Network Cybersecurity Engineer Sr. ( R-00087695-OTHLOC-6314 )
The Leidos Cybersecurity Architecture and Engineering (CAE) organization has an immediate opening for an experienced, and motivated Network Security Engineer Sr. This role can be supported remotely or from one of the following locations: Gaithersburg, MD, Reston, VA or Orlando, FL.
As a member of the Cybersecurity Architecture and Engineering Team (CAE), the Network Security Engineer Sr. will serve as the cybersecurity subject matter expert and primary interface to the Enterprise Infrastructure (IE) Networking Organization. You will join a team of other Cybersecurity Engineers, and support the design, development, and deployment of Leidos Global Enterprise Network Security Architecture, Leidos Software Defined Datacenter (SDDC), and Infrastructure as a Service (IaaS) architectures. The role requires solid foundations in network security to include: layer 7 firewall capabilities, remote access, and the technical implementation of compliance standards. The candidate's primary responsibilities include engaging with the Enterprise Infrastructure teams to support integration or enhancements by developing cybersecurity requirements, leading discussions to ensure security objectives are met, and providing engineering support throughout the project lifecycle. The candidate will also be responsible for supporting the Leidos cyber risk assessment process to ensure Leidos' high security posture standards are met.
- Act as the technical Network Cybersecurity SME supporting Enterprise Infrastructure globally at Leidos.
- Work closely with other Cybersecurity Architects and Engineers with different areas of expertise (Application, Endpoint, Cloud, Mobile, etc.). This includes providing Network Security insight into their initiatives, and leaning on this vast pool of talent to help solve Application/Endpoint/Cloud/Mobile roadblocks within Network Security Environments.
- Take lead on security Design Engagement Reviews (DERs) for Network centric Enterprise Infrastructure Projects to include Data Center design and consolidations.
- Work with other Network Security Engineers on significant network security enhancements to include: Network Security Stack in the cloud, Web Application Firewalls (WAF), Cloud Access Security Brokers (CASB), or Secure Web Gateways (SWGs), and Software Defined Perimeter (SDP) technologies.
- Bachelor's degree and 12+ years of experience in Information Security with a real passion for the field. Additional years of relevant experience, training, and/or professional certifications will qualify in lieu of a degree.
- Must be able to obtain a Security Clearance and therefor have US citizenship. Individuals do not need to possess a clearance today.
- Must have a background in Network Security, and basic knowledge of the OSI model, TCP/IP protocols, and access fundamentals.
- Experience designing enterprise class environments to include layer 7 firewall solutions (examples include experience with Check Point, Fortinet, Juniper, Cisco or Palo Alto).
- Ability to write and verbally communicate effectively to both technical and non-technical audiences.
- A self-starter who can execute at the architect level using a combination of learned skills, personal networking, and grit to achieve objectives.
- Must have strong problem-solving and analytical skills, and demonstrate poise in communicating with non-technical audiences.
All of the below are not requirements, but would bring significant value to the team:
- Experience with a firewall policy management tool such as Tufin, Algosec or Firemon.
- Experience as a Solution Architect designing, reviewing, and securing environments.
- A fundamental understanding of Cloud IaaS/SaaS delivery models with experience in any one of the following: AWS, Microsoft, Google, or Oracle clouds. This will set the foundation for what it takes to design access controls to Enterprise IaaS/SaaS capabilities.
- Experience designing, deploying or maintaining enterprise class IDS/IPS solutions such as SNORT, Suricata, Cisco FirePower, or McAfee Intrushield.
- Previous experience with Web Application Firewalls (WAF), Cloud Access Security Brokers (CASB), or Secure Web Gateways (SWGs), Software Defined Perimeter (SDP), or Secure Access Service Edge (SASE) technologies. Examples include technologies like zScaler, SkyHigh, Netskope, or Palo Alto Prisma to name a few.
- Previous experience with Remote Access capabilities to include Virtual Private Network (VPN) tooling as well as Zero Trust Network Access (ZTNA) solutions which grant secure access to Leidos remote endpoints, application APIs, and services.
- Possess one of the following certifications: Palo Alto Certifications, Juniper Certification, Cisco Certifications (CCNA, CCNP, CCIE), Check Point Certifications, SANS Certifications (GIAC, etc), RedHat Certifications.
The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.