Zero Trust Network Engineer

Primary Responsibilities:

• Work with team to analyze the client’s current network architecture in conjunction with ZT assessment findings to recommend future-state network architecture design for the government agency

• Assist with research and proof of concept efforts to determine where additional technologies may be necessary to achieve the desired level of zero trust

• Work with requirements team to develop requirements, use cases, and technical documentation to support the zero trust transformation for the agency deployment

• Interface with the client and work with a team of 3-5 practitioners in conducting assessments and executing follow on actions

• Assist with Identification of system security requirements for external and internal facing web applications, networks, operating systems, and cloud environments

• Ensure the secure design, architecture, installation, configuration, hardening, and remediation for software applications to protect the bureau’s sensitive information

• Review, analyze and design zero trust products and security configurations

• Work with engineering team to perform deployment and configuration of zero trust broker tools with other security tools, including identity management, Security Information and Event Management (SIEM), and EDR tools and or access to the internet and private applications

• Develop ongoing operations and maintenance plan for the zero trust tools, including providing patching and end-user support with engineering team to provide ongoing maintenance

• Collaborate with SIEM engineers to ensure logs are onboarding and maintained in the SIEM tool

• Provide support for ongoing SIEM tuning and use case development

• Provide ongoing advisory support to bureau leadership on responses to new network requirements and regulatory mandates (such as executive orders, emergency directives, binding operational directives, and data calls from governance and oversight bodies)

• Assist with design, integrate and configure cyber security and network monitoring tools

• Develop strategies to respond to and recover from a security breach with zero trust team

• Advocate for technology insertion, that improves current inefficiencies

• Support clients with data protection and overarching cloud capabilities

• Implement core and cloud infrastructure security to manage risks and exposure

• Perform cyber reconnaissance to illuminate a potential attack surface area

• Provide threat and vulnerability management to federal clients and teams

• Analyze tactical network architectures and topologies to assess security risks

Basic Qualifications:

• Bachelor's degree and 4+ years of cybersecurity engineering experience

• Must be able to obtain and maintain a Public Trust Clearance

• US Citizenship Preferred and US Person Required

• Hands on experience with common enterprise-wide network security and (SIEM) technologies or tools such as ZScaler, CrowdStrike, Forescout, Palo Alto Networks, Cisco, Juniper, Microsoft and Splunk

• Experience with enterprise cloud systems and solutions across zero trust pillars

• Knowledge of ZT based Identity, Credential, and Access Management (ICAM) solutions

• Understanding of modern network infrastructure capabilities (i.e., Secure Access Service Edge (SASE), Software-Defined Wide Area Networks (SD-WAN), Software-Defined Perimeter (SDP), Software-Defined Networks (SDN), etc.)

• Experience working with/in SOCs and/or NOSCs

• Knowledge of cyber threat indicators and prioritizing cyber threats

• Familiarity with federal government environments, standards, and architectures

• Experience in U.S. security requirements related to regulations or standards, including NIST SP 800-171, 800-53, RMF, ISO 27001, Trusted Internet Connection (TIC) 3.0, and SOX

• Knowledge of zero trust principles, frameworks, and implementation strategies

Location:

• Hybrid Primarily Remote/Occasional Onsite DC Client Site