COI/Firewall/IDS-IPS Engineer

About The Position

Requirements

• Minimum of 8 years with BS/BA; Minimum of 6 years with MS/MA; Minimum of 3 years with PhD
• Clearance: Active TS/SCI clearance.
• Candidate must meet ONE of the following: Master’s degree or Ph.D. in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, Software Engineering, or a related field; OR Relevant DoD/military training (example: Security Architect (Advanced) Playlist); OR Relevant professional certification or equivalent experience (examples: CCNP Enterprise, CISM, CISSP‑ISSAP, CISSP‑ISSEP, GCIA, GDSA, GICSP).
• Network/security engineering experience with at least 3 years designing and operating NGFW/IDS/IPS in enterprise or DoD environments.
• Hands‑on expertise with firewall platforms, IDS/IPS technologies, TLS/SSL inspection, VPNs, NAT, ACLs, and high‑availability clustering.
• Experience tuning signatures, creating detection logic, and validating detections using packet capture and telemetry analysis.
• Proficiency integrating telemetry into SIEM/SOAR, developing correlation rules, and enabling automated playbooks for response.
• Strong knowledge of NIST SP 800‑53/800‑41, DISA STIGs, RMF control families, and compliance/audit evidence practices.
• Proven incident response coordination, root‑cause analysis, and cross‑functional remediation leadership.
• Excellent documentation skills for architecture diagrams, rule‑base rationalization, and change control artifacts.

Nice To Haves

• Prior DoD/COI/ARNG network‑security or CCRI support experience.
• Experience with encrypted traffic inspection at scale, TLS decryption architectures, and privacy/inspection tradeoffs.
• Familiarity with cloud‑native firewall/IDS services and hybrid integration patterns.
• Experience advising senior leadership on carrier/provider escalation, SLA risk, and architectural tradeoffs.

Responsibilities

• Lead design, implementation, and lifecycle management of next‑generation firewalls (NGFW), IDS, and IPS across COI, on‑premises, cloud, and hybrid environments.
• Architect segmented network environments applying zero‑trust, least‑privilege, and defense‑in‑depth principles.
• Develop and maintain firewall policies, ACLs, NAT, VPN architectures, and security rule sets governing inter‑enclave and external connectivity.
• Perform deep‑packet inspection, signature tuning, anomaly detection refinement, and traffic‑flow validation to detect APTs, lateral movement, C2, and data exfiltration.
• Integrate NGFW/IDS/IPS telemetry with SIEM and SOAR platforms to enhance correlation, detection, and incident response.
• Conduct technical risk assessments and control validations aligned to NIST SP 800‑53, NIST SP 800‑41, DoD STIGs, and RMF requirements.
• Execute rule‑base optimization reviews, configuration audits, and compliance assessments to reduce attack surface and improve detection fidelity.
• Lead troubleshooting and root‑cause analysis for complex network security incidents; coordinate containment and remediation with SOC, network, and system teams.
• Provide architectural guidance for high‑availability deployments, encrypted traffic inspection, secure remote access, and secure system onboarding.
• Maintain detailed documentation, data‑flow diagrams, change control records, and evidence to support continuous monitoring and accreditation.