Systems Administrator – Security Integration Engineer SME

Role Overview

• Serve as the technical lead for the architecture, design, integration, testing, and deployment of Software Defined Networking (SDN), Zero Trust Architecture (ZTA), Software Defined Perimeter (SDP), and Micro-Segmentation capabilities within federal/DOD environments
• Translate mission requirements into secure, scalable network architectures while developing and enforcing advanced security policies that support Zero Trust initiatives
• Lead technical design efforts, develop test strategies, oversee engineering documentation, troubleshoot complex network and security issues, and coordinate directly with government stakeholders, engineering teams, cybersecurity personnel, and enterprise service owners
• Develop High-Level Designs (HLDs) and Low-Level Designs (LLDs) for software-defined networking and security environments
• Ensure interoperability with enterprise transport services, security infrastructure, and mission systems
• Architect and guide deployment of software-defined networking solutions including Cisco SD-WAN, Cisco Software Defined Access (SDA), VMware NSX or equivalent technologies
• Establish automation strategies using APIs, Ansible, Python, and Infrastructure-as-Code methodologies
• Lead design and implementation of Zero Trust Architecture capabilities across enterprise environments
• Develop security policies based on application dependencies, user identity, device posture, and mission requirements
• Validate segmentation boundaries, access control policies, and application dependency mappings
• Ensure designs align with Risk Management Framework (RMF), DISA STIG requirements, NIST Zero Trust Architecture guidance and DoD Cybersecurity policies
• Serve as Tier III escalation authority for SDN, SDP, and micro-segmentation deployments
• Drive delivery discipline ensuring architectures are executable, supportable, secure, and scalable

Requirements

• Bachelor’s Degree in Engineering, Computer Science, Information Systems, Cybersecurity, or related field
• Master’s Degree preferred
• 10+ years of progressive experience supporting enterprise networking, cybersecurity environments and firewall technologies
• 5+ years designing or implementing Software Defined Networking (SDN), Zero Trust Architecture (ZTA) and Enterprise Security Architectures
• Experience supporting federal regulated enterprise environments; ability to work in secure DoDIN environments required
• Active Secret clearance or higher
• Deep expertise in Routing and Switching (BGP, OSPF, MPLS)
• Layer 2 and Layer 3 network architectures
• Network segmentation and security architecture
• Stateful firewalls and policy enforcement
• Zero Trust Architecture
• Software Defined Perimeter concepts
• Micro-segmentation architectures
• PKI and certificate-based authentication
• Active Directory and LDAP integration
• Wireshark or equivalent packet capture and analysis tools
• Automation (Ansible, Python, REST APIs)
• VMware environments
• AWS GovCloud
• Microsoft Azure Government
• Infrastructure orchestration technologies
• Hands-on experience with Cisco SD-WAN, Cisco SDA, Cisco ISE, Firepower (FTD), Palo Alto, or equivalent firewall platforms
• Experience supporting large-scale SD-WAN deployments
• Experience implementing Zero Trust initiatives within federal environments
• Experience with AppGate, Illumio, Guardicore, Zscaler, or equivalent technologies
• Experience developing micro-segmentation policies from application dependency mapping
• Experience supporting federal C5I environments
• Experience in lab-based integration and validation environments
• Required Certifications: Cisco Certified Network Professional (CCNP Enterprise or Security), CompTIA Security+
• Preferred Certifications: Cisco CCIE Enterprise Infrastructure, Cisco CCIE Security, CISSP, VMware VCP-NV, Zero Trust Architecture or similar

Tech Stack

• Ansible
• AWS
• Azure
• Cyber Security
• Firewalls
• Python
• Switching
• VMware

Benefits

• Hybrid work environment with some travel to customer and integration lab locations as required
• Participation in after-hours maintenance windows, cutovers, and incident response activities as required