Network Engineer

About The Position

Requirements

• Must possess U.S. Citizenship or Permanent Residence Status.
• Candidates must be able to successfully pass a Public Trust Tier 2 background investigation, as well as FBI criminal checks and fingerprinting (explicitly required at Capitol Police HQ).
• A Bachelor's degree in an IT-related field is required.
• A minimum of 5 to 6 years of professional experience designing, implementing, and supporting enterprise network infrastructure, particularly within Cisco environments.
• Candidates must hold active, relevant network or cybersecurity IT certifications. These certifications (or their prior equivalents) must have been continuously maintained for a minimum of 5 years. Expired credentials or those never utilized professionally will not be considered.
• Thorough knowledge of LAN/WAN systems, networks, and applications.
• Strong working knowledge of Cisco networking, VLANs, DNS, DHCP, VPNs, 802.1X, and federal compliance frameworks (NIST 800-53, NIST 800-207, NIST RMF).

Responsibilities

• Provide engineering and operational support for a Cisco-based network infrastructure, covering core, distribution, access, and edge environments.
• Implement and maintain network security controls aligned with NIST SP 800-53 (including AC, CM, SC, and AU control families), NIST SP 800-207 (Zero Trust Architecture), and Cisco security best practices.
• Manage 802.1X port-based network access control to prevent unauthorized device connectivity. Design and implement least-privilege network access controls, ensuring role-based and identity-aware access across all network layers.
• Configure, maintain, and troubleshoot Virtual Local Area Networks (VLANs), Domain Name Systems (DNS), Dynamic Host Configuration Protocols (DHCP), Virtual Private Networks (VPNs), and related network services.
• Conduct continuous monitoring and vulnerability assessments of network infrastructure (supporting 24/7 operations), identify risks, and coordinate remediation in alignment with NIST Risk Management Framework (RMF) practices.
• Harden all network devices using secure configuration baselines (e.g., Cisco Secure Configuration Guides). Maintain automated network patch management and firmware update procedures in accordance with Cisco best practices. Secure public-facing and perimeter network assets by implementing strict ingress/egress filtering and firewall rule optimization.
• Configure and maintain centralized logging and audit capabilities, ensuring logs are forwarded to enterprise SIEM platforms. Support incident response activities by providing network-level analysis, containment actions, and forensic data collection. Perform root cause analysis (RCA) for network incidents.
• Ensure all network changes follow formal change control processes with security impact analysis. Develop, maintain, and annually update Network Standard Operating Procedures (SOPs), comprehensive network diagrams, and detailed hardware/configuration baselines to support audit readiness.
• Serve as a technical adviser for service desk ticket resolution and collaborate seamlessly with cloud, Microsoft engineering, and cybersecurity teams to support highly integrated technology operations.