Network Engineer

Overview

The Network Engineer is responsible for the operation, troubleshooting, maintenance, and improvement of enterprise network infrastructure in a secure government-contractor environment. This role works across routers, switches, firewalls, VPNs, cloud networking, DNS, routing, segmentation, monitoring, and network security controls. The ideal candidate is a real network engineer who can trace complex issues across clients, networks, cloud infrastructure, security controls, and backend services. This person should be capable of independently identifying root causes, proposing fixes, implementing approved changes, and producing clear technical documentation and compliance evidence.

Responsibilities

• Administer, monitor, and troubleshoot enterprise routers, switches, firewalls, VPNs, DNS, DHCP, and network security infrastructure.
• Support secure network connectivity across cloud environments, datacenters, offices, remote users, and partner/customer connections.
• Configure and troubleshoot VLANs, routing, NAT, ACLs, firewall policies, VPN tunnels, DNS forwarding, and network segmentation.
• Diagnose complex connectivity and performance issues across clients, firewalls, load balancers, cloud networks, clusters, and backend services.
• Analyze logs, packet captures, routing tables, flow logs, firewall logs, and monitoring data to determine root cause.
• Implement approved production network changes through formal change-control procedures.
• Maintain accurate network diagrams, configuration records, IP address documentation, firewall rule documentation, and operational runbooks.
• Support compliance requirements including access control, audit logging, configuration management, vulnerability remediation, and evidence collection.
• Participate in incident response, outage analysis, and post-incident review activities.
• Work with DevOps, Security, Cloud, Platform, and Application teams to resolve infrastructure and service delivery issues.
• Recommend architecture, routing, segmentation, firewall, VPN, and monitoring improvements.
• Ensure network configurations are secure, supportable, documented, and aligned with business and compliance requirements.

Requirements

• CompTIA Security+ CE or equivalent government-accepted baseline security certification.
• CCNA or equivalent hands-on enterprise networking experience.
• Strong understanding of TCP/IP, subnetting, VLANs, routing, switching, NAT, DNS, DHCP, VPNs, firewall policies, ACLs, and network troubleshooting.
• Experience administering enterprise network devices such as Cisco, Palo Alto, Fortinet, Juniper, Check Point, or similar platforms.
• Experience troubleshooting production network issues using logs, packet captures, traceroute, routing tables, firewall logs, flow data, and monitoring tools.
• Ability to support secure environments with formal change control, documentation, access control, and audit requirements.
• Self-starter with no constant management required.
• Research-capable using vendor documentation, RFCs, technical references, logs, packet captures, configuration analysis, and real diagnostic data — not just AI-generated answers.
• Ability to clearly explain technical findings, root cause, risk, and proposed remediation.
• Strong documentation skills for diagrams, tickets, runbooks, evidence packages, and operational procedures.
• Ability to work independently while coordinating effectively with DevOps, Security, Systems, and Application teams.

Preferred Qualifications

• CCNP Enterprise, CCNP Security, or equivalent experience.
• Palo Alto PCNSA/PCNSE, Fortinet FCP/FCSS, Cisco Security, Juniper Security, or equivalent firewall certification.
• Experience with AWS networking, including VPCs, Transit Gateway, route tables, security groups, NACLs, VPN, Direct Connect, Route 53 Resolver, VPC endpoints, and flow logs.
• Experience in AWS GovCloud, DoD, federal contractor, FedRAMP, CMMC, NIST 800-53, NIST 800-171, or IL4/IL5-style environments.
• Experience forwarding firewall, VPN, DNS, and network device logs into a SIEM or centralized log lake.
• Experience with infrastructure as code, Git-based change control, configuration management, or network automation.
• Familiarity with STIGs, hardening guides, vulnerability management, and audit evidence collection.
• Someone who can use AI as a support tool when appropriate, but does not need AI to perform core networking, troubleshooting, research, architecture analysis, or documentation duties.