Network Engineer

As a key member of our expert team, you will be responsible for the design, implementation, maintenance, and security of network infrastructure aligned with Zero Trust principles. You will provide enterprise and tactical infrastructure expertise, contributing significantly to the initial Iplan creation and the subsequent multi-year ZT engineering and operational efforts. This position directly maps to the DoD 8140 Network Technician (Work Role ID: 442) Advanced level, requiring robust technical skills in network engineering, security, and troubleshooting within complex environments.

The Leidos Digital Modernization Sector provides a diverse portfolio of systems, solutions, and services covering land, sea, air, space, and cyberspace for customers worldwide. Solutions for Defense include enterprise and mission IT, large-scale intelligence systems, command and control, geospatial and data analytics, cybersecurity, logistics, training, and intelligence analysis and operations support. Our team is solving the world's toughest security challenges for customers with "can't fail" missions.

We will rely on your expertise in architecting, implementing, and securing advanced network solutions for mission-critical operations? Join Kentro, where our unwavering focus s on supporting the mission. This role provides a unique platform to apply your deep network engineering expertise to USSOCOM's transformative Zero Trust journey, directly enhancing the connectivity, security, and operational capabilities of Special Operations Forces.

You will collaborate closely with Cybersecurity Architects, Cybersecurity Engineers, and other specialists, contributing to the practical application of ZT principles across the network fabric and leveraging advanced networking and security technologies.

This position is a hybrid position, You will work from home and need to be onsite at MacDill AFB when needed.

What we would like you to do:
As the Network Engineer for this Zero Trust initiative, you will:
• Design, implement, configure, and maintain secure network infrastructure (routers, switches, firewalls, VPNs, IDS/IPS, network access control solutions) aligned with Zero Trust principles for USSOCOM's Greenfield (SOCRATES) and Brownfield (SOFNET-U/S) environments.
• Develop and implement network segmentation and micro-segmentation strategies to support Zero Trust security objectives.
• Ensure network designs and implementations comply with DoD ZT mandates (91 target activities by FY27, 61 advanced activities by FY33) and relevant security policies (e.g., STIGs).
• Monitor network performance, availability, and security, utilizing tools like SIEM platforms and network analysis tools to identify and respond to anomalies, incidents, and potential threats.
• Troubleshoot complex network connectivity and performance issues, performing repairs and coordinating updates as necessary.
• Implement and manage network security controls, including access control lists (ACLs), firewall policies, and intrusion detection/prevention rule sets.
• Support the integration of network telemetry and security data into the broader Zero Trust visibility and analytics framework.
• Develop and maintain comprehensive network documentation, including diagrams, configurations, operational procedures, and contributions to the ZT Iplan.
• Collaborate with cybersecurity architects and engineers to ensure network security is integrated into overall system designs and ZT architecture.
• Provide input to the Risk Management Framework (RMF) process activities related to network infrastructure.
• Manage network OS backups, recovery processes, and IOS upgrades.
• Configure and manage DHCP, DNS, and PKI-related network services.
• Support the deployment and configuration of network sensors and TAPs as part of a distributed sensor grid.
• Consult with customers and stakeholders regarding network system design, maintenance, and ZT implications.

What we have to see from you:
Security Clearance: Active Top Secret clearance with SCI (Sensitive Compartmented Information) eligibility is required.
Education: Bachelor of Science (BS) degree in Information Technology, Cybersecurity, Computer Science, Engineering, or a related field.
Experience: A minimum of eight(8+) years of progressive experience in network engineering, with a strong focus on network security, design, implementation, and operations. Experience supporting DoD or USSOCOM environments is highly preferred.

Certifications Required:

• Cisco CCIE Security or CCIE Enterprise OR Cisco CCNP Enterprise or CCNP Security (preferably with a concentration like 300-715 SISE - Cisco SD-WAN Implementation or 300-735 SAUTO - Automating and Programming Cisco Security Solutions)OR Forescout Certified Professional (FSCP)

Conditional Alternative (one of these may be considered with strong network engineering and security experience):

• Palo Alto Networks Certified Network Security Administrator (PCNSA) or Palo Alto Networks Certified Network Security Engineer (PCNSE)
• GIAC Defensible Security Architecture (GDSA) - Preferred

Key Skills and Knowledge (Aligned with DoD 8140 KSATs for Network Technician - Advanced):

• Expertise in computer networking concepts (TCP/IP, OSI model, routing, switching), protocols (OSPF, EIGRP, BGP, MPLS), and network security methodologies.
• Deep understanding and practical application of Zero Trust principles to network design and security.
• Proficiency in configuring, managing, and troubleshooting enterprise-grade network hardware (Cisco, Juniper, Palo Alto Networks, etc.) and software.
• Strong knowledge of network security controls and design principles (firewalls, DMZs, VPNs, IDS/IPS, NAC, encryption).
• Experience with network segmentation, micro-segmentation, and Software-Defined Networking (SDN) concepts.
• Skill in using network monitoring, management, and analysis tools (e.g., SIEM, SolarWinds, Wireshark).
• Knowledge of risk management processes and the ability to identify and mitigate network-related security risks.
• Familiarity with STIGs and skill in applying STIG upgrades to network devices.
• Understanding of cloud computing service models (SaaS, IaaS, PaaS), deployment models (private, public, hybrid), and their network security implications.
• Knowledge of PKI, certificate management, and encryption functionalities within a network context.
• Ability to characterize network traffic for trends and patterns and create rules/alerts for traffic validation and intrusion detection.
• Experience with WAN technologies (PPP, Frame Relay, T1s, ISDN) and routing protocols.
• Knowledge of cybersecurity principles, cyber threats, vulnerabilities, and the specific operational impacts of cybersecurity lapses.
• Familiarity with Active Directory, non-Active Directory domains (LDAP), and federated services.
• Skill in cable management, router IOS backup/recovery/upgrade, and implementing DHCP/DNS.
• Ability to troubleshoot complex computer software and hardware issues related to network connectivity.
• Understanding of national and international laws, regulations, policies, and ethics as they relate to cybersecurity and network operations.
• Excellent problem-solving skills and the ability to work effectively under pressure in mission-critical environments.
• Strong communication and documentation skills.
• Experience with USSOCOM, SOF environments, or other DoD agencies is a significant advantage.

Original Posting:

May 19, 2025
For U.S. Positions: While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.

Pay Range:

Pay Range $89,700.00 - $162,150.00

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.