Network Security Firewall Engineer (NAC) / Active Secret

We are seeking a highly skilled Network Security Firewall Engineer to join our team supporting the U.S. Army Europe Regional Cyber Center (RCC-E). This role focuses on designing, implementing, and maintaining advanced network security solutions to ensure the integrity and availability of mission-critical systems.

Location: Wiesbaden, Germany
(On-site at U.S. Army Europe Regional Cyber Center - RCC-E)

Key Responsibilities:

Cisco ASA & Firepower

• Lead design, implementation, and maintenance of Cisco Firepower infrastructure.
• Focus on threat prevention, intrusion detection/prevention, and policy management.
• Perform OS upgrades on Cisco ASA, FTD, and FMC platforms.
• Troubleshoot VPNs, policies, and connectivity issues related to FTD and FMC.
• Conduct security audits and performance tuning for high availability.

Cisco Identity Services Engine (ISE)

• Design, deploy, configure, and maintain ISE across the Army Top-Level Architecture (ATLA).
• Implement 802.1X authentication for wired and wireless users.
• Develop posture-assessment policies and TrustSec segmentation strategies.
• Configure and administer TACACS+ and RADIUS for AAA services.
• Integrate ISE with Active Directory, PKI, RAVPN, and other technologies.
• Provide Tier-3 support for identity and access incidents.
• Monitor ISE health and generate compliance reports.

F5 Load Balancers

• Design and implement F5 BIG-IP solutions including LTM and GTM.
• Configure virtual servers, pools, SNATs, and network settings.
• Perform firmware upgrades and configuration changes.
• Monitor traffic and troubleshoot F5-related performance issues.

Documentation & Collaboration

• Maintain architecture diagrams, runbooks, and SOPs.
• Participate in formal change-control processes.
• Collaborate with network, application, and security teams to integrate solutions.

Education & Experience Requirements (TESA):

• Bachelor’s degree in Computer Science, Cybersecurity, or related field and 8 years of relevant experience,
  OR Associate’s Degree and 10 years relevant experience, OR High School Diploma and 12 years relevant experience.

Certifications (8140 DCWF Code 441):

• DCWF Code: 441
• Required Certifications:
  • SecurityX / CASP+
  • CCNP Security, CCSP, GCIA, GCED, GCIH
  • AND ONE of the following:
    • Network Firewall, IDS, F5-CA, F5-CTS, F5-CSE, BCCPA, CCNP Security, CCIE Security, Cisco CyberOps Professional

Hands-On Expertise:

• Minimum 8 years designing and administering Cisco ASA or Firepower Firewall, Cisco ISE in large-scale environments.
• Experience with Cisco Firepower management platforms (FMC and FDM).
• Understanding of network security principles, including ACLs, NAT, and IPS/IDS.
• Deep understanding of 802.1X, RADIUS, TACACS+, TrustSec, Software-Defined Access.
• Familiarity with command-line interfaces (like TMSH), networking concepts and protocols, and security principles.
• Strong command of Cisco routing/switching, firewalls (ASA/FW-A), remote-access VPNs, IPS/IDS, F5 Big-IP, Blue Coat proxy.
• In-depth knowledge of F5 Big-IP platforms and technologies like LTM, GTM, and TMOS.
• Familiarity with PKI, certificate lifecycle management, and AAA integrations.

Soft Skills & Clearance:

• Demonstrated analytical, troubleshooting, and communication experience and capabilities.
• Ability to thrive in fast-paced, mission-critical settings.
• U.S. citizenship required.
• Active DoD Secret security clearance required.