Network Security Engineer II

Summary

The Network Security Engineer II is responsible for safeguarding enterprise and mission networks within the PMW 790/STACC environment. This position designs, configures, monitors, and maintains network-security systems that protect classified and unclassified Navy information systems. The engineer ensures compliance with DoD cybersecurity policies, implements Zero Trust principles, and collaborates with Cyber and Network Operations teams to maintain resilient, accredited network infrastructures.

• Configure, operate, and maintain enterprise firewalls, intrusion detection/prevention systems (IDS/IPS), and other boundary-defense appliances (e.g., Cisco ASA, Palo Alto, Fortinet, Snort, Suricata).
• Perform vulnerability scanning, security-event correlation, and analysis using ACAS, HBSS, and SIEM tools.
• Develop and maintain firewall and access-control policies that align with DoD RMF and STIG requirements.
• Conduct incident detection, response, and root-cause analysis to mitigate network threats or anomalies.
• Support Cross-Domain Solution (CDS) operations and data-transfer controls across classification levels.
• Coordinate with Network Engineering, System Administration, and Cybersecurity teams to ensure a consistent security posture across the enterprise.
• Document network-security configurations, change-control records, and security standard operating procedures (SOPs).
• Participate in security assessments, inspections, and accreditation activities.
• Recommend network security improvements, automation, and modernization initiatives aligned with Zero Trust Architecture guidance.
• Maintain ASA, IPS/IDS, HBSS, and CDS solutions; perform vulnerability scanning and remediation; and support Zero Trust network segmentation and incident response in coordination with enterprise cyber teams.

• Bachelor’s degree in Cybersecurity, Computer Engineering, or related discipline (or equivalent technical experience).
• Cisco ASA or Palo Alto experience.
• Experience with ACAS/HBSS tools.
• IAT Level II certification (Security +).
• 5+ years of network security engineering experience supporting DoD or Navy environments.
• Experience supporting RMF accreditation or network ATO sustainment within NAVWAR or PEO C4I programs preferred.
• Ability to work both independently and as part of a cross-functional team; ready for occasional travel or onsite support as required.
• Proven problem-solving abilities with strong analytical and troubleshooting skills.
  
  Excellent communication skills: able to explain technical issues to technical and non-technical stakeholders.

San Diego, CA | Norfolk, VA | Charleston, SC | Pearl Harbor, HI | Panama City, FL

Secret (eligible for TS/SCI)