Senior Network Security Engineer (SDN / Multi-Enclave)

Peraton Labs is seeking a poly cleared Senior Network Security Engineer (SDN / Multi-Enclave) to provide senior technical leadership for the secure design, implementation, and sustainment of network and system architectures across multiple enclaves, including environments with different data protection and classification requirements. In this role you will lead security planning and risk activities, recommend system-level solutions to meet security requirements, and support our MD-based government customer in establishing and enforcing trusted relationships among external systems and architectures. The ideal candidate for this role will bring deep expertise in Software Defined Networking (SDN) and demonstrated security compliance experience within government programs of similar scope and complexity.

This position requires full-time on-site work at a customer site near College Park, MD.

Responsibilities within this role may include:

• Design, engineer, and validate secure network/systems solutions spanning multiple enclaves with varying security boundaries and classification levels
• Recommend and implement system-level security solutions to satisfy mission, compliance, and operational requirements
• Perform and support security planning, assessments, risk analysis, risk management, including documentation and briefing of risk decisions and mitigations
• Support our government customer in enforcing the design and implementation of trusted relationships among external systems and architectures (e.g., interconnections, cross-domain dependencies, boundary protections)
• Engineer and secure SDN-enabled architectures (i.e. controller/overlay models), ensuring segmentation, policy enforcement, and strong access control
• Install, configure, harden, troubleshoot, and support network telecommunications infrastructure and security capabilities
• Develop/maintain network security artifacts such as security design packages, interface control documentation, diagrams, and compliance evidence
• Conduct root-cause analysis of security or connectivity issues and implement corrective actions that preserve mission availability and security posture
• Provide technical guidance to teams and stakeholders; participate in design reviews, security reviews, and change control activities

Required qualifications

• Minimum of 12 years of experience as a Network Security Engineer (or related role) supporting DoD/IC programs, and a Bachelor’s in Computer Science, Cybersecurity Engineering, System Engineering, Network Engineering or related discipline. 4 years of additional experience may be accepted in lieu of a bachelor’s degree (for a total of 16 years of experience)
• 5+ years of experience demonstrating principles, theories, methods, and techniques of security software (IOS) and hardware across Juniper, FORE, and Cisco routers/switches
• Demonstrated experience in the installation and support of network telecommunications, with expert-level network security knowledge
• Hands-on knowledge and troubleshooting experience with:
  • LAN/WAN, VLANs, VoIP
  • Routing: RIP, OSPF, EIGRP
  • Authentication: AAA/TACACS
  • Security controls: Juniper/FORE/Cisco ACLs
• Experience implementing and troubleshooting secure network products such as VPNs and IDS/IPS (or equivalent)
• Demonstrated experience designing, implementing, securing, or operating Software Defined Networking solutions
• Demonstrated experience supporting security compliance (planning, assessment, audit support, evidence collection, control implementation/validation)
• An active/current Cisco Certified Network Associate (CCNA) certification is required for this role; additionally, you should have or have documented (over 50%) progress toward completion of a Cisco Certified Network Professional (CCNP) certification
• This position requires US Citizenship and an active/current TS/SCI w/ Polygraph.

Additional preferred qualifications

• Experience supporting DoD/IC customers and multi-enclave/multi-domain architectures
• Experience with security engineering in regulated frameworks (e.g., RMF/ATO processes, control validation, POA&M support)
• Hands-on with SDN platforms/approaches (controller-based networking, overlays, micro segmentation, policy-as-code concepts)
• Experience with IDS/IPS tuning, VPN design at scale, and secure segmentation patterns in hybrid environments
• Ability to author high-quality technical documentation (design packages, CONOPs, SOPs, diagrams) and brief technical + non-technical stakeholders

#mdpm