Boundary Engineer - Mid

The AFINC II contract supporting the 26^th Network Operations Squadron (26NOS) is seeking qualified Firewall Network Engineers. The Boundary Protection team oversees an enterprise DoD environment supporting the USAF that requires a unique and dynamic skill set. They are expected to complete associated training programs and/or actively pursue professional development/cross-training opportunities. If you are seeking a challenging and fast paced workplace, please review the list of responsibilities and qualifications. Candidates that do not meet all qualifications, are still considered on their relevant experience in similar environments.

As a dynamic systems integrator, SMS offers proven solutions in engineering, operations, cybersecurity, and digital transformation. With expertise in modernizing and optimizing legacy infrastructure and systems, ensuring operational efficiency, and designing, implementing, and managing secure environments, SMS supports business and mission goals with proficiency, quality, and integrity.

SMS has been serving the advanced information technology needs of the federal government since 1976, delivering talented teams and innovative, cost-effective solutions and services to support our customers’ missions for more than 40 years. SMS is headquartered in McLean, Virginia, with offices and on-site operations at customer locations throughout the United States. For additional information on SMS, visit www.sms.com.

Submit your resume today!

Duties & Responsibilities:

• Serve as a Boundary Protection Team Operator for the 26th NOS.
• Oversee intrusion detection, intrusion prevention, boundary protection and vulnerability assessment operations to defend the Air Force Network (AFNet). 
• Identify unknown or unauthorized sources which attempt to access the AFNet and, when such attempts occur, notifies the appropriate AF agencies. 
• Monitors, operates, and maintains intrusion detection/prevention systems, firewalls, load balancers, and web proxies to protect AFNet resources from both internal and external threat.
• Perform packet capture analysis as required.
• Complete special projects, as assigned.

Network Operations:

• Manage all network security devices across the WAN, to include enterprise-wide functions for firewall, proxies, load balancers, IDS/IPS, VPNs, and malicious code response.
• Assists on-site LAN engineers with troubleshooting support of network equipment and installation of new hardware.
• Perform minor and major operating system upgrades on all network security devices.

Enterprise network troubleshooting:

• Works with all corresponding technical support teams as required to resolve network traffic concerns.
• Utilizes monitoring tools and log collectors to provide in-depth analysis on traffic anomalies and issues.
• Works network issues to resolution for customers via trouble tickets, change requests, and phone calls, in direct support with base-level, NOSC-level, and DISA counterparts.
• Receives inbound calls from enterprise customers and work with other external NOCs to troubleshoot and resolve policy configuration issues.

• with Palo Alto firewalls, F5 appliances, and Cisco ASAs is preferred.

Device and traffic monitoring:

• Performs daily health checks to acknowledge system level faults and begin the process of resolution.
• Utilizes monitoring tools and log collectors to begin initial analysis on network traffic, including (but not limited to) Splunk, Schnozz, ELK, InfoVista, and NIKSUN.

 Flexible schedule as needed:

• This position requires periodic weekend and shift work.
• It may be required to come in earlier than normal, stay later than normal, or work off shifts to meet contract requirements or to support network changes during off peak maintenance windows.

Qualifications/Requirements:

• Candidate should have 3+ years of years of hands-on experience in:
  • Enterprise network management, focusing primarily on Firewalls.
  • Installation, configuration, and support of network switches, routers, and wireless APs
  • Configuration and support of firewalls and network security devices (e.g. VPN, IPS, Web/URL filtering)

• Experience configuring and managing IDS, Firewalls, and other network security platforms.
• Familiarity and experience with Palo Alto firewalls, F5 appliances, and Cisco ASAs is preferred.
• Proven experience and success with LAN, WAN, and WLAN implementation and management.
• Proven experience with network capacity planning, network security principles, and general network management best practices.
• Strong working technical knowledge of current network hardware, protocols, and Internet standards, including Cisco products and solutions.
• Strong, hands-on technical knowledge of network and PC operating systems, including Cisco IOS platforms.
• Excellent network hardware troubleshooting experience.
• Ability to understand the organization's goals and objectives and implement solutions to meet those goals and objectives.
• Knowledge of networking protocols and IP subnetting
• Knowledge of routing protocols (e.g. OSPF, EIGRP, IS-IS, BGP)

• Must be able to push/pull, lift, or carry up to 50 lbs.
• Must be willing to travel up to 5% of the year, dependent on contract needs and requirements that may arise.

Education/Certification(s):

• Technical degree, Associates or, bachelor’s degree in computer science/information systems, Science/Engineering/Math or 2-4 years’ relevant experience in Information Technology preferably within system or application administration is acceptable.
• Requires a DoD 8570.01-M Information Assurance Technical (IAT) Level II certification:
  • CompTIA Security+ CE (Continuing Education)
  • CompTIA Cybersecurity Analyst (CySA+) CE (Continuing Education)
  • (ISC)² Systems Security Certified Practitioner (SSCP)
  • GIAC Global Industrial Cyber Security Professional (GICSP)
  • GIAC Security Essentials Certification (GSEC)
  • (ISC)² Systems Security Certified Practitioner (SSCP)
•  Requires at least one or more Computing Environment/Operating System (CE/OS) Defense Cyberspace Workforce Certification (DCWF) requirement(s):
  • Palo Alto - PCNSA
  • Cisco - CCNA
  • F5 BIG-IP Certified Administrator
  • F5 CTS Global Traffic Manager
  • F5 CTS Big-IP ASM
  • F5 CTS Big-IP APM
  • Broadcom Software Proven Professional (ProxySG)

Clearance: 

• Active DoD Secret or higher required.

SMS is a dynamic systems integrator established in 1976, delivering talented teams and innovative, cost-effective solutions and services to support our customers’ missions for more than 47 years. Our ability to hire and retain quality people in a rapidly evolving IT market is proven through our employee retention rate averaging over 3 years. At SMS, we place a high value on quality of service, customer satisfaction, and best-of-breed policies and practices, resulting in CMMI Level 3 certification and ISO registrations including 9001:2015, 20000-1:2018, and ISO/IEC 27001:2013. SMS is headquartered in McLean, Virginia, with offices and on-site operations at customer locations throughout the United States. 

SMS is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.