Cyber Countermeasures Engineer

By Light Professional IT Services LLC readies warfighters and federal agencies with technology and systems engineered to connect, protect, and prepare individuals and teams for whatever comes next. Headquartered in McLean, VA, By Light supports defense, civilian, and commercial IT customers worldwide.

By Light is hiring a Network/Systems Engineer to support the Cloud Based Internet Isolation (CBII) Program. The CBII Network/Systems Engineer will assist in engineering efforts to assess, design, test, and recommend deployable solutions to improve all aspects of the CBII program. Engineering roles and responsibilities encompass both on-premises and cloud-based network infrastructure and services, to include network load balancers, routers, switches, proxy servers, firewalls, SSL Break & Inspect, enterprise directory & authentication services, Access Control Lists (ACLs), secure remote access (i.e., Secure shell, Secure VPN, IPSec), DNS, and IPv4/IPv6 topologies. This position is also responsible for providing implementation, integration, and migration support in addition to supplementing Tier 3 support for the CBII program by conducting root cause analysis, associating policy configurations with event data and traffic behavior, and coordinating directly with key government stakeholders to address critical issues.

Employ disciplined systems engineering processes including, but not limited to, requirements development, technical management and control, and system design and architecture
• Implement system engineering best practices associated with risk management, configuration management, data management, test and evaluation (T&E), and verification and validation (V&V) throughout the period of performance
• Support the design and development of systems and processes and their integration into the overarching enterprise DoD architecture
• Work with DoD network administrators and CBII Subject Matter Experts (SMEs) to ensure proper security requirements are met/exceeded for the overarching enterprise DoD architecture
• Provide, update, and maintain design and development documents and supporting architectural documentation in compliance with Department of Defense Architectural Framework (DoDAF) Enterprise Architecture guidance, or other frameworks as identified as required
• Support routing and switching analysis of enterprise-wide and large-scale networking infrastructure (CAN, MAN, WAN) to include, but not limited to: troubleshooting routing protocols and peering configurations, making route optimization recommendations, and highlighting congestion points
• Ensure network infrastructure is supported by government approved hardware/software solutions
• Evaluate network transport and security architectures IAW industry and government standards
• Evaluate network utilization, dataflows, trends, issues, and risk-factors to enhance organizational and planning recommendations while developing appropriate corrective action plans as needed to ensure that all customer requirements and/or SLA requirements are satisfied
• Conduct market research to identify products and features that meet CBII integration requirements
• Provide technical expertise during design review, test planning, test execution, product evaluation and test report compilation, and results demonstrations
• Provide technical expertise in support of implementation planning and all associated deployment, integration, and migration activities required to deliver cutting-edge cloud-based security services to DoD organizations across large-scale, complex enterprise networks in production environments
• Review emerging security requirements for DoD NIPRNet protection
• Assess and analyze new and current requirements in conjunction with current NIPRNet architecture; Propose and evaluate potential solutions as they apply to existing CBII architecture
• Support DoD security audits, risk assessments, threat analyses, contingency planning activities in accordance with applicable risk management frameworks, security standards, and best practices
• Review security threats to current DoD internet gateway infrastructure, architecture, and technology to identify, design, integrate, test, and deploy effective countermeasures IAW established policies/regulations/directives
• Provide real-time engineering support to CBII Network Operations Center (NOC) personnel and interface directly with DoD customers, CBII PMO, and/or DJOC to address critical issues

• BS in Computer Science, or related area required, with minimum 5 years work experience.
• DoD 8570-01-M IAT Level II or higher (i.e., Security+, GSEC, SCNP, SSCP, CISSP, CCSP)
• Network and System Engineering experience to include Mobility, Cybersecurity, and Testing
• Expertise in large-scale IP Networking and Testing
• Routing protocols: BGP, MP-BGP, MPLS/RSVP, OSPF, IS-IS, RIP, Multicast, IPv6, QoS
• Possess excellent interpersonal communication skills with the ability to interact with management and staff at all levels
• Experience generating actionable test plans/strategies and compiling associated documentation
• Experience generating professional Standard Operating Procedure (SOP) documentation
• Ability to conduct Virtual Instructor-Led Training for customer network/system administrators

• Architectural or operational experience with web proxy and/or proxy-chained security solutions
• Architectural or operational experience hosting/integrating cloud services in AWS (or Azure/GCP)
• Architectural or operational experience with AWS GovCloud (or Azure Government / GCP IL4+)
• Cloud Solutions Architecture or DevOps Engineering certifications (Associate or Professional)
• Experience working directly with Network Boundary teams and Firewall/SWG/WCF technologies
• Experience with MobileIron or other Mobile Device Management (MDM), Mobile Application Management (MAM), Enterprise Mobility Management (EMM), or Unified Endpoint Management (UEM) solutions
• Experience deploying, managing, and/or maintaining PKI solutions
• DNS/ERS/ECS subject matter expertise
• DISN or commercial internet IP design experience

• Minimum SECRET Clearance required
• Travel: Minimal
• On-site work required (remote hybrid schedule for local candidates)
• Performed at the By Light office in Hanover, MD and JFHQ, Ft. Meade, MD

Based on the roles, responsibilities, and requirements, the projected pay range for this position is: $160,000 - $175,000.

The annual base salary provided is a guideline for this position and is not a guarantee of compensation or salary. When extending an offer, By Light also considers other variables such as (but not limited to) work experience, education, training, skill set, internal peer equity, clearance level, and market conditions. In addition, By Light provides an extensive selection of benefits and offerings to our employees.