Amazon Web Services (AWS) Network Administrator

About The Position

Requirements

• Excellent technical, organizational, decision-making, analytical, writing and planning skills. Effective communicator who takes initiative and the ability to adapt to dynamic environments. In addition, the following technical skills are needed:
• Proven experience as a network administrator or engineer with hands-on experience in designing and managing network infrastructure in AWS.
• In-depth understanding of AWS networking services including VPC, Elastic Compute Cloud (EC2), Elastic Load Balancer (ELB), Route 53, Transit Gateway, and CloudWatch.
• In-depth understanding of the following AWS Services: GuardDuty, Security Hub, AWS Inspector, AWS IAM Access Analyzer, AWS Detective, Cloudwatch, CloudTrail, Athena, Cloud Formation, Terraform.
• Strong knowledge of network protocols (TCP/IP, DNS, DHCP, BGP, etc.) and networking concepts (subnetting, routing, virtual local area networks, etc.).
• Experience with network security technologies (firewalls, VPN, IDS/IPS, etc.) and best practices for securing cloud environments.
• Proficiency in scripting or programming languages (e.g., Python, PowerShell) for automation tasks.
• Bachelor’s degree in a technical major from an accredited institution as well as a minimum of (3) three years of relevant professional experience. Equivalent years of related work or military experience in lieu of degree will also be considered.
• Required: Active IAT II Certification which may include CompTIA Advanced Security Practitioner (CASP+), CompTIA Cybersecurity Analyst (CySA+), Certified Information Systems Security Professional (CISSP), or CompTIA Security+.
• Must currently hold an active Secret level of security clearance. Must be a U.S. citizen.
• Ability to lift up to 25 pounds
• Ability to use stairs without assistance
• Ability to perform repetitive motions with the hands, wrists, and fingers
• Ability to engage in and follow audible communications in emergency situations
• Ability to sit for prolonged periods at a desk and working on a computer

Nice To Haves

• Experience supporting Zero Trust (ZT) principles, including network segmentation, identity-based access, and continuous monitoring is highly desirable.
• Strong knowledge of Comply-to-Connect (C2C) with implementation experience within a cloud environment.
• Preferred: Amazon Web Services (AWS) certifications which may include AWS Certified Solutions Architect – Associate or AWS Certified Advanced Networking.

Responsibilities

• AWS Network Design and Implementation:
• Design, deploy, and manage AWS networking components such as Virtual Private Clouds (VPCs), subnets, route tables, network access control lists (NACLs), and security groups to ensure proper routing including traffic flow.
• Configure and maintain VPN connections, Direct Connect, and other connectivity solutions in AWS, including establishing and managing VPC peering relationships.
• Configure, maintain, and monitor AWS Transit Gateways to facilitate inter-VPC communication, optimize routing paths and traffic flow supporting scalable architectures.
• Develop and enforce routing policies in addition to network segmentation strategies that ensure efficient traffic distribution, security, and compliance.
• Monitor, analyze, and troubleshoot traffic flow patterns to identify performance bottlenecks, optimize throughput, and maintain compliance with SCCA standards.
• Network Security and Compliance:
• Implement and enforce network security best practices in AWS environments, including firewall rules, encryption, and intrusion detection/prevention systems (IDS/IPS).
• Responsible for network security hardening per Department of Defense (DoD) Security and Technical Implementation Guidelines (STIGs) by conducting reviews and remediation.
• Integrate Amazon GuardDuty and Amazon CloudWatch with Splunk for centralized log ingestion, alerting, and compliance reporting.
• Maintain logs for visibility into traffic patterns, anomalies, and troubleshooting.
• Administer ForeScout CounterACT for Comply-to-Connect (C2C), including policy-based authentication, AWS integrations, and device compliance enforcement in alignment with DoD Zero Trust and NAC requirements.
• Additional Network Services:
• Collaborate with the Defense Information Systems Agency (DISA) to ensure connectivity as well as compliance between AWS GovCloud and DoD enterprise networks.
• Configure and manage Out of Band Management (OOBM) for Virtual Private Clouds (VPCs) to enable separate management access.
• Develop and maintain documentation including Standard Operating Procedures (SOPs), diagrams, and System Security Plans (SSPs).