Systems Administrator/Security Integration Engineer SME

Senior Network Architect / Security Integration Engineer (SME)

The Senior Network Architect / Security Integration Engineer (SME) serves as the technical lead for the architecture, design, integration, testing, and deployment of Software Defined Networking (SDN), Zero Trust Architecture (ZTA), Software Defined Perimeter (SDP), and Micro-Segmentation capabilities within federal/DOD environments.

This role is responsible for translating mission requirements into secure, scalable network architectures while developing and enforcing advanced security policies that support Zero Trust initiatives. The position serves as the senior technical authority for software-defined networking, security segmentation, traffic flow analysis, policy engineering, endpoint validation, and enterprise integration activities.

The successful candidate will lead technical design efforts, develop test strategies, oversee engineering documentation, troubleshoot complex network and security issues, and coordinate directly with government stakeholders, engineering teams, cybersecurity personnel, and enterprise service owners.

Lead end-to-end design of SDN, ZTA, SDP, and micro-segmentation architectures across DoDIN and DHS enterprise environments

Develop High-Level Designs (HLDs) and Low-Level Designs (LLDs) for software-defined networking and security environments

Define network segmentation, policy enforcement, and Zero Trust security architectures

Ensure interoperability with enterprise transport services, security infrastructure, and mission systems

Translate mission requirements into secure, scalable, and supportable technical architectures

Architect and guide deployment of software-defined networking solutions including Cisco SD-WAN, Cisco Software Defined Access (SDA), VMware NSX or equivalent technologies

Establish automation strategies using APIs, Ansible, Python, and Infrastructure-as-Code methodologies

Drive standardization of templates, configurations, deployment models, and operational procedures

Lead design and implementation of Zero Trust Architecture capabilities across enterprise environments

Architect Software Defined Perimeter (SDP) solutions utilizing AppGate or equivalent Zero Trust technologies

Design and implement micro-segmentation architectures utilizing Illumio or equivalent segmentation platforms

Develop security policies based on application dependencies, user identity, device posture, and mission requirements

Translate cybersecurity requirements into enforceable security policies and access control models

Analyze traffic flows and dependency mappings to create hardened least-privilege security architectures

Integrate identity services, PKI infrastructure, certificates, authentication services, and access control mechanisms into Zero Trust environments

Develop comprehensive technical test plans and endpoint validation strategies

Establish security enforcement testing procedures and operational validation methodologies

Lead lab testing, pilot deployments, and operational acceptance testing activities

Validate segmentation boundaries, access control policies, and application dependency mappings

Develop repeatable test frameworks supporting mission and operational use cases

Ensure designs align with Risk Management Framework (RMF), DISA STIG requirements, NIST Zero Trust Architecture guidance and DoD Cybersecurity policies

Support Authorization to Operate (ATO) activities and accreditation efforts

Integrate security controls including encryption, identity enforcement, segmentation, and policy management

Support compliance documentation and security engineering reviews

Coordinate firewall path validation, identity integrations, PKI services, and directory service dependencies

Provide technical leadership during design reviews, IPT meetings, PMO syncs, and engineering reviews

Analyze live network traffic and application dependencies

Develop dependency matrices and communication flow mappings

Engineer highly accurate security policies based on observed application behavior

Validate routing, switching, security, and authentication paths supporting enterprise applications

Serve as Tier III escalation authority for SDN, SDP, and micro-segmentation deployments

Utilize Wireshark and packet-level analysis to troubleshoot communication failures

Diagnose routing issues, policy conflicts, firewall enforcement problems, authentication failures, and application connectivity issues

Validate client-to-controller communication paths and security policy enforcement mechanisms

Serve as lead architect across programs, projects, and task orders

Mentor engineers and provide technical oversight for implementation teams

Validate solutions in lab environments, integration facilities, and operational test environments

Drive delivery discipline ensuring architectures are executable, supportable, secure, and scalable

Produce and maintain:

• Architecture diagrams
• High-Level Designs (HLD)
• Low-Level Designs (LLD)
• Test plans
• Validation plans
• Security policy documentation
• Technical implementation plans

Review and approve engineering artifacts generated during pilots and production deployments

Support Configuration Control Boards (CCB) and Engineering Review Boards (ERB)

Provide technical inputs to executive briefings and strategic planning efforts

Requirements

Bachelor's Degree in Engineering, Computer Science, Information Systems, Cybersecurity, or related field

Master's Degree preferred

10+ years of progressive experience supporting enterprise networking, cybersecurity environments and firewall technologies

5+ years designing or implementing Software Defined Networking (SDN), Zero Trust Architecture (ZTA) and Enterprise Security Architectures

Experience supporting federal regulated enterprise environments; ability to work in secure DoDIN environments required

Active Secret clearance or higher

Deep expertise in:

Routing and Switching (BGP, OSPF, MPLS)

Layer 2 and Layer 3 network architectures

Network segmentation and security architecture

Stateful firewalls and policy enforcement

Zero Trust Architecture

Software Defined Perimeter concepts

Micro-segmentation architectures

PKI and certificate-based authentication

Active Directory and LDAP integration

Wireshark or equivalent packet capture and analysis tools

Automation (Ansible, Python, REST APIs)

VMware environments

AWS GovCloud

Microsoft Azure Government

Infrastructure orchestration technologies

Hands-on experience with Cisco SD-WAN, Cisco SDA, Cisco ISE, Firepower (FTD), Palo Alto, or equivalent firewall platforms

Preferred Skills

Experience supporting large-scale SD-WAN deployments

Experience implementing Zero Trust initiatives within federal environments

Experience with AppGate, Illumio, Guardicore, Zscaler, or equivalent technologies

Experience developing micro-segmentation policies from application dependency mapping

Experience supporting federal C5I environments

Experience in lab-based integration and validation environments

Required Certifications

Cisco Certified Network Professional (CCNP Enterprise or Security)

CompTIA Security+

Preferred Certifications

Cisco CCIE Enterprise Infrastructure

Cisco CCIE Security

CISSP

VMware VCP-NV

Zero Trust Architecture or similar

Work Environment

Hybrid work environment with some travel to customer and integration lab locations as required

Participation in after-hours maintenance windows, cutovers, and incident response activities as required