Senior Cybersecurity & Network Systems Engineer

Title:

Job Summary

The Senior Cybersecurity & Network Systems Engineer leads modernization, security engineering, and network architecture efforts across Army test range environments within the DoW IT program. Leveraging deep expertise in Cisco ACI, SD‑Access, identity & access management, Zero Trust Architecture, containerized environments, and NIST‑aligned cybersecurity engineering, this role develops secure enterprise and deployable network solutions, performs site surveys, authors inputs, implements STIG and RMF requirements, and supports ATP/SAT validation activities. The engineer provides hands‑on configuration, system hardening, network migration execution, zero trust integration, and cross‑platform troubleshooting while ensuring all program deliverables (drawings, artifacts, diagrams, documentation, training inputs) meet Army standards and program objectives.

Roles and Responsibilities

Network Modernization & Engineering

· Engineer, harden, and deploy enterprise-grade network solutions including Cisco ACI/APIC, SD-Access, VLAN segmentation, AAA/TACACS+, and secure routing/switching architectures.

· Lead site surveys, spectrum assessments, infrastructure validation, OPSEC-compliant data gathering, and deliver inputs to the Test Network Modernization Plan (TNMP).

· Support creation and updates to Technical Direction Plans (TDPs), including equipment strategy, risk identification, ROM inputs, SLAs, and cyber requirements.

· Lead modernization of legacy environments to NIST-aligned architectures while maintaining operational continuity.

Cybersecurity Engineering & RMF/STIG Integration

· Apply NIST, RMF, and Zero Trust principles to all network modernization efforts.

· Develop STIG and eSTIG checklists, perform vulnerability scans, document findings, and support POA&M development.

· Architect and implement Zero Trust and IAM solutions using technologies such as Keycloak, Pomerium, PacketFence, and identity-centric access controls.

· Deploy and tune IDS/IPS tools such as Suricata, integrate with OPNsense, and enhance monitoring with Grafana/Prometheus.

DevOps, Automation & Modern Platform Integration

· Automate configurations and infrastructure using Ansible, Terraform, Helm, Docker, Kubernetes, and other automation frameworks.

· Support the engineering of containerized security labs, overlay networks, distributed K8s clusters, and secure cloud-adjacent architectures.

Testing, Validation & Acceptance (Aligned to C.5.4.6)

· Support development and execution of Acceptance Test Plans (ATP) and Site Acceptance Tests (SAT) for network, cybersecurity, and system performance verification.

· Conduct integration testing across modernized Cisco and containerized systems.

Documentation, Reporting & Compliance (Aligned to C.5.1)

· Generate technical diagrams, TNMP/TDP inputs, security artifacts, trip reports, and network documentation in accordance with Army deliverable standards.

· Maintain accurate configuration baselines, contribute to QMP/Safety plan inputs, and provide status inputs for the Monthly Status Report (MSR).

· Ensure all actions follow CHESS/IT procurement rules, IUID requirements, and DoD cybersecurity training/clearance requirements.

Basic Qualifications

· Bachelor's degree in related field and 7+ years of cybersecurity and network engineering experience supporting federal or enterprise environments.

· Strong hands-on experience with Cisco ACI/APIC, SD-Access, AAA/TACACS+, VLAN segmentation.

· Demonstrated capability implementing NIST-aligned cybersecurity controls and Zero Trust architectures.

· Experience with IAM solutions including Keycloak, policy-based authentication, and SSO federations.

· Hands-on experience with Docker, Kubernetes, Helm, Proxmox VE, and infrastructure automation.

· Experience operating IDS/IPS systems (Suricata), OPNsense, Grafana, and packet analysis platforms.

· CompTIA Security+ and A+ certifications.

Preferred Qualifications

· Experience supporting RMF, eMASS package inputs, STIG compliance and vulnerability remediation.

· Familiarity with Army networks, TDL/TDP processes, and DISA STIG/SRG baseline configurations.

· Experience with wireless surveys, RF spectrum analysis, and site infrastructure validation.

· Experience with deployment of Zero Trust overlays (OpenZiti, Pomerium) and NAC solutions (PacketFence).

· Exposure to Cisco Security training: SCOR, SAUI, CBROPS.

· Experience with large migration efforts, Windows Server 2016 networking/identity, and secure endpoint integration.

· Familiarity with CHESS procurement processes, and IUID-tagging environments.

KBR Benefits

KBR offers a selection of competitive lifestyle benefits which could include 401K plan with company match, medical, dental, vision, life insurance, AD&D, flexible spending account, disability, paid time off, or flexible work schedule. We support career advancement through professional training and development.

Belong, Connect and Grow at KBR
At KBR, we are passionate about our people and our Zero Harm culture.  These inform all that we do and are at the heart of our commitment to, and ongoing journey toward being a People First company.  That commitment is central to our team of team’s philosophy and fosters an environment where everyone can Belong, Connect and Grow. We Deliver – Together. 

KBR is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, disability, sex, sexual orientation, gender identity or expression, age, national origin, veteran status, genetic information, union status and/or beliefs, or any other characteristic protected by federal, state, or local law.