MSM Tech Inc.
We are seeking a Network Engineer to support a federal customer. In this role you will:
Provide network architectural design, modeling, engineering, implementation, sustainment, migration, technical refresh, and lifecycle services for the DISA Datacenter and Cloud enterprise network infrastructure. Network services and products supported shall include, but are not limited to, routers, switches, firewalls, web application firewalls, DNS, email gateways, proxy services, VPN, Local Area Network (LAN), Wide Area Network (WAN) and protocols, cryptographic devices, associated device software and firmware, diagnostic tools, and automation systems. The contractor shall also support a number of Intrusion and Detection Systems (IDS) and other network defense architectures in support of cyber defense operations and initiatives.
Provide design solutions and implementation guides and use DoD and Industry best practices. Contractor is responsible for providing service transition to operations and shall reference an Information Technology Infrastructure Library (ITIL) Framework
Provide/support implementation solution documents for the configuration and maintenance of DISA hosted Application Delivery Controllers to include software modules such as F5 BIG-IP Local Traffic Manager (LTM), Global Traffic Manager (GTM), Access Policy Manager (APM).
Design solution documentation that outlines guidance on licensing, physical architecture, logical configuration, eligibility, checklist application inventory, security policy protection phases, and basic administration to include system configuration baseline and security policy configuration baseline.
Build, implement, and document network enabled applications taking into consideration various factors such as but not limited to infrastructure requirements or limitations, security, and application performance needs and best practices.
Network services and products supported shall include, but are not limited to, routers, switches, firewalls, web application firewalls, DNS, email gateways, proxy services, VPN, Local Area Network (LAN), Wide Area Network (WAN) and protocols, cryptographic devices, associated device software and firmware, diagnostic tools, and automation systems. The contractor shall also support a number of Intrusion and Detection Systems (IDS) and other network defense architectures in support of cyber defense operations and initiatives.
Assume responsibility for all lifecycle components’ compliance with security controls, including confidentiality, integrity, and availability as well as compliance with Security Technical Implementation Guidelines (STIG) in depth.
Engineer and implement network architectural changes in response to future network technology enhancements, DISA customer requirements, security requirements and enhancements, technical refresh efforts, lifecycle requirements, or changes in network capacity requirements.
Prepare and solution design/technical documentation to include whitepapers, briefings, and other required documents to support all engineering and implementation efforts with established policy and processes.
Adhere to DISA enterprise network standards to include developing support documentation, leading technical working groups, conducting product evaluations, developing recommendations, and preparing and presenting briefings.
Ensure that all engineering and implementation efforts adhere to DISA and DoD policies, and directives from United States Cyber Command (USCC) and Joint Force Headquarters DODIN (JFHQ-DODIN).
Requirements
Must have an active SECRET or higher security clearance.
5+ years of relevant experience with design and implementation of complex Datacenter and Enterprise Network infrastructure in a multi-vendor environment
Relevant secondary certification (i.e. Cisco, F5, Juniper, Palo Alto, Cloud, etc.)
Excellent verbal and written communication skills.
Preferred Skills
IT bachelor’s degree or Vendor Network Certification (Professional or higher)
Strong and extensive knowledge of datacenter-based network methods, protocols and technologies to include:
Routing [BGP/ OSPF/MP-BGP/ MPLS/VPN/Multicast/PBR]
Switching [RSTP, VLAN, VXLAN, LLDP, VPC, LACP, LAG]
TCP/IP, IPv4, IPv6, UDP, Layer 1 through Layer 7, IPSEC, HAIPE
Firewalls [VPN, ACLs, Whitelisting]
Load balancing [APM, ASM, LTM, GTM]
SDN/ NFV/ IAC [ACI, Service Insertion, Ansible]
Identity and Access Management with RBAC [AAA/RADIUS/TACACS/LDAP]
Network management and analysis (Performance Manager (PM), Juniper Space, Cisco ISE, Splunk]
Structured cabling and installation standards
Application of net- work security and design practices
Knowledge in software modules to include: [F5 BIG-IP LTM, GTM, APM, ASM]
Proficiency in use of government systems to track ops and management of systems and performance including but not limited to ITSM, GTMS, Ansible, ServiceNow, Microsoft 365
#J-18808-Ljbffr
Provide network architectural design, modeling, engineering, implementation, sustainment, migration, technical refresh, and lifecycle services for the DISA Datacenter and Cloud enterprise network infrastructure. Network services and products supported shall include, but are not limited to, routers, switches, firewalls, web application firewalls, DNS, email gateways, proxy services, VPN, Local Area Network (LAN), Wide Area Network (WAN) and protocols, cryptographic devices, associated device software and firmware, diagnostic tools, and automation systems. The contractor shall also support a number of Intrusion and Detection Systems (IDS) and other network defense architectures in support of cyber defense operations and initiatives.
Provide design solutions and implementation guides and use DoD and Industry best practices. Contractor is responsible for providing service transition to operations and shall reference an Information Technology Infrastructure Library (ITIL) Framework
Provide/support implementation solution documents for the configuration and maintenance of DISA hosted Application Delivery Controllers to include software modules such as F5 BIG-IP Local Traffic Manager (LTM), Global Traffic Manager (GTM), Access Policy Manager (APM).
Design solution documentation that outlines guidance on licensing, physical architecture, logical configuration, eligibility, checklist application inventory, security policy protection phases, and basic administration to include system configuration baseline and security policy configuration baseline.
Build, implement, and document network enabled applications taking into consideration various factors such as but not limited to infrastructure requirements or limitations, security, and application performance needs and best practices.
Network services and products supported shall include, but are not limited to, routers, switches, firewalls, web application firewalls, DNS, email gateways, proxy services, VPN, Local Area Network (LAN), Wide Area Network (WAN) and protocols, cryptographic devices, associated device software and firmware, diagnostic tools, and automation systems. The contractor shall also support a number of Intrusion and Detection Systems (IDS) and other network defense architectures in support of cyber defense operations and initiatives.
Assume responsibility for all lifecycle components’ compliance with security controls, including confidentiality, integrity, and availability as well as compliance with Security Technical Implementation Guidelines (STIG) in depth.
Engineer and implement network architectural changes in response to future network technology enhancements, DISA customer requirements, security requirements and enhancements, technical refresh efforts, lifecycle requirements, or changes in network capacity requirements.
Prepare and solution design/technical documentation to include whitepapers, briefings, and other required documents to support all engineering and implementation efforts with established policy and processes.
Adhere to DISA enterprise network standards to include developing support documentation, leading technical working groups, conducting product evaluations, developing recommendations, and preparing and presenting briefings.
Ensure that all engineering and implementation efforts adhere to DISA and DoD policies, and directives from United States Cyber Command (USCC) and Joint Force Headquarters DODIN (JFHQ-DODIN).
Requirements
Must have an active SECRET or higher security clearance.
5+ years of relevant experience with design and implementation of complex Datacenter and Enterprise Network infrastructure in a multi-vendor environment
Relevant secondary certification (i.e. Cisco, F5, Juniper, Palo Alto, Cloud, etc.)
Excellent verbal and written communication skills.
Preferred Skills
IT bachelor’s degree or Vendor Network Certification (Professional or higher)
Strong and extensive knowledge of datacenter-based network methods, protocols and technologies to include:
Routing [BGP/ OSPF/MP-BGP/ MPLS/VPN/Multicast/PBR]
Switching [RSTP, VLAN, VXLAN, LLDP, VPC, LACP, LAG]
TCP/IP, IPv4, IPv6, UDP, Layer 1 through Layer 7, IPSEC, HAIPE
Firewalls [VPN, ACLs, Whitelisting]
Load balancing [APM, ASM, LTM, GTM]
SDN/ NFV/ IAC [ACI, Service Insertion, Ansible]
Identity and Access Management with RBAC [AAA/RADIUS/TACACS/LDAP]
Network management and analysis (Performance Manager (PM), Juniper Space, Cisco ISE, Splunk]
Structured cabling and installation standards
Application of net- work security and design practices
Knowledge in software modules to include: [F5 BIG-IP LTM, GTM, APM, ASM]
Proficiency in use of government systems to track ops and management of systems and performance including but not limited to ITSM, GTMS, Ansible, ServiceNow, Microsoft 365
#J-18808-Ljbffr