ClearanceJobs
Network Engineer
You will engineer, secure, and test the network fabric that powers a missile-defense command-and-control program. The role blends hands-on lab buildouts with deep packet forensics, enabling reliable integration of new sensors/feeds and releases into operations. Responsibilities: Design, implement, and harden lab/production-like networks (Juniper + Cisco). Configure and troubleshoot BGP/OSPF, UDP multicast (PIM/IGMP/RPF), VLANs, NAT, GRE/IPsec-GRE. Perform packet capture/analysis (Wireshark/tcpdump); produce evidence for defect closure and performance SLAs (latency/jitter/throughput). Implement STIG hardening; contribute to RMF artifacts (SCAP/ACAS, POA&M), and integrate TACACS+ / AD. Tune firewall and IDS/IPS policies across multiple enclaves. Operate within Agile sprints; maintain diagrams (Visio) and test documentation (slides/reports). Use vSphere/vCenter for testbed modeling; apply Python/Ansible for config templating and capture/replay. Validate network timing (NTP/PTP) and MTU/PMTUD across encapsulated paths. Support occasional deployments and onsite test events. Minimum qualifications: Active DoD Secret (or higher); compliant with DoD 8570 IAT II (e.g., Security+ CE). 3-7 years hands-on routing/switching/firewall experience in secured networks. Proficiency with BGP/OSPF, multicast, VLAN/NAT/GRE, and Wireshark. Experience applying DISA STIGs and supporting RMF accreditation activities. Comfort with Juniper JUNOS and Cisco IOS/ASA/Firepower. Preferred qualifications: Prior work on U.S. DoD/IC programs or missile-defense/C2 environments. Juniper/Cisco certifications (JNCIS/JNCIP, CCNP), plus Python/Ansible automation. vSphere networking (vSwitch/dvSwitch, port groups), NetFlow/IPFIX, QoS/CoS. IDS/IPS tuning (Snort/Suricata), Type-1 crypto familiarity (e.g., TACLANE), WAN optimizers. Strong documentation habits (Visio, PPT) and evidence-driven troubleshooting. Technologies you'll use: Routing/Segmentation: BGP, OSPF, PIM/IGMP/RPF, VLAN, NAT, GRE/IPsec-GRE Vendors: Juniper (EX/MX/SRX), Cisco (IOS/IOS-XE/ASA/Firepower) Security/Compliance: STIG, RMF, SCAP/ACAS, TACACS+, AD, IDS/IPS Observability: Wireshark/tcpdump, NetFlow/IPFIX, syslog/SNMP Virtualization & Automation: VMware vSphere/vCenter, Python/Ansible Timing/Perf: NTP/PTP, PMTUD/MTU validation
You will engineer, secure, and test the network fabric that powers a missile-defense command-and-control program. The role blends hands-on lab buildouts with deep packet forensics, enabling reliable integration of new sensors/feeds and releases into operations. Responsibilities: Design, implement, and harden lab/production-like networks (Juniper + Cisco). Configure and troubleshoot BGP/OSPF, UDP multicast (PIM/IGMP/RPF), VLANs, NAT, GRE/IPsec-GRE. Perform packet capture/analysis (Wireshark/tcpdump); produce evidence for defect closure and performance SLAs (latency/jitter/throughput). Implement STIG hardening; contribute to RMF artifacts (SCAP/ACAS, POA&M), and integrate TACACS+ / AD. Tune firewall and IDS/IPS policies across multiple enclaves. Operate within Agile sprints; maintain diagrams (Visio) and test documentation (slides/reports). Use vSphere/vCenter for testbed modeling; apply Python/Ansible for config templating and capture/replay. Validate network timing (NTP/PTP) and MTU/PMTUD across encapsulated paths. Support occasional deployments and onsite test events. Minimum qualifications: Active DoD Secret (or higher); compliant with DoD 8570 IAT II (e.g., Security+ CE). 3-7 years hands-on routing/switching/firewall experience in secured networks. Proficiency with BGP/OSPF, multicast, VLAN/NAT/GRE, and Wireshark. Experience applying DISA STIGs and supporting RMF accreditation activities. Comfort with Juniper JUNOS and Cisco IOS/ASA/Firepower. Preferred qualifications: Prior work on U.S. DoD/IC programs or missile-defense/C2 environments. Juniper/Cisco certifications (JNCIS/JNCIP, CCNP), plus Python/Ansible automation. vSphere networking (vSwitch/dvSwitch, port groups), NetFlow/IPFIX, QoS/CoS. IDS/IPS tuning (Snort/Suricata), Type-1 crypto familiarity (e.g., TACLANE), WAN optimizers. Strong documentation habits (Visio, PPT) and evidence-driven troubleshooting. Technologies you'll use: Routing/Segmentation: BGP, OSPF, PIM/IGMP/RPF, VLAN, NAT, GRE/IPsec-GRE Vendors: Juniper (EX/MX/SRX), Cisco (IOS/IOS-XE/ASA/Firepower) Security/Compliance: STIG, RMF, SCAP/ACAS, TACACS+, AD, IDS/IPS Observability: Wireshark/tcpdump, NetFlow/IPFIX, syslog/SNMP Virtualization & Automation: VMware vSphere/vCenter, Python/Ansible Timing/Perf: NTP/PTP, PMTUD/MTU validation