Are you interested in using your skills to help shape the Cyber, Security, & Intel space? If so, look no further. Amentum is seeking a Network Security Engineer, Senior to join our team of passionate individuals in Ft. Meade, MD. In this role you will support challenging, mission-critical projects that make a direct impact on the Nation’s security and intelligence mission.

Your Impact:

In support of a DISA effort, Amentum is assembling a team of network engineers, systems engineers, Unified Communications Engineers, and Integration Engineers, change management specialists, information assurance professionals, and procurement personnel knowledgeable in SCRM processes to support a program that provides critical network capabilities to the Department of Defense. Amentum is committed to recruiting and retaining this team for prototype development, test, and demonstration, as well as making this team available longer term for integration, deployment and sustainment as needed.

Candidates interested in joining the team must be critical thinkers, have a strong work ethic, and be able to work independently or as a member of a team in a dynamic environment that supports a critical and rewarding mission. We value candidates who are detail-oriented while also being able to think and react quickly to emerging and unique problem sets. To be successful, you must be able to rapidly adapt and learn how to operate the front and back end of new products and processes.

Responsibilities:

Security Architecture & Design:

• Design, architect, and implement robust and scalable Cisco security solutions, including network segmentation, access control, threat detection, and prevention.
• Develop detailed network and security architecture diagrams, documentation, and standard operating procedures (SOPs).
• Provide expert guidance and recommendations on security best practices, emerging threats, and new technologies.
  
  elopment

Cisco Secure Analytics (Stealthwatch) Management:

• Serve as the technical SME for Cisco Secure Network Analytics, including design, deployment, tuning, and operational support.
• Monitor and analyze network traffic using Secure Network Analytics to detect insider threats, data exfiltration, lateral movement, and anomalous behavior.
• Integrate Secure Network Analytics with other security platforms (e.g., SIEM, SOAR, threat intelligence) to enhance visibility and automate response.
• Develop and maintain custom dashboards, security reports, and alerts based on business and security requirements.
• Conduct regular health checks, upgrades, and patch management for the Secure Network Analytics ecosystem.

Cisco Identity Services Engine (ISE) Expertise:

• Design, implement, and manage Cisco ISE deployments for wired, wireless, VPN, and network access control.
• Configure and optimize ISE security policies, authentication/authorization rules (RADIUS, TACACS+, 802.1x), and profiling for various endpoints.
• Implement and maintain posture assessment, guest access, and device on-boarding functionalities within ISE.
• Troubleshoot complex ISE-related issues, including connectivity problems, policy conflicts, and authentication failures.
• Develop and implement automation scripts (e.g., Python, APIs) for ISE configuration management and reporting.

Cisco Firepower Management Center (FMC) & FTD Administration:

• Administer, configure, and troubleshoot Cisco Firepower Threat Defense (FTD) firewalls and manage security policies through Cisco Firepower Management Center (FMC).
• Implement and manage intrusion prevention/detection systems (IPS/IDS) on FTD devices, tuning rulesets for optimal detection and minimal false positives.
• Configure and manage VPN technologies (IPSec, SSL VPN) on Firepower devices.
• Perform regular configuration audits, optimize performance, and ensure high availability of Firepower deployments.
• Support incident response activities related to firewall logs and events.

Incident Response & Threat Management:

• Lead incident investigations based on network anomalies and security alerts from Cisco Secure Analytics, ISE, and FMC.
• Collaborate with Security Operations Center (SOC) and other IT teams to fine-tune detection rules, reduce false positives, and improve overall security posture.
• Contribute to the development and improvement of incident response playbooks.

Automation & Scripting:

• Utilize scripting languages (e.g., Python, Ansible, Terraform) to automate security operations, policy deployments, configuration validation, and reporting.
• Work with REST APIs for integration and automation of security tools.

Mentorship & Documentation:

• Provide technical leadership, guidance, and mentorship to junior security engineers and operational teams.
• Maintain detailed technical documentation, including network diagrams, change logs, and standard operating procedures (SOPs).

Qualifications:

• High School diploma plus 15 years of hands-on experience in network security engineering, with a strong focus on Cisco security products; Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field strongly desired
• In-depth experience with Cisco Secure Analytics (Stealthwatch) design, implementation, and optimization
• Extensive experience with Cisco Identity Services Engine (ISE) for NAC, AAA, and device administration in large-scale enterprise environments
• Proven expertise in administering and configuring Cisco Firepower Threat Defense (FTD) and Firepower Management Center (FMC)
• Strong understanding of network protocols (TCP/IP, UDP, DNS, DHCP, VLANs, routing protocols like OSPF, BGP) and network segmentation
• Experience with other security technologies such as VPNs, IPS/IDS, malware analysis, and cloud security
• Proficiency in scripting languages (e.g., Python) for automation and API integrations.

Preferred Skills:

• CCIE Security Certification (strongly desired)
• Experience with other security vendors and technologies (e.g., Palo Alto, Fortinet, Splunk)
• Knowledge of Zero Trust architecture and microsegmentation concepts
• Experience in Intelligence Community network environments

#Javelin

Pay Transparency Verbiage

Amentum’s health and welfare benefits are designed to invest in you and in the things you care about. Your health. Your well-being. Your security. Your future. Eligible employees and their dependents may elect medical, dental, vision, and basic life insurance. Employees are able to enroll in our company’s 401k plan, and, if eligible, a deferred compensation plan and Executive Deferral Plan. Employees will also receive 17 days of vacation per year, seven paid holidays, plus floating holidays and caregiver leave. Hired applicants will be able to purchase company stock and have the opportunity to receive a performance discretionary bonus.

The base salary range for this position is $160,000 to $180,000. This range reflects the minimum and maximum target for new hire salaries for the position across all US locations. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training.