Senior Network Engineer
Washington, DC, US
Full Time Senior-level / Expert Clearance required USD 100K - 120K
Metrea
Discover how Metrea provides elegant solutions to wicked problems in national security, leveraging commercial technology and business models.Role Overview
The Senior Network Engineer is responsible for designing, implementing, securing, and maintaining mission-critical network infrastructure in compliance with defense industry standards. This role ensures the integrity, availability, and security of on-premises and cloud-based networks, supporting operational and classified environments. The engineer will work closely with cybersecurity, cloud, and IT teams to ensure secure and resilient communications for defense operations.
Key Responsibilities
Network Architecture & Implementation
• Design, deploy, and maintain high-security network infrastructures across on-premises, cloud, and hybrid environments.
• Implement and optimize hub-and-spoke network architectures, ensuring secure and segmented communications.
• Deploy and maintain enterprise-grade firewalls, switches, and wireless access points for both classified and unclassified networks.
• Engineer and secure VPN solutions for remote access, inter-site communications, and cloud connectivity.
Cybersecurity & Compliance
• Configure and manage Palo Alto firewalls and Aruba switches in alignment with defence security frameworks (e.g., NIST, CMMC, ISO 27001, Cyber Essentials, ITAR).
• Implement network segmentation, access control lists (ACLs), intrusion prevention systems (IPS), and next-generation firewall policies to mitigate cyber threats.
• Work with security teams to monitor, analyze, and respond to potential threats using SIEM and threat intelligence platforms.
• Ensure compliance with defence-specific security and operational regulations, including encryption standards and air-gapped network requirements.
Cloud & Hybrid Networking
• Design and manage secure Azure Virtual Networks (VNETs), incorporating network security groups, VPN gateways, and ExpressRoute for private cloud connectivity.
• Implement high-assurance cloud interconnects with strong encryption and access control.
• Optimize cloud-based hub-and-spoke models for secure and scalable defence operations.
Classified & Secure Communications
• Engineer secure data transmission solutions, including encrypted tunnels, MPLS, and SD-WAN technologies.
• Maintain and enhance Zero Trust network architectures to protect mission-critical data.
• Ensure the security and integrity of classified networks, applying strict access control and monitoring policies.
Troubleshooting & Incident Response
• Monitor network performance and security posture using advanced network monitoring tools.
• Conduct incident response and forensic analysis for network-related security events.
• Perform root cause analysis (RCA) and continuous improvement for network resilience.
Documentation & Compliance
• Maintain classified and unclassified network documentation, ensuring compliance with defence industry regulations.
• Ensure network designs align with government security frameworks (e.g., MOD JSP 604, NCSC security principles, or US DoD standards).
• Collaborate with security teams to maintain audit-ready documentation for regulatory assessments.
Collaboration & Leadership
• Provide mentorship and training to junior engineers, ensuring adherence to secure networking best practices.
• Liaise with government agencies, defence contractors, and cybersecurity teams to ensure secure network integration.
• Participate in network security reviews, risk assessments, and penetration testing exercises.
Required Skills & Experience
• Expertise in Palo Alto firewalls and Aruba switches, with experience in military-grade network security configurations.
• Strong knowledge of switching and wireless networking for secure environments.
• Deep understanding of Azure networking, including VNETs, ExpressRoute, and VPN gateways, with a focus on defence sector security.
• Experience in VPN technologies, including IPSec, SSL VPN, and site-to-site connectivity for classified networks.
• Proven ability to design and manage hub-and-spoke network architectures for defence applications.
• Hands-on experience with network encryption standards, air-gapped networks, and secure communications protocols.
• Familiarity with defence cybersecurity regulations (e.g., JSP 604, NIST 800-171, ISO 27001, ITAR, Cyber Essentials Plus).
• Strong troubleshooting and problem-solving skills using advanced monitoring and diagnostic tools.
• Experience with network automation and scripting (Python, Ansible, PowerShell) is a plus.
• Security clearance eligibility may be required.
AAP/EEO Statement
Metrea Management LLC (MAM) is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or other characteristics protected by law.
Reasonable Accommodations Statement
To perform this job successfully, an individual must be able to perform each essential duty listed below satisfactorily. Reasonable accommodations may be made to enable qualified individuals with disabilities to perform the essential functions.
Other Duties
Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice.
Tags: Ansible Automation Azure Clearance Cloud CMMC Compliance DoD Encryption Firewalls Incident response Intrusion prevention IPS ISO 27001 Monitoring Network security NGFW NIST Pentesting PowerShell Python Risk assessment Scripting Security Clearance SIEM Threat intelligence VPN Zero Trust
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.