Ignite IT supports the U.S. Census Bureau by providing network security services. The Senior Network Security Engineer is responsible for designing, implementing, and improving enterprise network security across various environments, focusing on firewall engineering, VPN services, and compliance support.
Responsibilities:
- Design, configure, administer, maintain, and troubleshoot enterprise firewall solutions, including Cisco and Palo Alto platforms, firewall policy rule bases, NAT, segmentation, threat prevention, logging, high availability, and secure configuration baselines
- Install, configure, maintain, and upgrade firewall hardware and software into new and existing network infrastructure, including cloud-connected environments
- Administer firewall policies and services in accordance with Census IT security policy, secure configuration standards, and change control processes
- Perform recurring firewall rule base reviews, rule recertification, policy cleanup, decommissioning of obsolete rules, and optimization to reduce risk and complexity
- Identify, diagnose, and resolve firewall issues involving connectivity, rule behavior, utilization, performance, routing, VPNs, DNS, TLS/certificates, application flows, and log/packet analysis
- Install, configure, maintain, monitor, and troubleshoot VPN services, including remote access VPN, site-to-site VPN, client/clientless access, partner connectivity, mobile device access, and cloud connectivity
- Support RSA SecurID or equivalent MFA/two-factor authentication and directory service integrations for VPN and remote access services where applicable
- Maintain, operate, administer, patch, upgrade, and troubleshoot RSA SecurID or equivalent MFA/two-factor authentication infrastructure supporting VPN and remote access, including authentication servers/appliances, middleware/agents, certificates, high availability, backups, logs, monitoring, and directory service integration
- Support RSA/MFA token lifecycle operations, including hardware and software token provisioning, assignment, activation, replacement, resynchronization, deactivation, inventory tracking, end-user/tiered support, and emergency access processes
- Monitor and report on VPN availability, utilization, and performance, and resolve connectivity issues affecting users, business partners, cloud networks, and mission systems
- Administer or support Cloudflare and related edge security capabilities, including DNS, DDoS protection, WAF policies, CDN, Access/Gateway, Zero Trust/ZTNA, tunneling, access controls, and logging
- Design, implement, maintain, and troubleshoot content filtering services, including web security gateways, email security gateways, URL filtering, Data Loss Prevention (DLP) integrations, Advanced Persistent Threat (APT) integrations, malware defense integrations, and related cloud services
- Support network access control services, including NAC policy administration, endpoint posture or 802.1X controls, identity-aware access policies, and integrations with firewalls, wireless, LAN, and identity management systems
- Perform policy reviews for content filtering and NAC services as threats, requirements, and enterprise standards change
- Implement and manage network security controls across AWS, Azure, and hybrid environments, including VPCs/VNets, security groups, NACLs/NSGs, route tables, cloud firewalls, Transit Gateway, ExpressRoute, Direct Connect, VPN, DNS, monitoring, and logging
- Provide technical guidance on Zero Trust principles, network segmentation, microsegmentation, least-privilege access, secure data transmission, threat detection, and compliance monitoring across on-premises and cloud environments
- Evaluate proposed network and cloud changes for security impact, operational risk, compliance impact, and maintainability
- Ensure core network security capabilities are integrated into enterprise monitoring, alerting, logging, and SIEM platforms for availability, diagnostics, traceability, operational insight, and incident response
- Review logs, alerts, vulnerability notices, vendor advisories, and threat information; recommend and implement improvements to reduce risk and improve network security posture
- Support Operations Center, SOC/NOC, and incident response teams during maintenance, outages, investigations, security events, and incident resolution
- Provide Tier II-IV troubleshooting support for complex network security incidents and service-impacting issues
- Participate in after-hours upgrades, approved maintenance windows, emergency troubleshooting, and on-call availability as needed
- Support IT Security, ISSO, System Owner, and OIS activities by addressing findings and POA&Ms, supporting control implementation and validation, evaluating vulnerability scan results, and preparing evidence/artifacts for review
- Create and maintain comprehensive documentation for firewall, VPN, RSA/MFA token services, content filtering, NAC, and edge security services, including topology diagrams, equipment inventories, token lifecycle procedures, configurations, SOPs, runbooks, code/IaC repositories, implementation plans, rollback plans, and build/upgrade procedures
- Follow and document configuration management, change management, and release management policies, methods, and procedures
- Use automation and Infrastructure as Code (IaC) where practical for repeatable provisioning, configuration, deployment, documentation, monitoring, and operational efficiencies
- Provide status input, technical briefings, metrics, root-cause analysis, knowledge transfer, and mentoring to government staff and other contractor personnel
- Firewall, VPN, RSA/MFA token services, content filtering, NAC, Cloudflare/edge security, and cloud security configurations implemented through approved change processes
- RSA/MFA server operations documentation, patch/upgrade records, token inventory/lifecycle procedures, troubleshooting notes, and user-support coordination artifacts
- Firewall rule reviews, recertification results, policy cleanup recommendations, and decommissioning plans
- Technical diagrams, SOPs, runbooks, configuration documentation, build/upgrade procedures, implementation plans, rollback plans, and knowledge articles
- Monitoring and logging integration updates, alert tuning recommendations, operational metrics, and incident support artifacts
- Vulnerability remediation documentation, POA&M support, control evidence, audit artifacts, and risk/impact analysis for TCO-managed systems
- Status updates, ticket updates, JIRA/task updates, and input to weekly, bi-weekly, or monthly reporting as required
Requirements:
- 7+ years of experience in network security engineering, network infrastructure, cybersecurity infrastructure, or a closely related role
- 5+ years of hands-on experience designing, implementing, administering, and troubleshooting enterprise firewall platforms in production environments
- Hands-on experience with Cisco firewall technologies such as Cisco FTD/FMC, ASA, AnyConnect/Secure Client, or equivalent Cisco security platforms
- Hands-on experience with Palo Alto Networks technologies such as NGFW, Panorama, GlobalProtect, App-ID/User-ID, security profiles, and policy optimization
- Experience with firewall policy design, NAT, segmentation, remote access VPN, site-to-site VPN, IDS/IPS integrations, high availability, logging, and operational troubleshooting
- Working knowledge of Cloudflare or equivalent DNS, DDoS, WAF, CDN, Zero Trust, or edge security platforms
- Experience with VPN services, secure remote access, RSA SecurID or equivalent MFA/two-factor authentication services, hardware and software token support, directory integration, partner tunnels, cloud tunnels, and cloud connectivity troubleshooting
- Experience supporting MFA server operations, including software updates, patching, certificate/configuration changes, backups, log review, monitoring, vulnerability remediation, and vendor/support escalation
- Working knowledge of TCP/IP, DNS, DHCP, IPAM, BGP, routing, subnetting, TLS/certificates, VPN protocols, packet capture, NetFlow/traffic analysis, and common network diagnostic tools
- Experience supporting network security in AWS and/or Azure environments
- Experience integrating network security controls with enterprise monitoring, logging, SIEM, SOC/NOC, or incident response workflows
- Experience working within formal change management, configuration management, release management, incident management, and vulnerability remediation processes
- Ability to develop clear technical documentation, diagrams, SOPs, runbooks, implementation plans, rollback plans, status updates, and audit evidence
- Strong communication and collaboration skills, including the ability to explain technical risk, operational impact, and recommended actions to technical and non-technical stakeholders
- Ability to obtain and maintain a Public Trust / Background Investigation and complete required DOC/Census security processing, security/privacy training, and non-disclosure requirements
- Deep experience administering Cloudflare DNS, DDoS protection, WAF, CDN, Access, Gateway, Tunnel, Magic Transit, or Zero Trust services
- Experience with content filtering platforms, secure web gateways, email security gateways, URL filtering, DLP integrations, APT/malware defense integrations, and related cloud security services
- Deep experience with RSA SecurID/RSA Authentication Manager or equivalent MFA platforms, including token administration, agent/middleware upgrades, high availability, disaster recovery, reporting, and integration with VPN and directory services
- Experience with Network Access Control technologies such as Cisco ISE, 802.1X, endpoint posture, wireless/LAN access controls, and identity-aware access policies
- Experience with AWS security and networking services such as VPC, Transit Gateway, Security Groups, NACLs, Route 53, Network Firewall, Direct Connect, VPN, GuardDuty, Security Hub, IAM, and CloudWatch
- Experience with Azure security and networking services such as VNets, NSGs, Azure Firewall, Application Gateway/WAF, VPN Gateway, ExpressRoute, Private Link, Defender for Cloud, Entra ID, and Azure Monitor
- Experience supporting federal cybersecurity and compliance requirements such as NIST, FISMA, FedRAMP, ATO support, POA&M remediation, continuous monitoring, audit evidence packages, and security control validation
- Experience with automation and IaC tools such as Terraform, Ansible, Python, PowerShell, Git, APIs, CI/CD pipelines, or vendor automation frameworks
- Experience with Zero Trust architecture, SASE/SSE, ZTNA, secure segmentation, policy-as-code, microsegmentation, or identity-aware network access
- Familiarity with F5/load-balancing/application-delivery concepts for cross-team coordination; hands-on F5 administration is not required for this role
- Experience leading technical projects, coordinating across matrixed teams, mentoring junior engineers, and supporting Agile/Scrum or JIRA-based task tracking