Find The RightJob.

Senior Network Security Engineer

ITility is seeking an experienced and mission-focused Senior Network Security Engineer to join our infrastructure team in support of a mission-critical enterprise modernization contract with the U.S. Department of Defense (DoD). This role directly supports enterprise network infrastructure enabling the secure processing of recruit candidates entering the U.S. Armed Forces across geographically dispersed sites nationwide.

This position is dedicated to hardening enterprise network infrastructure and ensuring continuous compliance with DoD security mandates across a complex, multi-technology environment. The Senior Network Security Engineer serves as the primary security authority for all network-layer compliance activities, effectively offloading the security compliance burden from other infrastructure SMEs, thereby enabling them to maintain focus on their core engineering duties while ensuring the organization's security posture remains audit-ready and continuously improving.

The ideal candidate brings deep expertise in DoD compliance frameworks, network security engineering, and vulnerability management, with hands-on proficiency across a broad range of enterprise network technologies.

Key Responsibilities:

Network Security & STIG Compliance

Own and manage all network-related Security Technical Implementation Guide (STIG) compliance activities across the enterprise, spanning the full breadth of network infrastructure including:
- Routers and Switches
- Firewalls
- F5 Load Balancers
- Cisco Identity Services Engine (ISE)
- Wireless infrastructure
- Additional network devices as required
Perform STIG assessments, gap analyses, and remediation across all in-scope network devices, maintaining continuous compliance with current DISA STIG benchmarks
Develop, implement, and maintain baseline secure configurations for all categories of network equipment, leveraging Cisco DNA Center for configuration automation, policy enforcement, and compliance monitoring at scale
Maintain a comprehensive STIG compliance inventory, tracking assessment status, remediation progress, and residual risk findings across the enterprise device landscape
Support Authority to Operate (ATO) activities by producing accurate, current STIG compliance documentation and contributing to system security plans and assessment artifacts

Vulnerability Management & Threat Mitigation

Manage and mitigate findings from Information Assurance Vulnerability Management (IAVM) notices, Common Vulnerabilities and Exposures (CVEs), and other security alerts impacting network infrastructure
Execute and remediate vulnerabilities identified through Assured Compliance Assessment Solution (ACAS) scans, coordinating with infrastructure teams to prioritize and resolve findings in alignment with DoD remediation timelines
Monitor threat intelligence feeds and DISA advisories to proactively assess emerging vulnerabilities against the enterprise network environment and initiate mitigation actions
Develop and maintain vulnerability remediation plans, tracking findings from identification through validated closure with documented evidence
Coordinate with the ISSO/ISSM and security assessment teams to ensure vulnerability findings are accurately reflected in system security documentation and risk management artifacts

POAM Management & Security Governance

Lead and facilitate weekly Plan of Action and Milestones (POA&M) meetings, driving structured tracking and resolution of open security findings across the network infrastructure portfolio
Manage Exception to Policy (ETP) requests, developing technically sound justifications, compensating controls documentation, and tracking ETP lifecycles through approval and expiration
Maintain accurate and current POA&M entries in coordination with the ISSO/ISSM, ensuring findings are properly categorized, assigned, and progressing toward resolution within mandated timelines
Produce clear security compliance reporting for program leadership and Government stakeholders, communicating open findings, remediation status, risk posture, and trending metrics
Support continuous monitoring activities and periodic security reviews, contributing to the overall Risk Management Framework (RMF) lifecycle for in-scope network systems

Security Automation & Configuration Management

Leverage Cisco DNA Center to automate the deployment and enforcement of baseline secure configurations across the enterprise network device inventory
Develop and maintain configuration compliance templates and policies within Cisco DNA, enabling automated drift detection and remediation at scale
Establish and enforce change management processes for security-relevant network configurations, ensuring all changes are documented, reviewed, and validated against security baselines
Contribute to DevSecOps pipeline integration by incorporating network security validation and compliance checks into automated infrastructure workflows where applicable
Document all baseline configurations, security procedures, and compliance workflows in Confluence or equivalent platforms, maintaining a current and accessible knowledge base

Cross-Functional Collaboration & SME Enablement

Serve as the dedicated network security authority, proactively identifying and resolving compliance and vulnerability issues before they impact other infrastructure SMEs or mission operations
Collaborate with data center, wireless, cloud, and application teams to ensure security requirements are consistently applied across all infrastructure domains
Provide security guidance and consultation to infrastructure engineers, enabling informed security decision-making without diverting SME focus from core engineering responsibilities
Coordinate with DISA, Cybersecurity teams, and Government security personnel to stay current on evolving compliance requirements and ensure timely implementation of new mandates
Maintain a proactive, solution-oriented communication style when engaging with team members, Government stakeholders, and security authorities

Required Qualifications:

Candidates must possess experience and capabilities across the following skill areas, listed in order of importance:

U.S. Citizenship required; ability to obtain and maintain a DoD Secret clearance.
Minimum of eight (8) years of progressive experience in network security engineering, with demonstrated expertise in DoD compliance frameworks and enterprise network hardening.
CompTIA Security+ CE or equivalent (DoD 8570/8140 IAT II)

Deep hands-on experience performing STIG assessments and remediation across a broad range of network device types including routers, switches, firewalls, load balancers, and wireless infrastructure
Proven proficiency with ACAS/Nessus vulnerability scanning, findings analysis, and remediation management in a DoD environment
Strong working knowledge of IAVM processes, CVE management, and DoD security alert response procedures
Hands-on experience with Cisco DNA Center for network automation, configuration management, and compliance enforcement
Demonstrated experience leading POA&M management and ETP processes in coordination with ISSOs and security assessors
Solid understanding of DISA STIGs, RMF, NIST 800-53, and federal network security compliance frameworks
Strong experience with F5 load balancers, Cisco ISE, and enterprise firewall platforms in compliance-driven environments

CompTIA Security+ CE or equivalent (DoD 8570/8140 IAT II)

Active DoD Secret clearance (Top Secret preferred)

Preferred Qualifications:

Direct experience supporting DoD enterprise IT modernization programs.

Familiarity with Palo Alto Networks firewalls and Panorama security policy management
Experience with SIEM platforms and security event correlation in support of continuous monitoring requirements
Working knowledge of Cisco ACI and data center fabric security considerations
Background in enterprise wireless security, including WIPS/WIDS implementation and wireless STIG compliance
Experience with automated compliance tooling beyond Cisco DNA, such as Ansible, Terraform, or equivalent for security configuration enforcement
Familiarity with eMASS or equivalent Government risk management and ATO tracking platforms

Palo Alto Networks Certified Network Security Engineer (PCNSE)
Cisco Certified Specialist – Network Security (Firepower)
Bachelor’s degree in Computer Science or related Network Engineering field (or equivalent professional experience)

Work Environment:

Required to dress appropriately for the job environment, including adherence to safety, security, and site-specific dress standards
Ability to sit or stand for extended periods while performing computer-based tasks.
Requires sustained use of hands and fingers for keyboarding, writing, and operation of standard office equipment, as well as frequent verbal communication, active listening, and visual acuity to perform job responsibilities effectively.
Occasional movement around the office, including climbing stairs.
Ability to travel up to 10%, which may include occasional visits to client sites or government installations.

Why ITility?

ITility is a Service-Disabled Veteran-Owned Small Business dedicated to delivering secure, innovative technology solutions that protect and defend our nation. We empower our teams to think beyond perceived limits and deliver mission-focused solutions that matter.

Your work will directly contribute to enterprise modernization efforts supporting national defense readiness.

Similar jobs