Senior Network Engineer

KeenLogic

Job Location:

Washington, DC - USA

Monthly Salary: Not Disclosed

Posted on: 14 days ago

Vacancies: 1 Vacancy

Job Summary

KeenLogicis seeking aSenior Network Engineerto support a federal program at the Congressional Budget Office (CBO). The Senior Network Engineer will provide advanced engineering operational and advisory support for CBOs enterprise Cisco network environment ensuring the security reliability and resilience of critical network infrastructure while supporting ongoing cybersecurity modernization initiatives.

The Senior Network Engineer will design implement and maintain secure network architectures across core distribution access and edge environments with a strong focus on Zero Trust principles network segmentation identity-based access controls and continuous monitoring. This role willleadefforts to strengthen CBOs network security posture support incident response and vulnerability remediation activities and ensure compliance with federal cybersecurity standards including NIST and Zero Trust Architecture requirements. The position combines deep technical expertise strategic network engineering and cross-functional collaboration to support mission-critical infrastructure and enhance the organizations overall cybersecurity readiness.

Candidates must be able to support on-site workas-neededinWashington position supports a long-term federal contractoffering up to five years of continued work. This is a full-time positionwith an anticipatedstart dateofAugust15 Fortune 500-level benefits including health dental and vision insurance PTO 401(k) and life insurance.

Required Qualifications

U.S. Citizenand eligiblefor a Public Trust clearance

Bachelors degree inan IT-related field.

7 years of experience designing implementing and supporting enterprise network infrastructure including large-scale Cisco environments.

5 years of experience leading network architecture security engineering or infrastructure modernization initiatives.

Demonstrated experience implementing Zero Trust Architecture network segmentation micro-segmentation identity-based access controls and 802.1X authentication.

Extensive experience with enterprise routing switching firewalls VPNs DNS DHCP network monitoring and security operations.

Experience supporting federal cybersecurity compliance requirements including NIST SP 800-53 NIST SP 800-207 RMF and related security frameworks.

Experience serving as a technical lead advisor or subject matter expert supporting complex network engineering projects.

Job Duties and Responsibilities

Implement and maintain network security controls aligned with NIST SP 800-53 including access control (AC) configuration management (CM) system and communications protection (SC) and audit and accountability (AU) control families.

Engineer and enforce Zero Trust network architecture principles in accordance with NIST SP 800-207 including network segmentation micro-segmentation and continuous verification of users and devices.

Design and implement least-privilege network access controls ensuring role-based and identity-aware access across all network layers.

Deploy and manage 802.1X port-based network access control to prevent unauthorized device connectivity and enforce authentication at the network edge.

Configure and maintain centralized logging and audit capabilities for all network devices ensuring logs are forwarded to enterprise SIEM platforms and retained in accordance with compliance requirements.

Conduct continuous monitoring and vulnerability assessments of network infrastructure identifying risks and coordinating remediation in alignment with NIST Risk Management Framework (RMF) practices.
Harden all network devices using secure configuration baselines (e.g. Cisco Secure Configuration Guides) including disabling unnecessary services enforcing strong encryption protocols and securing management interfaces.
Secure public-facing and perimeter network assets by implementing strict ingress/egress filtering firewall rule optimization and multi-factor authentication for administrative access.

Support incident response activities by providing network-level analysis containment actions (e.g. segmentation blocking malicious traffic) and forensic data collection.

Establish and maintain secure network segmentation strategies to limit lateral movement and protect high-value assets and sensitive environments.

Ensure all network changes follow formal change control processes with security impact analysis supporting compliance with NIST configuration management requirements.

Lead or participate in security assessments audits and compliance reviews providing evidence documentation and remediation support as required.

Continuously evaluate and enhance network security posture through adoption of emerging best practices threat intelligence and Cisco security innovations.

Develop implement and maintain Network Standard Operating Procedures (SOPs); review and update all SOPs on at least an annual basis or as required to reflect changes in technology policy or security requirements.

Document and maintain detailed hardware and configuration baselines for all network devices including Cisco switches routers firewalls and related infrastructure; conduct annual reviews and updates.

Perform root cause analysis (RCA) for network incidents including performance degradation outages and security events; document findings and implement corrective and preventive actions.

Establish implement and maintain automated network patch management and firmware update procedures in accordance with Cisco best practices and organizational security policies.

Develop maintain and update comprehensive network diagrams that accurately reflect the CBO enterprise network architecture including cloud production and secure environments; review and update diagrams annually or as changes occur.

Administer and troubleshoot enterprise DNS services including configuration changes issue resolution and performance optimization.

Support continuous real-time monitoring of network infrastructure (24/7 operations) including integration with network management and security monitoring tools.

Maintain accurate and up-to-date documentation of network configurations assets and operational procedures to support audit readiness and operational continuity.

Required Experience:

Senior IC

Required Qualifications

U.S. Citizenand eligiblefor a Public Trust clearance

Bachelors degree inan IT-related field.

7 years of experience designing implementing and supporting enterprise network infrastructure including large-scale Cisco environments.

5 years of experience leading network architecture security engineering or infrastructure modernization initiatives.

Demonstrated experience implementing Zero Trust Architecture network segmentation micro-segmentation identity-based access controls and 802.1X authentication.

Extensive experience with enterprise routing switching firewalls VPNs DNS DHCP network monitoring and security operations.

Experience supporting federal cybersecurity compliance requirements including NIST SP 800-53 NIST SP 800-207 RMF and related security frameworks.

Experience serving as a technical lead advisor or subject matter expert supporting complex network engineering projects.

Job Duties and Responsibilities

Implement and maintain network security controls aligned with NIST SP 800-53 including access control (AC) configuration management (CM) system and communications protection (SC) and audit and accountability (AU) control families.

Engineer and enforce Zero Trust network architecture principles in accordance with NIST SP 800-207 including network segmentation micro-segmentation and continuous verification of users and devices.

Design and implement least-privilege network access controls ensuring role-based and identity-aware access across all network layers.

Deploy and manage 802.1X port-based network access control to prevent unauthorized device connectivity and enforce authentication at the network edge.

Configure and maintain centralized logging and audit capabilities for all network devices ensuring logs are forwarded to enterprise SIEM platforms and retained in accordance with compliance requirements.

Conduct continuous monitoring and vulnerability assessments of network infrastructure identifying risks and coordinating remediation in alignment with NIST Risk Management Framework (RMF) practices.
Harden all network devices using secure configuration baselines (e.g. Cisco Secure Configuration Guides) including disabling unnecessary services enforcing strong encryption protocols and securing management interfaces.
Secure public-facing and perimeter network assets by implementing strict ingress/egress filtering firewall rule optimization and multi-factor authentication for administrative access.

Support incident response activities by providing network-level analysis containment actions (e.g. segmentation blocking malicious traffic) and forensic data collection.

Establish and maintain secure network segmentation strategies to limit lateral movement and protect high-value assets and sensitive environments.

Ensure all network changes follow formal change control processes with security impact analysis supporting compliance with NIST configuration management requirements.

Lead or participate in security assessments audits and compliance reviews providing evidence documentation and remediation support as required.

Continuously evaluate and enhance network security posture through adoption of emerging best practices threat intelligence and Cisco security innovations.

Develop implement and maintain Network Standard Operating Procedures (SOPs); review and update all SOPs on at least an annual basis or as required to reflect changes in technology policy or security requirements.

Document and maintain detailed hardware and configuration baselines for all network devices including Cisco switches routers firewalls and related infrastructure; conduct annual reviews and updates.

Perform root cause analysis (RCA) for network incidents including performance degradation outages and security events; document findings and implement corrective and preventive actions.

Establish implement and maintain automated network patch management and firmware update procedures in accordance with Cisco best practices and organizational security policies.

Develop maintain and update comprehensive network diagrams that accurately reflect the CBO enterprise network architecture including cloud production and secure environments; review and update diagrams annually or as changes occur.

Administer and troubleshoot enterprise DNS services including configuration changes issue resolution and performance optimization.

Support continuous real-time monitoring of network infrastructure (24/7 operations) including integration with network management and security monitoring tools.

Maintain accurate and up-to-date documentation of network configurations assets and operational procedures to support audit readiness and operational continuity.

Required Experience:

Senior IC