Full Job Description

***MUST have an active Secret Clearance (or higher)

  • Lead network architectural design, engineering, implementation, sustainment, migration, technical refresh, and lifecycle services for the Datacenter and Cloud enterprise network infrastructure
  • Provide network architectural design, modeling, engineering, implementation, sustainment, migration, technical refresh, and lifecycle services for the DISA Datacenter and Cloud enterprise network infrastructure. Network services and products supported shall include, but are not limited to, routers, switches, firewalls, web application firewalls, DNS, email gateways, proxy services, VPN, Local Area Network (LAN), Wide Area Network (WAN) and protocols, cryptographic devices, associated device software and firmware, diagnostic tools, and automation systems. The contractor shall also support a number of Intrusion and Detection Systems (IDS) and other network defense architectures in support of cyber defense operations and initiatives.
  • Design solution documentation that outlines guidance on licensing, physical architecture, logical configuration, eligibility, checklist application inventory, security policy protection phases, and basic administration to include system configuration baseline and security policy configuration baseline
  • Provide/support implementation solution documents and WAF subject matter expertise for the configuration and maintenance of DISA hosted Application Delivery Controllers to include software modules such as F5 BIG-IP Local Traffic Manager (LTM), Global Traffic Manager (GTM), Access Policy Manager (APM), and Application Security Manager (ASM) modules.
  • Develop required plans, whitepapers, briefings, and other required documents to support all engineering and implementation efforts with established policy and processes
  • Manage all software and firmware on network hardware and OEs are maintained and up to date on vendor supportable code versions
  • Ensure team issues Common Vulnerabilities and Exposures (CVE) for specific device and code version in accordance with government requested timelines
  • Continuously monitor the Government owned project management system for project support requests, project priority, triage to ensure urgency/impact are clearly defined, project assignments, project tasks/activities, project timelines and suspense, project reporting, and project briefings
  • Responsible for the planning, scheduling, execution, and closeout of Authorized Services Interruptions (ASI) in support of infrastructure network changes
  • Oversee the development of ASI migration guide detailing configuration steps, migration details, and fail-back plan
  • Attend and brief the weekly Communications ASI Review Board (CRB) for ASIs under their purview. Briefing shall consist of ASI site, risk level, network devices involved, applications impacted, and anticipated impact. The contractor shall also be available to consult on any questions or concerns raised by DISA Ecosystem Command and Control (C2).
  • Shall lead recommendations in operational processes to ensure successful migration and maintenance of applications behind Web Application Firewall (WAF)
  • Administer the development of automated workflows to be configured properly to provide infrastructure capacity and performance management for forecasting and planning future requirements
  • Proficiently communicate and brief ideas and information to people of a non‐technical background include senior leadership

Required Technical Skills:

  • Must have an active SECRET or higher security clearance
  • 8+ years of implementation and sustainment of complex Datacenter and Enterprise Network infrastructure in a multi‐vendor environment experience
  • DoD 8570.01-M/8140.01 IAT Level II Certification (can be one of the following: Security+ or CySA+)
  • Relevant Computing Environment (CE) certification based on the equipment and software relevant to primary duties
  • CCNP, CISCO, F5, Juniper (JNCIS, JNCIP) certification preferred but not required
  • Strong and extensive knowledge of datacenter‐based network methods, protocols and technologies such as:
    • Routing [BGP/OSPF/MP‐BGP/ MPLS/VPN/Multicast/ PBR]
    • Switching [RSTP, VLAN, VXLAN, LLDP, VPC, LACP, LAG]
    • TCP/IP [IPv4, IPv6, UDP, Layer 1 through Layer 7, IPSEC, HAIPE
    • Firewalls [VPN, ACLs, Whitelisting]
    • SDN/ NFV/ IAC [ACI, Service Insertion, Ansible]
    • Load balancing [APM, ASM, LTM, GTM]
    • Identity and Access Management with RBAC [AAA/RADIUS/TACACS/ LDAP]
    • Network management and analysis (Performance Manager (PM), Juniper Space, Cisco ISE, Splunk]
    • Structured cabling and installation standards
    • Application of net‐ work security and design practices
    • Cloud management [AWS/AZURE]
  • Knowledge in software modules to include: [F5 LTM, GTM, APM, and ASM]
  • IT Bachelor’s Degree or Vendor Network Certification (Professional or higher)

Environment

  • Great benefits: Paid time off, flexible work schedule, teleworking allowed, medical/dental/vision plan, 401k; and more
  • Tuition assistance for continuing or career-related education
  • Our cultural focus is on people and results – not bureaucracy
  • Ample opportunity for career growth – we promote from within
  • Leadership takes a constructive interest in every team member’s success
  • Work/Life Balance and flexible hours
  • Be part of a close-knit team that works and plays together and helps one another succeed
  • You will not be micromanaged: plan, prioritize, schedule and be accountable for your own tasks
  • Casual workplace
  • Open-door policy with all management

**Salary is commensurate with education and experience**

Job Category: Engineering
Job Type: Full Time

Apply for this position

Allowed Type(s): .pdf, .doc, .docx