Senior WAN Encryption Engineer & Architect

Va Tech Foundation


Job Location:

Arlington, TX - USA

Monthly Salary: Not Disclosed
Posted on: 13 hours ago
Vacancies: 1 Vacancy

Job Summary

About Us:

VT-ARC a technical services and applied research company has built an organizational culture marked by four primary values: Teamwork Integrity Excellence and Service. Integral to our success is our staffs enthusiasm for solving tough problems by working together in teams to get the job done. We foster a culture where every employees contribution is valued and performed with integrity while maintaining a fun work environment. VT-ARC strives for excellence in all that is done for our clients and such achievement is recognized through service/merit awards. Moreover we promote a sense of community larger than VT-ARC alone where staff and institutional resources can be applied in service to our country.

We are proud to be the recipient of the Best Workplace in Defense Award by Emergent Magazine an honor that recognizes companies with positive cultures that not only impact their people but also make a meaningful difference in the community.

About You:

You are a senior WAN network engineering or secure transport professional who understands how encryption is actually deployed in complex enterprise and mission network architectures. You know how to decide where crypto belongs what type of encryption approach is appropriate how encrypted paths affect routing and transport behavior and how to make those designs secure supportable accreditable and operationally sustainable.

This is a network architecture and integration role not a cryptographic algorithm-design role. Your value is in connecting mission requirements transport design encryption placement commercial solution options CSfC considerations Type 1 dependencies COMSEC/KMI realities and day-two operations into one coherent secure transport architecture. This is not for a key manager rather this is a Senior WAN and secure transport engineering first with heavy crypto expertise applied through network architecture and implementation decisions. This role will have substantial awareness to fluency across the commercial encryption solution space including CSfC COTS security products IPsec MACsec TLS PKI VPN SD-WAN cloud interconnect and secure enterprise transport addition this role will provide the ability to compare Type 1 CSfC commercial COTS and hybrid approaches based on mission need classification risk accreditation and operational supportability.

You are comfortable serving as the primary technical point of accountability for network encryption decisions across WAN LAN cloud interconnect satellite classified enclave commercial transport COMSEC cybersecurity and operations teams.

Position Overview:

VT-ARC is seeking a Senior Secure WAN Encryption Engineer & Architect (SME) to lead secure transport architecture WAN encryption integration CSfC-aware solution planning commercial crypto solution evaluation Type 1 inline encryption integration and crypto modernization for mission-critical programs in secure zero-trust environments. The selected candidate will help determine where encryption should be deployed what encryption approach is appropriate for each transport or enclave how secure paths should be engineered and how those designs should be validated documented transitioned and sustained. This includes the ability to work across Type 1 / HAIPE solutions CSfC-aligned commercial solution architectures COTS IPsec/MACsec/TLS-based approaches PKI-enabled transport designs cloud and carrier connectivity classified networks and mission communications environments.

This role supports enterprise and mission networks across multiple transport layers including WAN LAN private transport commercial transport cloud interconnect satellite communications classified enclaves multi-enclave environments and air-gapped networks. The person in this role will coordinate closely with program leadership operations and mission stakeholders.

Active Top Secret/SCI clearance is required.

VT-ARC offers a competitive signing bonus for qualified candidates.

Duties/Responsibilities:

  • Serve as the senior SME for secure WAN encryption secure transport architecture network crypto placement and encrypted mission communications integration.
  • Lead architecture input and engineering decisions for where and how encryption should be deployed across enterprise WANs classified enclaves cloud interconnects commercial transport private transport SATCOM and air-gapped environments.
  • Evaluate and recommend appropriate encryption approaches including Type 1 / HAIPE CSfC-aligned layered commercial solutions COTS IPsec VPN MACsec TLS-protected services PKI-enabled transport SD-WAN security commercial firewall/VPN platforms and hybrid architectures.
  • Translate mission requirements classification constraints network topology routing domains enclave boundaries keying dependencies and operational needs into practical secure transport designs.
  • Engineer A-side/B-side designs red/black separation crypto boundary placement management paths monitoring paths failover behavior high availability MTU considerations path diversity latency implications and troubleshooting approaches.
  • Support CSfC-aware architecture planning including interpretation of applicable Capability Package concepts commercial component categories layered solution dependencies registration/evidence considerations and RMF/ATO alignment.
  • Assess commercial encryption and secure transport products for suitability within classified or high-assurance network architectures including operational fit scalability management model interoperability vendor supportability certification posture and accreditation dependencies.
  • Coordinate dependencies across COMSEC KMI PKI identity WAN LAN cloud UC cybersecurity infrastructure systems engineering operations and mission teams.
  • Develop secure WAN encryption architectures implementation plans connection diagrams migration plans cutover runbooks test procedures configuration records verification artifacts and operational handoff documentation.
  • Support lab validation proof-of-concept activities integration events site deployments cutovers path validation packet capture analysis failover testing troubleshooting operational acceptance testing and transition to operations.
  • Support crypto modernization planning by assessing current encrypted transport designs identifying architecture gaps evaluating commercial and government-approved options and developing migration strategies.
  • Ensure network encryption and secure transport designs support applicable DoD NSA CNSS RMF ATO STIG COMSEC and program security requirements.
  • Mentor network and mission communications teams on encryption integration dependencies commercial solution tradeoffs secure transport design CSfC considerations and operational impacts.

Required Education Certification Skills Capabilities:

  • Active Top Secret/SCI clearance and U.S. citizenship are required.
  • Senior-level experience as a WAN engineer network engineer secure transport engineer network architect mission communications engineer or equivalent role supporting classified DoD IC federal or high-assurance enterprise networks.
  • Strong understanding of WAN architecture routing switching segmentation transport diversity carrier services high availability failover monitoring path validation and network troubleshooting.
  • Demonstrated experience integrating encryption secure transport Type 1 HAIPE inline encryption COMSEC-dependent transport CSfC-aligned architectures or commercial network encryption capabilities in classified or high-assurance environments.
  • Deep awareness of commercial crypto and secure transport solutions including COTS IPsec VPN gateways/clients MACsec devices TLS-protected services PKI/certificate authority dependencies authentication services software and hardware encryption approaches MDM/EUD dependencies secure voice/VoIP components commercial firewall/VPN platforms SD-WAN security SASE/SSE concepts cloud interconnect security and managed carrier transport options.
  • Working knowledge of CSfC concepts including Capability Packages component categories layered/composed commercial solutions NIAP/Common Criteria considerations FIPS-validated cryptography CNSA/CNSA 2.0 awareness and solution registration/accreditation dependencies.
  • Ability to assess when Type 1 CSfC COTS commercial encryption IPsec/MACsec/TLS overlays cloud-native controls or hybrid approaches are appropriate based on classification mission requirements threat/risk performance operational supportability accreditation path lifecycle and cost/schedule tradeoffs.
  • Working knowledge of A-side/B-side design red/black separation crypto boundary placement management path design keying dependencies enclave separation and encrypted transport integration.
  • Experience supporting global or multi-site enterprise networks across WAN LAN MPLS SD-WAN private transport commercial internet transport classified enclaves cloud connectivity mission networks or air-gapped environments.
  • Ability to coordinate complex technical dependencies among COMSEC KMI PKI network engineering cybersecurity systems engineering infrastructure operations vendors integrators and mission stakeholders.
  • Experience supporting RMF ATO STIG security control implementation continuous monitoring or equivalent cybersecurity compliance activities for network infrastructure.
  • Ability to produce clear architecture diagrams connection diagrams implementation guides migration plans test procedures validation artifacts technical decision records and operational handoff materials.

Desired Education Certification Skills Capabilities:

  • Hands-on experience with CSfC solution planning integration evidence development compliance checklist support or work with a CSfC Trusted Integrator government customer or commercial component ecosystem.
  • Experience with NSA Type 1 inline encryptors HAIPE environments TACLANE or equivalent controlled cryptographic equipment or modernization from Type 1-only designs toward commercial or hybrid secure transport solutions where appropriate.
  • Familiarity with CSfC Capability Packages and annexes such as Multi-Site Connectivity Mobile Access Campus WLAN Data at Rest Enterprise Gray Key Management Symmetric Key Management Continuous Monitoring Tactical WIDS/WIPS or similar CSfC architecture guidance.
  • Experience evaluating commercial network and security products for secure transport use cases including enterprise VPN firewall SD-WAN MACsec TLS gateway/proxy PKI/CA authentication MDM EUD VoIP cloud networking SASE/SSE and monitoring/management platforms.
  • Experience with commercial and government security evaluation concepts such as NIAP Common Criteria FIPS 140 validation CNSA/CNSA 2.0 approved protection profiles supply chain considerations and vendor sustainment requirements.
  • Experience integrating encryption with MPLS carrier Ethernet SD-WAN commercial internet satellite tactical transport cloud interconnect unified communications mission partner networks or cross-domain-adjacent architectures.
  • Experience with packet capture path validation MTU analysis crypto troubleshooting network performance analysis failover testing telemetry logging monitoring and operational acceptance testing.
  • Familiarity with Zero Trust principles defense-in-depth network design secure enclave integration network segmentation identity-aware access and continuous monitoring.
  • Professional certifications such as CCNP CCIE JNCIP JNCIE Security CISSP GSEC GCIA GDSA SANS/GIAC credentials cloud networking/security certifications INCOSE CSEP/ESEP or equivalent technical credentials.

Primary Work Location: Work is expected to be fully onsite in Arlington VA.

Special Work Conditions: Travel may be required up to 10%.

Security:

  • Must be a U.S. Citizen
  • Active Top Secret/SCI clearance is required

Competitive Salary: VT-ARC offers a competitive salary and benefits package designed to attract and retain senior technical talent supporting mission-critical programs.

Salary Range: $225000$275000 annually

Virginia Tech Applied Research Corporation: VT-ARC is a 501(c)(3) non-profit R&D organization affiliated with Virginia Polytechnic Institute and State University (Virginia Tech or VT). Our mission is to provide superior analytic and technology solutions across multiple domains by leveraging Virginia Techs multidisciplinary research and innovation ecosystem. With unique access to the broad and rich research enterprise found at Virginia Tech VT-ARC forms multi-disciplinary teams to apply innovative solutions to the real-world problems that strain our social political industrial and economic foundations.

To learn more about VT-ARCs Benefits Perks Culture & more visit our Careers page: Tech Applied Research Corporation is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race color religion sex sexual orientation gender identity national origin age disability veteran status or any other status protected by law. As a federal contractor we are committed to providing equal employment opportunity and affirmative action for qualified individuals with disabilities under Section 503 of the Rehabilitation Act of 1973. If you need a reasonable accommodation to complete the application or interview process please contact Human Resources at

Virginia Tech Applied Research Corporation uses E-Verify to confirm the employment eligibility of all newly hired employees. To learn more about E-Verify including your rights and responsibilities please visit .


Required Experience:

Senior IC

About Us: VT-ARC a technical services and applied research company has built an organizational culture marked by four primary values: Teamwork Integrity Excellence and Service. Integral to our success is our staffs enthusiasm for solving tough problems by working together in teams to get the job don...

About Company

Company Logo

A leader in innovative solutions that safeguard the nation and advance global welfare.

View Profile View Profile