terraform, Helm, Docker, Kubernetes, and other automation frameworks.
• Support the engineering of containerized security labs, overlay networks, distributed K8s clusters, and secure cloud-adjacent architectures.
• Support development and execution of Acceptance Test Plans (ATP) and Site Acceptance Tests (SAT) for network, cybersecurity, and system performance verification.
• Conduct integration testing across modernized Cisco and containerized systems.
• Generate technical diagrams, TNMP/TDP inputs, security artifacts, trip reports, and network documentation in accordance with Army deliverable standards.
• Maintain accurate configuration baselines, contribute to QMP/Safety plan inputs, and provide status inputs for the Monthly Status Report (MSR).
• Ensure all actions follow CHESS/IT procurement rules, IUID requirements, and DoD cybersecurity training/clearance requirements.

Benefits

• 401K plan with company match
• medical
• dental
• vision
• life insurance
• AD&D
• flexible spending account
• disability
• paid time off
• flexible work schedule
• professional training and development