Senior Cybersecurity & Network Systems Engineer

Program Summary

The Test Enterprise Network Modernization (TENM) program is a multi‑year Army initiative focused on modernizing network infrastructure, wireless systems, deployable communications, and cybersecurity capabilities across CONUS and OCONUS test centers. Under a highly structured, TDL‑driven delivery model, TENM integrates site surveys, engineering design, equipment modernization, installation, testing, cybersecurity accreditation, logistics, training, and transition support to ensure resilient, scalable, and mission‑ready networks for Army test activities. The program demands disciplined technical execution in accordance with UFC standards, RMF cybersecurity requirements, CHESS acquisition rules, and a comprehensive deliverables framework spanning TNMPs, TDPs, drawings, IUID reporting, ATP/SAT, and RMF artifacts. The Senior Networking Systems Engineer plays a pivotal role in shaping and delivering these engineered solutions—leading technical assessments, designing modern architectures, guiding installation and testing, ensuring compliance, and supporting seamless site transitions across a diverse and evolving portfolio of Army test environments.

Job Summary

The Senior Cybersecurity & Network Systems Engineer leads modernization, security engineering, and network architecture efforts across Army test range environments within the TENM program. Leveraging deep expertise in Cisco ACI, SD‑Access, identity & access management, Zero Trust Architecture, containerized environments, and NIST‑aligned cybersecurity engineering, this role develops secure enterprise and deployable network solutions, performs site surveys, authors TNMP/TDP inputs, implements STIG and RMF requirements, and supports ATP/SAT validation activities. The engineer provides hands‑on configuration, system hardening, network migration execution, zero trust integration, and cross‑platform troubleshooting while ensuring all TENM deliverables (drawings, artifacts, diagrams, documentation, training inputs) meet Army standards and program objectives.

Roles and Responsibilities

Network Modernization & Engineering

• Engineer, harden, and deploy enterprise-grade network solutions including Cisco ACI/APIC, SD-Access, VLAN segmentation, AAA/TACACS+, and secure routing/switching architectures.
• Lead site surveys, spectrum assessments, infrastructure validation, OPSEC-compliant data gathering, and deliver inputs to the Test Network Modernization Plan (TNMP).
• Support creation and updates to Technical Direction Plans (TDPs), including equipment strategy, risk identification, ROM inputs, SLAs, and cyber requirements.
• Lead modernization of legacy environments to NIST-aligned architectures while maintaining operational continuity.

Cybersecurity Engineering & RMF/STIG Integration

• Apply NIST, RMF, and Zero Trust principles to all network modernization efforts.
• Develop STIG and eSTIG checklists, perform vulnerability scans, document findings, and support POA&M development.
• Architect and implement Zero Trust and IAM solutions using technologies such as Keycloak, Pomerium, PacketFence, and identity-centric access controls.
• Deploy and tune IDS/IPS tools such as Suricata, integrate with OPNsense, and enhance monitoring with Grafana/Prometheus.

DevOps, Automation & Modern Platform Integration

• Automate configurations and infrastructure using Ansible, Terraform, Helm, Docker, Kubernetes, and other automation frameworks.
• Support the engineering of containerized security labs, overlay networks, distributed K8s clusters, and secure cloud-adjacent architectures.

Testing, Validation & Acceptance (Aligned to C.5.4.6)

• Support development and execution of Acceptance Test Plans (ATP) and Site Acceptance Tests (SAT) for network, cybersecurity, and system performance verification.
• Conduct integration testing across modernized Cisco and containerized systems.

Documentation, Reporting & Compliance (Aligned to C.5.1)

• Generate technical diagrams, TNMP/TDP inputs, security artifacts, trip reports, and network documentation in accordance with Army deliverable standards.
• Maintain accurate configuration baselines, contribute to QMP/Safety plan inputs, and provide status inputs for the Monthly Status Report (MSR).
• Ensure all actions follow CHESS/IT procurement rules, IUID requirements, and DoD cybersecurity training/clearance requirements.

Basic Qualifications

• Bachelor's degree in related field and 7+ years of cybersecurity and network engineering experience supporting federal or enterprise environments.
• Strong hands-on experience with Cisco ACI/APIC, SD-Access, AAA/TACACS+, VLAN segmentation.
• Demonstrated capability implementing NIST-aligned cybersecurity controls and Zero Trust architectures.
• Experience with IAM solutions including Keycloak, policy-based authentication, and SSO federations.
• Hands-on experience with Docker, Kubernetes, Helm, Proxmox VE, and infrastructure automation.
• Experience operating IDS/IPS systems (Suricata), OPNsense, Grafana, and packet analysis platforms.
• CompTIA Security+ and A+ certifications.

Preferred Qualifications

• Experience supporting RMF, eMASS package inputs, STIG compliance and vulnerability remediation.
• Familiarity with Army networks, TDL/TDP processes, and DISA STIG/SRG baseline configurations.
• Experience with wireless surveys, RF spectrum analysis, and site infrastructure validation.
• Experience with deployment of Zero Trust overlays (OpenZiti, Pomerium) and NAC solutions (PacketFence).
• Exposure to Cisco Security training: SCOR, SAUI, CBROPS.
• Experience with large migration efforts, Windows Server 2016 networking/identity, and secure endpoint integration.
• Familiarity with CHESS procurement processes, and IUID-tagging environments.

KBR Benefits

KBR offers a selection of competitive lifestyle benefits which could include 401K plan with company match, medical, dental, vision, life insurance, AD&D, flexible spending account, disability, paid time off, or flexible work schedule. We support career advancement through professional training and development.

Belong, Connect and Grow at KBR

At KBR, we are passionate about our people and our Zero Harm culture. These inform all that we do and are at the heart of our commitment to, and ongoing journey toward being a People First company. That commitment is central to our team of team’s philosophy and fosters an environment where everyone can Belong, Connect and Grow. We Deliver – Together.

KBR is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, disability, sex, sexual orientation, gender identity or expression, age, national origin, veteran status, genetic information, union status and/or beliefs, or any other characteristic protected by federal, state, or local law.