Network System Architect with Security Clearance
CAE USA · Arlington, TX · 1 mo ago
Information Technology$76k/yrFull-time
About the role
CAE Defense & Security Mission: CAE's Defense and Security business unit focuses on helping prepare military customers to develop and maintain the highest levels of mission readiness.
CAE Values: Empowerment, Innovation, Excellence, Integrity and OneCAE make us who we are and we strive to make a difference in the world while helping each other succeed. What We Have to Offer: Comprehensive and competitive benefits package and flexibility that promotes work-life balance, a work environment where all employees are valued, respected and safe, freedom to succeed by enabling team members to deliver, take initiatives and make decisions, recognition, professional development, advancement and having fun!
Responsibilities
- Architectural Design: Develop end to end WAN architecture that meets performance, scalability, and security requirements for the Air Force Training, Modeling and Simulation Community.
- Implementation & Deployment: Lead the installation, configuration, and testing of WAN components (MPLS, SDWAN, VPN, satellite links, edge routers, firewalls, and load balancers).
- Performance & Reliability Management: Define and enforce key performance indicators (KPIs) such as latency, jitter, packet loss, and uptime, conduct capacity planning, traffic engineering, and fault tolerance assessments to guarantee mission availability.
- Security & Compliance: Design and implement secure network boundaries, segmentation, and encryption mechanisms in line with DoD and CAE security policies, perform regular vulnerability assessments, penetration testing, and compliance audits.
- Stakeholder Collaboration: Work closely with simulation developers, cybersecurity teams, logistics planners, and senior leadership to align network solutions with operational goals, provide technical guidance and training to internal teams and external partners.
- Documentation & Knowledge Management: Produce and maintain comprehensive network diagrams, configuration baselines, change-management records, and troubleshooting guides, capture lessons learned and best practices for future projects.
- Vendor & Budget Management: Evaluate and select networking equipment, software, and service providers, prepare cost estimates, manage project budgets and timelines.
- Continuous Improvement: Monitor emerging WAN technologies (e.g., SDWAN, edge computing) and recommend enhancements to keep the network state of the art, lead post deployment reviews and iterative optimization cycles.
Qualifications and Education Requirements
- Bachelor's degree in Computer Science, Information Technology, Electrical Engineering, or a closely related field.
- 8 years of progressive experience in network design, implementation, and management.
- Proven track record designing large scale, multi-site enterprise networks (LAN/WAN, SD WAN, MPLS, VPN, etc.).
- Experience with cloud networking (AWS, Azure, GCP) and hybrid cloud architectures.
- Hands-on experience with network security (firewalls, IDS/IPS, Zero Trust, segmentation).
- Familiarity with virtualization (VMware, Hyper V, KVM) and software defined networking (SDN, NFV).
- Deep knowledge of routing protocols (OSPF, EIGRP, BGP, IS-IS).
- Switching technologies (VLANs, STP, MSTP, EtherChannel, QOS).
- Network design tools (SolarWinds, Lucidchart, Visio).
- Network monitoring & troubleshooting (Wireshark, NetFlow, sFlow, SNMP).
- Security technologies (Cisco ASA/Firepower, Fortinet, Palo Alto, Check Point).
- Cloud networking services (AWS VPC, Azure VNets, GCP VPC, Direct Connect, ExpressRoute).
- Experience with network automation frameworks (Ansible, Terraform, Python).
- Knowledge of Zero Trust architecture and micro segmentation.
- Familiarity with network performance monitoring and capacity planning tools.
- Previous DoD/government cyber security experience.
- Experience with Risk Management Framework (RMF) and Authorizing Officials (AO)
- Proven experience designing network architectures that directly support NIST SP 800-53 Rev.5 controls including boundary definition, segmentation, encryption in transit, auditing, and least-privilege enforcement across developmental and operational networks.
- Demonstrated ability to translate NIST Rev 5 requirements into technical network designs, including evaluating control tradeoffs, proposing compensating controls, and supporting risk-based decisions with cyber compliance teams.
- Experience with applying applicable Security Technical Implementation Guides (STIG) guidance.
- Multi-Factor Authentication (MFA) implementation in a classified environment.
- Implementation of Active Directory Domain solutions across enterprise networks.
- Experience with Cross-Domain System (CDS) and Data Guard configuration and authorization.
- Strong analytical and problem solving abilities.
- Excellent communication skills (technical and non-technical stakeholders).
- Project management experience (Agile/Scrum and Waterfall).
- Ability to mentor junior engineers and lead cross functional teams.