Senior Network Engineer (Security) (TS)
Role details
Job location
Tech stack
Job description
We are seeking a highly skilled Senior Network Engineer (Security) who will serve as the Subject Matter Expert (SME) for enterprise network security infrastructure. The engineer will design, implement, manage, and optimize critical security controls, including firewalls, VPN systems, intrusion prevention systems (IPS), and network access control (NAC). This role is responsible for securing both perimeter and internal network segments, ensuring resilient, compliant, and mission-ready operations. The selected candidate will support security operations at Joint Base Anacostia-Bolling and must maintain an active TS/SCI clearance. Candidates who do not hold a TS/SCI please do not apply., * Serve as the Subject Matter Expert (SME) for network security infrastructure across mission systems.
- Design, deploy, configure, and maintain enterprise firewalls, IPS, NAC, VPNs, and segmentation technologies.
- Engineer secure network architectures that protect the perimeter and internal network segments from advanced threats.
- Administer and maintain Palo Alto Networks next-generation firewalls (PA-5000 series) and Cisco Adaptive Security Appliance (ASA) platforms.
- Manage site-to-site and remote-access VPN solutions, including security policy enforcement and identity-based access controls.
- Analyze security logs, events, and packet data to detect and respond to threats.
- Support zero-trust initiatives, access segmentation, and least-privilege network design.
- Develop, implement, and maintain security baselines and configuration standards.
- Provide Tier III operational support and perform root cause analysis for complex network security issues.
- Collaborate with cybersecurity teams to ensure compliance with DoD security frameworks, STIGs, and enterprise policies.
- Document configurations, changes, engineering updates, and architectural decisions.
Requirements
Koniag Management Solutions, LLC (KMS), a Koniag Government Services (KGS) company, is hiring a Senior Network Engineer (Security). Position requires an active Top Secret/SCI clearance with ability to obtain additional security requirements. Please do not apply if you do not possess the required Top-Secret Clearance., * CISSP (or CCNP Security + CASP+)
- Platform-specific certification (e.g., Palo Alto, Cisco, or equivalent)
Preferred Technical Certifications (Plus):
- CCNP Security
- GCIH or GCIA
- CySA+
- CCIE Security
- GIAC advanced certifications (e.g., GCIA, GWAPT)
- CCSP
Required Technical Knowledge: Strong understanding of:
- Palo Alto Networks PA-5000 series next-generation firewall platforms
- Cisco ASA firewall technologies
- VPN design and management (IPsec, SSL/TLS, DMVPN)
- Intrusion Prevention Systems (IPS)
- Network Access Control (NAC) technologies
- Security zoning, segmentation, micro-segmentation, and zero-trust principles
- Secure routing, switching, and firewall policy design
- Network monitoring, packet capture, and threat detection tools
Preferred Experience:
- Designing enterprise network security architectures in DoD or IC environments.
- Implementing segmentation in hybrid or multi-site mission networks.
- Performing threat analysis, incident response, or vulnerability mitigation for network infrastructure.
- Supporting enterprise security toolsets, SIEM, and intrusion-detection platforms.
- Working with STIGs, SRGs, compliance frameworks, and accreditation processes.
Benefits & conditions
We offer competitive compensation and an extraordinary benefits package including health, dental and vision insurance, 401K with company matching, flexible spending accounts, paid holidays, three weeks paid time off, and more.