Network/Systems Engineer
Overview:
By Light is hiring a CBII Network/Systems Engineer to support the Cloud Based Internet Isolation (CBII) Program.
The CBII Engineer will assist in engineering efforts to assess, design, test, and recommend deployable solutions to improve all aspects of the CBII program.
Cyber engineering roles and responsibilities encompass both on-premises and cloud-based network infrastructure and services, to include network load balancers, routers, switches, proxy servers, firewalls, SSL Break & Inspect, enterprise directory & authentication services, Access Control Lists (ACLs), secure remote access (ie, Secure shell, Secure VPN, IPSec), DNS, ECS/EDNS0, and IPv4/IPv6 topologies.
This position is also responsible for providing implementation, integration, and migration support in addition to supplementing Operations Tier 3 support for the CBII program by conducting root cause analysis, associating policy configurations with event data and traffic behavior, and coordinating directly with key government stakeholders to address critical issues.
Responsibilities:
Employ disciplined systems engineering processes including, but not limited to, requirements development, technical management and control, and system/software design and architectureImplement system engineering best practices associated with risk management, configuration management, data management, test and evaluation (T), and verification and validation (V) throughout the period of performanceSupport the design and development of systems and processes and their integration into the overarching enterprise DoD architectureWork with Subject Matter Experts (SMEs) to ensure proper security requirements are met/exceeded for the overarching enterprise DoD architectureProvide all required design and development documents and supporting architectural documentation in compliance with Department of Defense Architectural Framework (DoDAF) Enterprise Architecture guidance, or other frameworks as identifiedSupport routing and switching analysis of enterprise-wide and large-scale networking infrastructure (CAN, MAN, WAN), to include, but not limited to:
troubleshooting routing protocol and peering configurations, making route optimization recommendations, highlighting traffic congestion points, and evaluating QoS policiesEnsure network infrastructure is supported by government approved hardware and software solutionsEvaluate network transport and security architectures IAW industry and government standardsEvaluate network utilization, dataflows, trends, issues, and risk-factors to enhance organizational and planning recommendations while developing appropriate corrective action plans as needed to ensure that all customer requirements and/or SLA requirements are satisfied.
Conduct market research to identify products and features that meet CBII integration requirementsProvide technical expertise in design review, test planning, test execution, and the evaluation and reporting of test results Provide technical expertise in support of implementation planning and all associated deployment, integration, and migration activities required to deliver cutting-edge cloud-based security services to DoD organizations across large-scale, complex enterprise networks in production environmentsReview emerging security requirements for DoD NIPRNet protection Assess and analyze new and current requirements in conjunction with current NIPRNet architecture; Propose and evaluate potential solutions as they apply to existing CBII architecture Conduct security audits, risk assessments, threat analyses, contingency planning activities in accordance with applicable risk management frameworks, security standards, and best practices Review security threats to current DoD internet gateway infrastructure, architecture, and technology to identify, design, integrate, test, and deploy effective countermeasures IAW established policies/regulations/directivesProvide engineering support to CBII Network Operations Center (NOC) personnel Required Experience/
Qualifications:
BS in Computer Science, or related area required, with minimum 5 years work experience.
DoD 8570-01-M IAT Level II or higher to include Security+, GSEC, SCNP, SSCP, or CISSPDISN and Internet IP Design ExperienceNetwork and System Engineering experience to include Mobility, Cybersecurity and TestingExpertise in large-scale IP Networking and TestingRouting protocols:
BGP, MP-BGP, MPLS/RSVP, OSPF, IS-IS, RIP, Multicast, IPv6, QoSPossess excellent interpersonal communication skills with the ability to interact with management and staff at all levelsAbility to generate actionable test strategies and associated documentationAbility to generate Standard Operating Procedure (SOP) documentationAbility to conduct Virtual Instructor-Led Training for customer network/system administrators Preferred Experience/
Qualifications:
Operational experience with web proxy and/or proxy-chained security solutions Operational experience hosting systems/services in AWS (or Azure)Any direct experience with AWS GovCloud and/or FedRAMP accreditationAny AWS certificationsExperience working directly with Network Boundary teams, Firewalls, and/or WCF technologies Experience managing and/or deploying PKI infrastructureADFS experienceDNS experience Special Requirements/Security Clearance:
Minimum SECRET Clearance requiredTravel:
Minimal Physical Demands:
Ability to type, communicate via telephone and sit for extended periods of time.
.
Estimated Salary: $20 to $28 per hour based on qualifications.
By Light is hiring a CBII Network/Systems Engineer to support the Cloud Based Internet Isolation (CBII) Program.
The CBII Engineer will assist in engineering efforts to assess, design, test, and recommend deployable solutions to improve all aspects of the CBII program.
Cyber engineering roles and responsibilities encompass both on-premises and cloud-based network infrastructure and services, to include network load balancers, routers, switches, proxy servers, firewalls, SSL Break & Inspect, enterprise directory & authentication services, Access Control Lists (ACLs), secure remote access (ie, Secure shell, Secure VPN, IPSec), DNS, ECS/EDNS0, and IPv4/IPv6 topologies.
This position is also responsible for providing implementation, integration, and migration support in addition to supplementing Operations Tier 3 support for the CBII program by conducting root cause analysis, associating policy configurations with event data and traffic behavior, and coordinating directly with key government stakeholders to address critical issues.
Responsibilities:
Employ disciplined systems engineering processes including, but not limited to, requirements development, technical management and control, and system/software design and architectureImplement system engineering best practices associated with risk management, configuration management, data management, test and evaluation (T), and verification and validation (V) throughout the period of performanceSupport the design and development of systems and processes and their integration into the overarching enterprise DoD architectureWork with Subject Matter Experts (SMEs) to ensure proper security requirements are met/exceeded for the overarching enterprise DoD architectureProvide all required design and development documents and supporting architectural documentation in compliance with Department of Defense Architectural Framework (DoDAF) Enterprise Architecture guidance, or other frameworks as identifiedSupport routing and switching analysis of enterprise-wide and large-scale networking infrastructure (CAN, MAN, WAN), to include, but not limited to:
troubleshooting routing protocol and peering configurations, making route optimization recommendations, highlighting traffic congestion points, and evaluating QoS policiesEnsure network infrastructure is supported by government approved hardware and software solutionsEvaluate network transport and security architectures IAW industry and government standardsEvaluate network utilization, dataflows, trends, issues, and risk-factors to enhance organizational and planning recommendations while developing appropriate corrective action plans as needed to ensure that all customer requirements and/or SLA requirements are satisfied.
Conduct market research to identify products and features that meet CBII integration requirementsProvide technical expertise in design review, test planning, test execution, and the evaluation and reporting of test results Provide technical expertise in support of implementation planning and all associated deployment, integration, and migration activities required to deliver cutting-edge cloud-based security services to DoD organizations across large-scale, complex enterprise networks in production environmentsReview emerging security requirements for DoD NIPRNet protection Assess and analyze new and current requirements in conjunction with current NIPRNet architecture; Propose and evaluate potential solutions as they apply to existing CBII architecture Conduct security audits, risk assessments, threat analyses, contingency planning activities in accordance with applicable risk management frameworks, security standards, and best practices Review security threats to current DoD internet gateway infrastructure, architecture, and technology to identify, design, integrate, test, and deploy effective countermeasures IAW established policies/regulations/directivesProvide engineering support to CBII Network Operations Center (NOC) personnel Required Experience/
Qualifications:
BS in Computer Science, or related area required, with minimum 5 years work experience.
DoD 8570-01-M IAT Level II or higher to include Security+, GSEC, SCNP, SSCP, or CISSPDISN and Internet IP Design ExperienceNetwork and System Engineering experience to include Mobility, Cybersecurity and TestingExpertise in large-scale IP Networking and TestingRouting protocols:
BGP, MP-BGP, MPLS/RSVP, OSPF, IS-IS, RIP, Multicast, IPv6, QoSPossess excellent interpersonal communication skills with the ability to interact with management and staff at all levelsAbility to generate actionable test strategies and associated documentationAbility to generate Standard Operating Procedure (SOP) documentationAbility to conduct Virtual Instructor-Led Training for customer network/system administrators Preferred Experience/
Qualifications:
Operational experience with web proxy and/or proxy-chained security solutions Operational experience hosting systems/services in AWS (or Azure)Any direct experience with AWS GovCloud and/or FedRAMP accreditationAny AWS certificationsExperience working directly with Network Boundary teams, Firewalls, and/or WCF technologies Experience managing and/or deploying PKI infrastructureADFS experienceDNS experience Special Requirements/Security Clearance:
Minimum SECRET Clearance requiredTravel:
Minimal Physical Demands:
Ability to type, communicate via telephone and sit for extended periods of time.
.
Estimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
