Network Engineer 3 - Tysons, VA

We rely on a secure, resilient enterprise network to support critical business functions across M.C. Dean and to enable delivery for our customers worldwide. The successful candidate will join a dynamic, multidiscipline team responsible for the design, implementation, integration, and operation of M.C. Dean's enterprise network infrastructure spanning headquarters, regional offices, lab environments, and secure enclaves-including the CMMC-aligned environment used for handling Controlled Unclassified Information (CUI), As a senior member of the network team, the Senior Network Engineer's responsibilities will include (but will not be limited to) the following:

• Develop detailed technical and performance specifications for enterprise network solutions based on business needs, operational requirements, and constraints across diverse internal and external stakeholders.
• Research available technology options and their respective functional, performance, security, and interoperability characteristics; evaluate alternatives and select platforms accordingly.
• Produce detailed network architecture and design-covering routing, switching, wireless, firewalls, SD-WAN, remote and site-to-site VPN, cloud networking, and segmentation-with integrated security controls and hardening; collaborate with the Network Architect and other senior team members to drive best practices across the enterprise.
• Own end-to-end delivery of cross-functional network initiatives via the team's RFC (Request for Change) process: structure the problem, evaluate solutions, coordinate cross-team reviewers, and drive proposals through governance to implementation.
• Lead implementation and configuration of network components, including extensive use of templates and automation, in accordance with established change management policies and security baselines.
• Design and operate dedicated network segments and supporting controls (e.g., dedicated firewalls, isolated VLANs, encrypted transport) for regulated environments, including the CUI enclave.
• Plan, evaluate, and execute capacity optimization, updates, upgrades, and other lifecycle activities; troubleshoot complex infrastructure problems; provide escalation-level support for service availability and performance issues.
• Manage carrier and Internet service relationships and the underlying physical layer at the Tysons headquarters and other sites, including copper/fiber identification, demarcation, and coordination of moves/adds/changes with providers.
• Engineer site-to-site and customer-program connectivity (including private circuits for project delivery, such as transit and rail programs) in coordination with project teams.
• Create and maintain detailed and accurate system documentation, including design and configuration plans, network and system boundary diagrams, task-oriented procedures, operations and maintenance plans, and runbooks.
• Mentor junior network engineers; review designs and changes from the team; contribute to standards, templates, and reusable patterns.

Do you have experience in Zero trust architecture design?, Specific qualification requirements for the position include the following:

• Routing, Switching & Wireless: Extensive hands-on experience designing, deploying, and operating enterprise Cisco environments-including campus and data-center switching, dynamic routing (OSPF, BGP), and enterprise wireless (Cisco Wireless or comparable). Proficient with Cisco Catalyst Center or equivalent controller-based management.
• SD-WAN & WAN: Practical experience designing and operating Cisco SD-WAN (or comparable) including overlay/underlay architectures, transport diversity, and policy-based routing; carrier-service management, including coordination with ISPs and private-circuit providers.
• Next-Generation Firewall: Deep expertise with Palo Alto Networks NGFW administration and policy design, including Panorama-based centralized management and AIOps for NGFW; advanced features such as App-ID, User-ID, decryption, IPS, and URL filtering.
• Cloud Networking: Proficient designing and supporting Azure networking constructs (VNets, peering, NSGs, Azure Firewall, Application Gateway/WAF, ExpressRoute or VPN gateways) and integrating cloud and on-premises environments.
• Zero Trust & Remote Access: Working experience implementing Zero Trust Network Access (e.g., Zscaler) and modern remote-access VPN; integration with identity providers (Active Directory, Entra ID) and conditional access.
• Monitoring & Observability: Familiarity with enterprise network management and observability platforms; able to design alerting, telemetry collection, and dashboards to support proactive operations and root-cause analysis.
• Security & Compliance: Strong working knowledge of network security best practices and applicable frameworks (CIS Controls, ISO 27001, NIST SP 800-171, CMMC v2.0 Level 2). Experience designing and operating networks that store, process, or transmit CUI.
• Automation & Change Management: Experience using configuration management and Infrastructure-as-Code tooling (e.g., Ansible, Terraform) in support of network operations; disciplined change management aligned to ITIL-style practices., 5+ years of progressive experience in enterprise network engineering, including hands-on responsibility for design, implementation, and operations in complex, regulated environments. Proven ability to deliver secure, scalable, and automated network solutions.
• Advanced knowledge of secure configuration benchmarks and hands-on experience in network device hardening.
• Thorough understanding of network infrastructure, concepts of operation, and protocols such as TCP/IP, BGP, OSPF, MPLS, DNS, DHCP, SNMP, Syslog, and IPSec.
• Working knowledge of endpoint security, SIEM, and vulnerability management as they integrate with network controls.
• Demonstrated time-management and organizational skills while working in a fast-paced, multidiscipline team environment.
• Strong analytical and problem-solving skills.
• Strong oral and written communication skills, with the ability to author RFCs, design documents, and operating procedures for both technical and executive audiences.
• Proficiency with workflow and lifecycle management systems (e.g., Atlassian Jira and Confluence)., * Bachelor's degree in Computer Science, Information Technology, or a related Engineering Discipline.

Certification (one or more required; equivalent industry experience considered)

• Cisco CCNP Enterprise (or higher)
• Palo Alto Networks PCNSE
• Cisco SD-WAN Specialist or equivalent SD-WAN credential
• CompTIA Security+
• AWS or Azure networking certification (e.g., AZ-700)

Abilities:

• Exposure to computer screens for an extended period of time.
• Sitting for extended periods of time.
• Reach by extending hands or arms in any direction.
• Have finger dexterity in order to manipulate objects with fingers rather than whole hands or arms, for example, using a keyboard.
• Listen to and understand information and ideas presented through spoken words and sentences.
• Communicate information and ideas in speaking so others will understand.

M.C. Dean is Building Intelligence®. We design, build, operate, and maintain cyber-physical solutions for the nation's most mission-critical facilities, secure environments, complex infrastructure, and global enterprises. With over 9,000 employees, our capabilities span electrical, electronic security, telecommunications, life safety, automation and controls, audiovisual, and IT systems. Headquarters in Tysons, Virginia, M.C. Dean delivers resilient, secure, and innovative power and technology solutions through engineering expertise and smart systems integration. Why Join Us? Our people are passionate about engineering innovation that improves lives and drives impactful change. Guided by our core values-agility, expertise, and trust-we foster a collaborative and forward-thinking work environment. At M.C. Dean, we are committed to building the next generation of technical leaders in electrical, engineering, and cybersecurity industries.