[Hiring] Senior Network Security Engineer @Ignite IT

Role Description

The Senior Network Security Engineer supports our program with the U.S. Census Bureau by designing, implementing, operating, troubleshooting, and improving enterprise network security services across on-premises, hybrid-cloud, and cloud-connected environments. The role focuses on:

• Firewall engineering
• VPN and remote access services
• RSA SecurID or equivalent MFA/token services
• Content filtering
• Network access control
• Edge security services
• Monitoring and logging integration
• Vulnerability remediation
• Security documentation
• Policy compliance for TCO-managed systems

The engineer serves as a senior technical resource for:

• Secure network architecture
• Operations support
• Incident response coordination
• Compliance support

This position works closely with:

• TCO leadership
• Network Infrastructure
• Identity and Domain Services
• Cloud teams
• SOC/NOC/Operations Center personnel
• The Office of Information Security (OIS)
• Information System Security Officers (ISSOs)
• System Owners
• Application teams

Qualifications

• 7+ years of experience in network security engineering, network infrastructure, cybersecurity infrastructure, or a closely related role.
• 5+ years of hands-on experience designing, implementing, administering, and troubleshooting enterprise firewall platforms in production environments.
• Hands-on experience with Cisco firewall technologies such as Cisco FTD/FMC, ASA, AnyConnect/Secure Client, or equivalent Cisco security platforms.
• Hands-on experience with Palo Alto Networks technologies such as NGFW, Panorama, GlobalProtect, App-ID/User-ID, security profiles, and policy optimization.
• Experience with firewall policy design, NAT, segmentation, remote access VPN, site-to-site VPN, IDS/IPS integrations, high availability, logging, and operational troubleshooting.
• Working knowledge of Cloudflare or equivalent DNS, DDoS, WAF, CDN, Zero Trust, or edge security platforms.
• Experience with VPN services, secure remote access, RSA SecurID or equivalent MFA/two-factor authentication services, hardware and software token support, directory integration, partner tunnels, cloud tunnels, and cloud connectivity troubleshooting.
• Experience supporting MFA server operations, including software updates, patching, certificate/configuration changes, backups, log review, monitoring, vulnerability remediation, and vendor/support escalation.
• Working knowledge of TCP/IP, DNS, DHCP, IPAM, BGP, routing, subnetting, TLS/certificates, VPN protocols, packet capture, NetFlow/traffic analysis, and common network diagnostic tools.
• Experience supporting network security in AWS and/or Azure environments.
• Experience integrating network security controls with enterprise monitoring, logging, SIEM, SOC/NOC, or incident response workflows.
• Experience working within formal change management, configuration management, release management, incident management, and vulnerability remediation processes.
• Ability to develop clear technical documentation, diagrams, SOPs, runbooks, implementation plans, rollback plans, status updates, and audit evidence.
• Strong communication and collaboration skills, including the ability to explain technical risk, operational impact, and recommended actions to technical and non-technical stakeholders.
• Ability to obtain and maintain a Public Trust / Background Investigation and complete required DOC/Census security processing, security/privacy training, and non-disclosure requirements.

Requirements

• Deep experience administering Cloudflare DNS, DDoS protection, WAF, CDN, Access, Gateway, Tunnel, Magic Transit, or Zero Trust services.
• Experience with content filtering platforms, secure web gateways, email security gateways, URL filtering, DLP integrations, APT/malware defense integrations, and related cloud security services.
• Deep experience with RSA SecurID/RSA Authentication Manager or equivalent MFA platforms, including token administration, agent/middleware upgrades, high availability, disaster recovery, reporting, and integration with VPN and directory services.
• Experience with Network Access Control technologies such as Cisco ISE, 802.1X, endpoint posture, wireless/LAN access controls, and identity-aware access policies.
• Experience with AWS security and networking services such as VPC, Transit Gateway, Security Groups, NACLs, Route 53, Network Firewall, Direct Connect, VPN, GuardDuty, Security Hub, IAM, and CloudWatch.
• Experience with Azure security and networking services such as VNets, NSGs, Azure Firewall, Application Gateway/WAF, VPN Gateway, ExpressRoute, Private Link, Defender for Cloud, Entra ID, and Azure Monitor.
• Experience supporting federal cybersecurity and compliance requirements such as NIST, FISMA, FedRAMP, ATO support, POA&M remediation, continuous monitoring, audit evidence packages, and security control validation.
• Experience with automation and IaC tools such as Terraform, Ansible, Python, PowerShell, Git, APIs, CI/CD pipelines, or vendor automation frameworks.
• Experience with Zero Trust architecture, SASE/SSE, ZTNA, secure segmentation, policy-as-code, microsegmentation, or identity-aware network access.
• Familiarity with F5/load-balancing/application-delivery concepts for cross-team coordination; hands-on F5 administration is not required for this role.
• Experience leading technical projects, coordinating across matrixed teams, mentoring junior engineers, and supporting Agile/Scrum or JIRA-based task tracking.

Benefits

• 401(k)
• 401(k) matching
• Dental insurance
• Flexible schedule
• Flexible spending account
• Health insurance
• Health savings account
• Life insurance
• Paid time off
• Professional development assistance
• Referral program
• Retirement plan
• Tuition reimbursement
• Vision insurance