Senior Network Engineer

iGov is seeking a highly skilled Senior Network Engineer to provide advanced engineering, operational, and advisory support for the enterprise Cisco network environment. Operating within the Scalable Enterprise Network Technology for Resiliency (SENTRY) program framework, this senior technical leader will focus on strengthening the security, reliability, and resilience of the network infrastructure while remediating identified Incident Response (IR) findings. The successful candidate will design, optimize, and maintain secure architectures that enforce comprehensive Zero Trust principles across core, distribution, access, and edge environments. This is an advanced engineering and advisory role. The candidate is expected to provide high-level advisory and technical leadership to agency stakeholders. The candidate collaborates directly across disciplinary silos (with cybersecurity, cloud, and operations teams) to shape the evolution of the network architecture and represent the network engineering team during audits and compliance initiatives.

THIS POSITION IS CONTINGENT UPON CONTRACT AWARD!

Key Responsibilities:

• NIST SP 800-53 Control Alignment: Implement and maintain enterprise network security controls precisely aligned with federal standards, mapping directly to the Access Control (AC), Configuration Management (CM), System and Communications Protection (SC), and Audit and Accountability (AU) control families.


• Zero Trust Architecture Engineering: Engineer and enforce strict Zero Trust network architecture principles in accordance with NIST SP 800-207, establishing continuous verification of all users and devices regardless of location.


• Micro-Segmentation Strategy: Design, establish, and maintain advanced network segmentation and micro-segmentation strategies to restrict lateral movement across all network layers and insulate high-value assets and sensitive computing environments.


• Least-Privilege & Identity Access: Design and implement identity-aware network access controls, ensuring granular, role-based access management across the infrastructure estate.


• Edge Port Authentication: Deploy and manage 802.1X port-based network access control to strictly prevent unauthorized device connectivity and enforce robust authentication at the physical and wireless network edge.


• Centralized SIEM Logging: Configure and maintain centralized logging and audit capabilities for all distributed network devices, ensuring all log traffic is securely forwarded to enterprise SIEM platforms and retained in compliance with federal mandates.


• Continuous Risk Assessments: Conduct continuous, real-time monitoring and technical vulnerability assessments of the network infrastructure to actively identify risks and coordinate remediation paths in strict alignment with the NIST Risk Management Framework (RMF).


• Secure Device Hardening: Harden all enterprise network devices using strict configuration baselines (e.g., Cisco Secure Configuration Guides), ensuring the disabling of unnecessary services, enforcement of strong encryption protocols, and lockdown of management interfaces.


• Perimeter and Public Asset Security: Secure public-facing and perimeter network assets by implementing and optimizing rigorous ingress/egress filtering, firewall rule architectures, and multi-factor authentication (MFA) for all administrative and privileged access.


• Incident Response & Forensics: Directly support incident response activities by providing expert network-level analysis, rapid containment actions (such as localized segmentation or blocking malicious traffic), and forensic data collection.


• Rigorous Change Control: Ensure all configuration and hardware modifications follow formal change control processes backed by a pre-execution security impact analysis to maintain compliance with NIST configuration management regulations.


• Security Audits & Assessments: Lead or participate in security assessments, audits, and formal compliance reviews by compiling, defending, and providing technical evidence, architecture documentation, and engineering remediation support.


• Emerging Tech Evaluation: Continuously evaluate, validate, and enhance the overall network security posture through the strategic adoption of emerging industry best practices, threat intelligence streams, and Cisco security innovations.


• SOP Development: Develop, implement, and maintain comprehensive Network Standard Operating Procedures (SOPs), conducting mandatory reviews and updates on at least an annual basis to reflect evolving technical and policy landscapes.


• Hardware Baseline Lifecycle: Document and maintain highly detailed hardware and configuration baselines for all network devices-including Cisco switches, routers, firewalls, and related infrastructure-backed by formal annual reviews.


• Root Cause Analysis (RCA): Perform rigorous root cause analysis for all network incidents, including performance degradation, unexpected outages, and security events, fully documenting findings to implement corrective and preventive actions.


• Automated Patch Orchestration: Establish, implement, and maintain automated network patch management and firmware update procedures in complete alignment with Cisco best practices and organizational security policies.


• Enterprise Diagram Architecture: Develop, maintain, and update highly comprehensive network diagrams that accurately reflect the CBO enterprise network architecture across cloud, production, and secure environments, executing updates annually or dynamically as changes occur.


• Core Infrastructure Services: Administer, optimize, and troubleshoot enterprise DNS services, maintaining configuration changes, performance tuning, and prompt issue resolution.


• 24/7 Monitoring Integration: Support continuous, real-time monitoring of network infrastructure (24/7 operations) through the deep integration of network management platforms and security monitoring tools.


• Audit Readiness: Maintain accurate, up-to-date documentation of network configurations, physical assets, and operational procedures to ensure permanent audit readiness and operational continuity.

Required Qualifications & Experience:

• Core Technical Expertise: Minimum of eight (8) years of overall professional experience in Information Technology, Endpoint Engineering, or Cybersecurity, with at least six (6) years explicitly performing higher-level network engineering duties (Tier 3/advisory functions rather than routine help desk execution) inside large enterprise environments.


• Compliance & Framework Proficiency: Demonstrated experience translating formal security architecture requirements under NIST SP 800-53 (specifically Access Control, Configuration Management, System and Communications Protection, and Audit and Accountability families) and the NIST Risk Management Framework (RMF) into actionable engineering designs.


• Process Discipline: Proven history of operating under structured, multi-team change advisory boards, producing complete audit readiness documentation, and evaluating emerging threat intelligence vector inputs to proactively adjust configurations.

Required Credentials & Certifications:

• Active Security Clearance: Must be eligible for and successfully pass a Public Trust Tier 2 background check and fingerprinting process conducted through the U.S. Capitol Police.


• Professional Certifications: Must hold active, advanced professional or expert-level network infrastructure or security credentials (e.g., Cisco professional/expert tracks or validated equivalents).




• Note: These exact credentials (or equivalent historical iterations) must have been maintained and continuously applied in a professional capacity for a minimum of five (5) consecutive years. Expired certifications or those never utilized professionally will be disqualified.

iGov offers a competitive salary package and excellent benefits to include:

ESOP

401(k) matching

Medical, Dental, Vision insurance

Professional Development

Disability Insurance

Health Savings Account

Flexible Spending Account

Paid Holidays

PTO

EEO: M/F/D/V

If you have a disability or special need that requires accommodation during the hiring process, please let us know by emailing our HR department at [email protected].