Network Engineer

Director of Talent Acquisition | Talent Acquisition Specialist, Strategist, and Leader | Process Excellence | Strategic Hiring

Location: Lorton, VA (22079)

Citizenship: U.S. Citizen (required for access to DHS IT systems)

Clearance: Must be able to obtain and maintain DHS/ICE Fitness Determination (Public Trust), including favorable preliminary Fitness and full NBIS eAPP investigation (SF-85P, OF-306, SSA-89, fingerprints, PREA questionnaire if required)

Schedule: Full-time; business hours (7:00–5:30, M–F) with required 24/7 on‑call availability

Hybrid Work: Lorton, VA roles may telework up to 2 days per week; 3 days onsite required (subject to mission needs)

Travel: Occasional CONUS travel; local travel within 50 miles is not reimbursable

Compensation: TBD

Role Overview

Harmonia Holdings Group is seeking an experienced SME Network Engineer to support DHS ICE Homeland Security Investigations (HSI) Title III and Linguists Unit (T3LU) under the CALEA program.

This role provides hands‑on leadership across all network engineering functions
, including architecture, routing, switching, firewall engineering, VPN and PKI integration, segmentation design, troubleshooting, and IA/accreditation‑grade documentation. The SME ensures the integrity, resilience, and performance of mission‑critical CALEA networks and collaborates closely with Systems, Virtualization, Storage, and Field Engineering teams to ensure end‑to‑end operational success.

This position supports DHS’s mission while contributing to Harmonia’s overarching goals: delivering premier technology services, driving mission‑focused innovation, sustaining organizational excellence, and being an employer of choice for skilled professionals.

• Design, document, and maintain CALEA network architecture, including:
• IP address schema and subnetting
• Firewall zoning, NAT policies, and security segmentation
• VPN tunnels, encrypted transport paths, and PKI integrations
• COOP/DR network routing and failover paths
• Produce and maintain authoritative network diagrams, data flows, trust boundaries, and configuration baselines.
• Evaluate, recommend, and implement enhancements to improve security, availability, and performance.

• Serve as the primary network engineer for diagnosing, resolving, and preventing outages across the CALEA enterprise.
• Perform packet‑level analysis (Wireshark/tcpdump), flow analysis, and log correlation to identify and remediate issues.
• Lead network upgrades, configuration changes, ACL/policy adjustments, and planned maintenance.
• Monitor network performance and availability; tune routing, firewall, and VPN parameters as needed.

• Engineer and maintain firewall policies and segmentation (Palo Alto preferred; Fortinet/Cisco ASA experience acceptable).
• Support security hardening, vulnerability remediation, and IA/ATO documentation requirements.
• Produce accreditation‑ready artifacts, including boundary diagrams, data‑flow representations, rule documentation, and enclave segmentation maps.
• Collaborate with ISSO and security teams to address findings and strengthen compliance posture.

• Document and support network dependencies across Active Directory, DNS/DHCP, VMware/vSphere, SAN/iSCSI/NFS storage, and application tiers.
• Validate end‑to‑end system functionality after network changes.
• Partner with Systems, Virtualization, Storage, and Field SMEs to maintain seamless operations across CALEA sites.
• Contribute to COOP/DR planning, design, and testing to ensure high availability and rapid failover capabilities.
• Support lab environment setup for replication, patch validation, and network simulation.

• Maintain technical documentation, diagrams, IP plans, SOPs, and configuration repositories.
• Coordinate with Harmonia and ICE technical leads to resolve issues, support field operations, and sustain mission readiness.

• Bachelor’s degree in IT, Engineering, or related field OR +5 years equivalent experience.
• 10+ years of enterprise network engineering experience with increasing responsibility.