Senior Network Engineer SME - Service Delivery Security Clearance

Position: Senior Network Engineer SME - Service Delivery with Security Clearance
Job Title:

Senior Network Engineer SME - Service Delivery Job Category:
Information Technology Time Type:
Full time Minimum Clearance Required to Start: TS/SCI Employee Type:
Regular Percentage of

Travel Required:

Up to 25% Type of Travel:
Local *
*
* The Opportunity:

CACI is seeking a talented Senior Network Engineer SME who is quickly deployable to customer locations worldwide. As a member of the CACI Technical Service Delivery Team, you will be part of a global team of engineers supporting our customers remotely and/or at their premises during product deployment and operation phases of networking and network security products. You will be assisting with the design and deployment of secure communications architectures utilizing leading-edge IT technologies, with a particular emphasis on IPsec VPN solutions and Commercial Solutions for Classified (CSfC) implementations.

You will be responsible for deploying and troubleshooting IPsec-based VPN infrastructures supporting both site-to-site and remote access connectivity across classified and unclassified environments. You will implement CSfC-compliant solutions that leverage layered encryption to enable the secure transmission of classified information over customer infrastructure, ensuring compliance with NSA CSfC Capability Packages. You will also be isolating and analyzing complex networking issues and providing solutions working with OEM vendors and customer teams.

In this role, your team will be the technical implementation point of contact for our customers for all their service and deployment support needs as a subject matter expert in a high-impact and fast-paced environment. Ideal candidates should have excellent customer relationship skills with broad and solid networking knowledge to build a high-quality and long-lasting relationship with the customers and be the trusted technical advisor.

This position requires up to 25% travel to customer sites worldwide, including OCONUS locations. Responsibilities:
• Understand customer business and mission requirements and develop architecture and design documents for secure network solutions, including IPsec VPN topologies (hub-and-spoke, full-mesh, DMVPN, FlexVPN) and CSfC multi-vendor layered encryption architectures

• Design and document IPsec VPN solutions incorporating IKEv2 negotiation, ESP/AH encapsulation, perfect forward secrecy (PFS), and suite-B cryptographic algorithms (AES-256-GCM, SHA-384, ECDH P-384/P-521) in accordance with CNSA suite requirements

• Engineer CSfC solutions aligned with NSA Capability Packages (CPs), including Multi-Site Connectivity, Mobile Access, and Data at Rest, ensuring dual-layer encryption with inner and outer tunnel independence

• Develop and execute Proof of Concept and/or Deployment Acceptance test plans and test reports for CSfC implementations

• Develop implementation guides with configuration templates and deployment plans for customers deploying secure data center networking products

• Execute or assist customers in executing deployment plans for IPsec VPN infrastructures, including PKI/certificate-based authentication, RADIUS/TACACS+ integration, and centralized key management systems

• Deploy and configure CSfC solution components including inner layer encryption devices, outer layer VPN gateways, and associated key management infrastructure (KMI), ensuring compliance with CSfC registration and monitoring requirements

• Implement IPsec VPN solutions across multi-vendor environments (Cisco, Juniper, Palo Alto, Aruba, etc.), ensuring interoperability and adherence to RFC standards (RFC 7296, RFC 4303, RFC 4301)

• Configure and validate GRE-over-IPsec, VTI-based, and policy-based VPN tunnels supporting dynamic routing protocols (OSPF, BGP, EIGRP) over encrypted overlays

• Resolve complex technical issues as a product expert working with Customer Network Operation Center Engineers, as well as with OEM partner Escalation and Development Engineers

• Troubleshoot IPsec VPN connectivity issues including IKE Phase 1/Phase 2 negotiation failures, NAT-Traversal complications, MTU/fragmentation issues, and cryptographic mismatch conditions

• Diagnose CSfC solution…