VPN Engineer

(Zero-Trust, NAT-Traversing Secure Connectivity)
Clearancejobs.com is currently seeking a Secure Overlay/VPN Engineer in Rochester, NY, Clifton, NJ, Columbia, MD Sunrise, FL ,San Diego.

The Secure Overlay / VPN Engineer designs, implements, and operates identity-based, encrypted network overlays that function reliably across NAT-restricted, mobile, and unreliable transport environments. This role focuses on secure peer discovery, tunnel establishment, and resilient traffic protection across radios, edge devices, and cloud gateways.
This position treats network security as software, not as traditional firewall rule administration.
If you would like the opportunity to build systems that automatically form, maintain, and recover secure connectivity in dynamic, distributed environments, then we want to speak to you!

Please apply!Core Responsibilities

• Design, implement, and maintain VPN gateways and peer-to-peer secure overlay networks
• Support NAT traversal, VPN hole punching, and decentralized peer discovery mechanisms
• Optimize encrypted tunnels for latency, jitter, packet loss, and intermittent connectivity
• Manage cryptographic identities, including key generation, rotation, and certificate lifecycles
• Ensure multicast and control-plane traffic can traverse encrypted overlays when required
• Collaborate with SDN, routing, and platform teams to align overlay behavior with network and security policy
• Troubleshoot complex overlay networking issues across heterogeneous transports and endpoints

Required Technical Expertise VPN & Overlay Technologies

• WireGuard (preferred)
• StrongSwan / IPsec
• Familiarity with ZeroTier / Tailscale architectural concepts

NAT Traversal & Connectivity

• STUN / TURN / ICE fundamentals
• UDP/TCP hole punching strategies
• Experience operating across carrier-grade NAT, mobile networks, and constrained links

Security Fundamentals

• Public key cryptography
• Certificate-based authentication
• Secure key management and automated rotation

Linux Networking

• Network interface configuration and management
• Routing behavior and policy-based routing
• Understanding of firewall interactions with encrypted tunnels

Distributed Systems Thinking

• Peer discovery and membership management
• Failure detection and recovery
• Autonomous reconnection and self-healing behaviors

Ideal Background

• Secure communications platforms
• Peer-to-peer or overlay networking systems
• Telecommunications security engineering
• Defense, government, or other regulated environments

What Success Looks Like

• Secure overlays form automatically with minimal manual intervention
• Connectivity survives NAT, mobility, and unstable transports
• Cryptographic identity and trust are enforced consistently across the network
• Overlay behavior aligns cleanly with routing, SDN, and security policy