Network Security Engineer

job summary:

Design, implement, and enforce comprehensive network and security architectures for mission-critical radio, data, and monitoring systems. This position will develop and maintain security standards and technical controls directly aligned with NIST SP 800-171 and CMMC Level 2 requirements to ensure protection of Controlled Unclassified Information (CUI). As a Network Security Engineer, you'll collaborate with network and system architects to embed security throughout the full system lifecycle, from design and segmentation to identity management, remote access, and incident response. This role is hybrid, based out of Irving, TX.

location: Irving, Texas

job type: Permanent

salary: $130,000 - 140,000 per year

work hours: 8am to 5pm

education: Bachelors



responsibilities:

Security Architecture & Compliance

• Define, document, and maintain comprehensive network security standards mapped to NIST SP 800-171 and CMMC Level 2 controls.
• Collaborate with architects to incorporate security in every design, emphasizing segmentation and isolation of CUI assets.
• Design, test, and maintain network-level controls supporting Identification & Authentication (IA) and System & Communications Protection (SC) families.
• Contribute technical content to the System Security Plan (SSP), Plan of Action and Milestones (POA&M), and compliance evidence packages.
• Enforce configuration management and formal change-control processes to maintain baseline compliance.
• Perform security impact assessments on proposed design changes, ensuring traceability to CMMC requirements.

Identity & Access Management (IAM)

• Design and deploy centralized LDAP for directory services and user authentication.
• Design, implement, and administer TACACS+ for AAA control across routers, switches, and radio controllers.
• Configure and manage Multi-Factor Authentication (MFA) for privileged and remote accounts (CMMC IA.L2-3.5.3).
• Ensure unique identification and authentication of all users and devices (CMMC IA.L2-3.5.1).
• Integrate IAM systems with centralized logging and SIEM tools to support audit and traceability requirements.

Network Security Services Implementation

• Design, configure, and deploy Remote Access VPNs and IPSec site-to-site tunnels for secure connectivity, ensuring encryption of CUI in transit.
• Configure, deploy, and manage Next-Generation Firewalls (NGFWs) to enforce zone-based policies and control traffic between segmented network zones.
• Implement and tune Intrusion Prevention Systems (IPS) to detect and block malicious traffic in real time.
• Run regular vulnerability assessments and penetration tests; prioritize remediation actions that impact CMMC compliance.
• Integrate firewall, VPN, and IPS logs with centralized SIEM systems; conduct Root Cause Analysis (RCA) for network or IAM-related security incidents.
• Act as Tier 2/Tier 3 escalation for the Security Operations Center (SOC).

CUI Data Handling & Protection

• Ensure CUI is encrypted in transit and at rest using approved algorithms and key management standards.
• Implement network segmentation, VLAN isolation, and access-controlled zones to separate CUI from non-CUI traffic.
• Configure syslog, NTP, SNMPv3, and TLS securely for audit traceability and time-correlated event tracking.
• Enforce least-privilege access for CUI repositories and verify logging for all privileged actions.
• Conduct quarterly configuration audits and evidence collection in support of the corporate CMMC compliance program.
• Operational Security & Monitoring
• Maintain configuration baselines and perform periodic compliance checks on all network-security devices.
• Automate log collection and configuration integrity validation using secure scripting methods.
• Maintain network documentation, change-management records, and segmentation diagrams.
• Provide support for field deployments, system upgrades, and on-site network hardening activities.
• Assist with tabletop exercises, incident response drills, and after-action reviews.

Collaboration & Continuous Improvement

• Partner with network and system engineering teams to embed secure-by-design principles into radio network infrastructure and analyzer platforms.
• Mentor junior engineers through scheduled security and compliance training sessions.
• Coordinate with software and system teams to ensure servers, databases, and applications meet hardened configuration baselines.
• Contribute to internal Security Program Initiative, ensuring continuous improvement and measurable compliance progress.
• Recommend new tools, automation frameworks, and monitoring solutions to improve efficiency and visibility.

qualifications:

Bachelor's Degree in Cybersecurity, Computer Science, Engineering Technology, or a related discipline;

Cisco CCNP Security, CISSP, CompTIA CySA+, or CISM preferred.

Experience implementing security controls aligned to NIST SP 800-171 and CMMC Level 2.

Hands-on experience with firewalls, VPNs, IPS, AAA, and logging systems.

Familiarity with Linux security hardening, log analysis, and automation scripting (Python, Bash, Ansible).

Experience conducting packet analysis and forensics (Wireshark, Zeek, Suricata).

What We're Looking For:

Advanced technical capacity in network and security engineering.

Strong written and verbal communication skills.

Demonstrated analytical, diagnostic, and problem-solving ability.

Experience with Windows and Linux administration.

Rapid learning aptitude for new tools and methods.

Proficiency with scripting, configuration management, and SIEM integration.

In-depth understanding of TCP/IP, UDP, SNMPv3, SSL/TLS, IPSec, and 802.1X. P25, DFSI+, and SIP preferred.

Equal Opportunity Employer: Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status.

At Randstad Digital, we welcome people of all abilities and want to ensure that our hiring and interview process meets the needs of all applicants. If you require a reasonable accommodation to make your application or interview experience a great one, please contact

Pay offered to a successful candidate will be based on several factors including the candidate's education, work experience, work location, specific job duties, certifications, etc. In addition, Randstad Digital offers a comprehensive benefits package, including: medical, prescription, dental, vision, AD&D, and life insurance offerings, short-term disability, and a 401K plan (all benefits are based on eligibility).

This posting is open for thirty (30) days.