Senior Network Engineer SME - Service Delivery

About The Position

Requirements

• Active TS/SCI security clearance
• Prior military or DoD civilian experience with tactical or strategic network communications systems
• Cisco CCNA and Security+ CE, or equivalent industry certifications
• 7+ years of progressive experience in enterprise network engineering with a focus on secure communications and VPN technologies
• Deep hands-on experience with IPsec VPN design, deployment, and troubleshooting across multi-vendor platforms (Cisco, Juniper, Palo Alto, Fortinet)
• Strong understanding of IKEv1/IKEv2 protocols, ESP/AH encapsulation modes, cryptographic suites (including Suite B/CNSA), and PKI-based certificate authentication

Nice To Haves

• CCNP Security, CCIE (Security or Enterprise Infrastructure), JNCIS-SEC, PCNSE, or equivalent industry certifications
• NSA CSfC Trusted Integrator experience or certification
• Experience with DISA STIGs and DoD network security compliance requirements
• Familiarity with SD-WAN overlay architectures and their integration with IPsec-based WAN encryption
• Experience with zero-trust network architectures and micro-segmentation strategies

Responsibilities

• Understand customer business and mission requirements and develop architecture and design documents for secure network solutions, including IPsec VPN topologies (hub-and-spoke, full-mesh, DMVPN, FlexVPN) and CSfC multi-vendor layered encryption architectures
• Design and document IPsec VPN solutions incorporating IKEv2 negotiation, ESP/AH encapsulation, perfect forward secrecy (PFS), and suite-B cryptographic algorithms (AES-256-GCM, SHA-384, ECDH P-384/P-521) in accordance with CNSA suite requirements
• Engineer CSfC solutions aligned with NSA Capability Packages (CPs), including Multi-Site Connectivity, Mobile Access, and Data at Rest, ensuring dual-layer encryption with inner and outer tunnel independence
• Develop and execute Proof of Concept and/or Deployment Acceptance test plans and test reports for CSfC implementations
• Develop implementation guides with configuration templates and deployment plans for customers deploying secure data center networking products
• Execute or assist customers in executing deployment plans for IPsec VPN infrastructures, including PKI/certificate-based authentication, RADIUS/TACACS+ integration, and centralized key management systems
• Deploy and configure CSfC solution components including inner layer encryption devices, outer layer VPN gateways, and associated key management infrastructure (KMI), ensuring compliance with CSfC registration and monitoring requirements
• Implement IPsec VPN solutions across multi-vendor environments (Cisco, Juniper, Palo Alto, Aruba, etc.), ensuring interoperability and adherence to RFC standards (RFC 7296, RFC 4303, RFC 4301)
• Configure and validate GRE-over-IPsec, VTI-based, and policy-based VPN tunnels supporting dynamic routing protocols (OSPF, BGP, EIGRP) over encrypted overlays
• Resolve complex technical issues as a product expert working with Customer Network Operation Center Engineers, as well as with OEM partner Escalation and Development Engineers
• Troubleshoot IPsec VPN connectivity issues including IKE Phase 1/Phase 2 negotiation failures, NAT-Traversal complications, MTU/fragmentation issues, and cryptographic mismatch conditions
• Diagnose CSfC solution failures across inner and outer encryption layers, identify component-level root causes

Benefits

• Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives.
• We offer competitive compensation, benefits and learning and development opportunities.
• Our broad and competitive mix of benefits options is designed to support and protect employees and their families.
• At CACI, you will receive comprehensive benefits such as; healthcare, wellness, financial, retirement, family support, continuing education, and time off benefits.