Network Engineer 3 - Tysons, VA

About The Position

Requirements

• Routing, Switching & Wireless: Extensive hands-on experience designing, deploying, and operating enterprise Cisco environments—including campus and data-center switching, dynamic routing (OSPF, BGP), and enterprise wireless (Cisco Wireless or comparable). Proficient with Cisco Catalyst Center or equivalent controller-based management.
• SD-WAN & WAN: Practical experience designing and operating Cisco SD-WAN (or comparable) including overlay/underlay architectures, transport diversity, and policy-based routing; carrier-service management, including coordination with ISPs and private-circuit providers.
• Next-Generation Firewall: Deep expertise with Palo Alto Networks NGFW administration and policy design, including Panorama-based centralized management and AIOps for NGFW; advanced features such as App-ID, User-ID, decryption, IPS, and URL filtering.
• Cloud Networking: Proficient designing and supporting Azure networking constructs (VNets, peering, NSGs, Azure Firewall, Application Gateway/WAF, ExpressRoute or VPN gateways) and integrating cloud and on-premises environments.
• Zero Trust & Remote Access: Working experience implementing Zero Trust Network Access (e.g., Zscaler) and modern remote-access VPN; integration with identity providers (Active Directory, Entra ID) and conditional access.
• Monitoring & Observability: Familiarity with enterprise network management and observability platforms; able to design alerting, telemetry collection, and dashboards to support proactive operations and root-cause analysis.
• Security & Compliance: Strong working knowledge of network security best practices and applicable frameworks (CIS Controls, ISO 27001, NIST SP 800-171, CMMC v2.0 Level 2). Experience designing and operating networks that store, process, or transmit CUI.
• Automation & Change Management: Experience using configuration management and Infrastructure-as-Code tooling (e.g., Ansible, Terraform) in support of network operations; disciplined change management aligned to ITIL-style practices.
• 5+ years of progressive experience in enterprise network engineering, including hands-on responsibility for design, implementation, and operations in complex, regulated environments. Proven ability to deliver secure, scalable, and automated network solutions.
• Advanced knowledge of secure configuration benchmarks and hands-on experience in network device hardening.
• Thorough understanding of network infrastructure, concepts of operation, and protocols such as TCP/IP, BGP, OSPF, MPLS, DNS, DHCP, SNMP, Syslog, and IPSec.
• Working knowledge of endpoint security, SIEM, and vulnerability management as they integrate with network controls.
• Demonstrated time-management and organizational skills while working in a fast-paced, multidiscipline team environment.
• Strong analytical and problem-solving skills.
• Strong oral and written communication skills, with the ability to author RFCs, design documents, and operating procedures for both technical and executive audiences.
• Proficiency with workflow and lifecycle management systems (e.g., Atlassian Jira and Confluence).
• Bachelor’s degree in Computer Science, Information Technology, or a related Engineering Discipline.
• Cisco CCNP Enterprise (or higher)
• Palo Alto Networks PCNSE
• Cisco SD-WAN Specialist or equivalent SD-WAN credential
• CompTIA Security+
• AWS or Azure networking certification (e.g., AZ-700)

Responsibilities

• Develop detailed technical and performance specifications for enterprise network solutions based on business needs, operational requirements, and constraints across diverse internal and external stakeholders.
• Research available technology options and their respective functional, performance, security, and interoperability characteristics; evaluate alternatives and select platforms accordingly.
• Produce detailed network architecture and design—covering routing, switching, wireless, firewalls, SD-WAN, remote and site-to-site VPN, cloud networking, and segmentation—with integrated security controls and hardening; collaborate with the Network Architect and other senior team members to drive best practices across the enterprise.
• Own end-to-end delivery of cross-functional network initiatives via the team’s RFC (Request for Change) process: structure the problem, evaluate solutions, coordinate cross-team reviewers, and drive proposals through governance to implementation.
• Lead implementation and configuration of network components, including extensive use of templates and automation, in accordance with established change management policies and security baselines.
• Design and operate dedicated network segments and supporting controls (e.g., dedicated firewalls, isolated VLANs, encrypted transport) for regulated environments, including the CUI enclave.
• Plan, evaluate, and execute capacity optimization, updates, upgrades, and other lifecycle activities; troubleshoot complex infrastructure problems; provide escalation-level support for service availability and performance issues.
• Manage carrier and Internet service relationships and the underlying physical layer at the Tysons headquarters and other sites, including copper/fiber identification, demarcation, and coordination of moves/adds/changes with providers.
• Engineer site-to-site and customer-program connectivity (including private circuits for project delivery, such as transit and rail programs) in coordination with project teams.
• Create and maintain detailed and accurate system documentation, including design and configuration plans, network and system boundary diagrams, task-oriented procedures, operations and maintenance plans, and runbooks.
• Mentor junior network engineers; review designs and changes from the team; contribute to standards, templates, and reusable patterns.