Network Security Engineer (CDAP) - Senior

About The Position

Requirements

• U.S. Citizenship is required
• Security Clearance: TS//SCI Eligible
• Required Certifications: DCWF Work Role 441-Network Operations Specialist — Intermediate proficiency; must hold ONE OR MORE of the following: CND, GFACT, GSEC, Security+
• 7+ years of experience in cybersecurity
• Bachelors degree or higher in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, or Software Engineering
• Experience designing and optimizing network security monitoring, analytics, or detection capabilities for enterprise network environments.
• Experience engineering data ingestion pipelines from network sensors, firewalls, IDS/IPS, or other boundary protection devices into centralized analytic platforms.
• Experience developing, tuning, and validating correlation rules or detection logic to improve threat visibility and reduce false positives.
• Experience supporting configuration hardening, validation testing, and performance optimization of network security technologies.
• Experience coordinating with SOC, threat analysis, defensive cyber, or infrastructure teams to improve detection coverage and operational response.
• Working knowledge of RMF-aligned continuous monitoring objectives and application of DoD or ARNG cybersecurity policy to operational security tooling.

Responsibilities

• Design and implement network security monitoring and analytics capabilities within CDAP to improve threat visibility across ARNG classified and unclassified network environments.
• Engineer and maintain data ingestion pipelines from network sensors, firewalls, IDS/IPS, and boundary protection devices to support centralized security analytics and continuous monitoring.
• Develop, tune, and validate correlation rules and detection logic to improve detection fidelity, reduce false positives, and strengthen DCO-IDM operations across DoDIN-connected environments.
• Support configuration hardening, performance optimization, and validation testing of network security technologies in alignment with DoD and ARNG cybersecurity policy and RMF objectives.
• Coordinate with SOC, CTIC, defensive cyber, and infrastructure teams to refine detections, improve analytic coverage, and support cyber incident identification and response workflows.
• Leverage integrated USIEM, C2C, and DLP analytics approaches described for Task 3 to enhance centralized visibility and machine-speed response across the ARNG enterprise.
• Coordinate with USIEM engineers and related cybersecurity teams to improve enabling data sources, support MITRE ATT&CK-based analytic development, and strengthen enterprise detection outcomes.
• Support monitoring and defense of environments spanning approximately 141,000 endpoints across 2,800 sites in 54 states and territories, helping protect mission operations tied to Title 10, Title 32, and domestic emergency response requirements.
• Contribute to cybersecurity operations performed in coordination with the NETCOM Global Cyber Center and DISA DCDC, ensuring analytic and monitoring capabilities support 24x7x365 ARNG cyber defense objectives.