The Digital Modernization Sector at Leidos currently has an opening for a Cyber Network Engineer to work in our Lorton, VA office. This is an exciting opportunity to use your experience helping the Homeland Enterprise Information Technology Secure Services & Support (HEITS) Program contracted mission. In this mission we support the Department of Homeland Security to deliver cybersecurity and information assurance services.
Primary Responsibilities
The Network Engineer (with a strong security background) is responsible for designing, implementing, and maintaining secure, highly available network infrastructure in support of the Department of Homeland Security. This role blends traditional network engineering (routing, switching, wireless, WAN) with hands-on security responsibilities, including firewall management, VPN design, network segmentation, and support for vulnerability management and compliance activities.
The ideal candidate has deep experience with Cisco-based enterprise networking and Palo Alto next-generation firewalls, is comfortable in complex, mission-critical environments, and collaborates closely with cybersecurity, systems engineering, and operations teams.
Implement and maintain secure network architectures (e.g., segmentation, zoning, DMZs, zero-trust-aligned designs) in accordance with organizational policies and industry best practices.
Support vulnerability management efforts by assisting with scans, reviewing network-related findings, and implementing remediation (e.g., ACL changes, firewall rule updates, network device patching).
Monitor network performance, availability, and security using enterprise monitoring tools; identify and resolve issues proactively.
Create and maintain network documentation, including diagrams, IP address management, configuration baselines, and SOPs.
Collaborate with cybersecurity, systems, and application teams to ensure network designs support security, performance, and scalability requirements.
Participate in incident response activities involving network components (e.g., traffic captures, log analysis, isolation/containment actions).
Assist with audits and compliance activities by providing network configurations, evidence, and technical explanations as needed.
Maintain all Body of Evidence (BOE) documentation for which they are the prime author for the duration of the contract. The Contractor shall update the documentation to correspond with product updates released in response to software updates and patches. The Contractor shall document all changes to the security posture of the system and provide those documents to the government for review and approval.
Basic Qualifications
Bachelor’s degree in Information Technology, Computer Science, Engineering, or related field and 8+ years of experience; or additional equivalent combination of education and experience may be considered in lieu of a degree.
US Citizen, An active TS/SCI security clearance is required.
5–8+ years of hands-on experience as a Network Engineer (or similar role) supporting enterprise networks.
Strong experience with Cisco routing and switching (e.g., BGP, OSPF, EIGRP, VLANs, STP, EtherChannel, QoS) in medium-to-large enterprise environments.
Demonstrated experience managing Palo Alto next-generation firewalls (including security policies, NAT, VPNs, and Panorama) and Cisco firewall/VPN solutions (e.g., ASA, Firepower).
Solid understanding of network security concepts: segmentation, least privilege, zero trust principles, IDS/IPS, NAC, and secure remote access.
Familiarity with vulnerability management tools and processes, and the ability to interpret and act on scan results related to network devices.
Experience with network monitoring and logging tools (e.g., SolarWinds, Splunk, ELK, or similar).
Strong troubleshooting skills across OSI layers 1–7, including packet capture and analysis (e.g., Wireshark).
Excellent written and verbal communication skills, with the ability to document and explain complex technical topics to both technical and non-technical stakeholders.
Preferred Qualifications
Current industry certifications such as Cisco CCNA/CCNP, Palo Alto PCNSA/PCNSE, Network+, Security+, CySA+, CISSP, or equivalent.
Experience working in regulated or compliance-driven environments (e.g., FISMA, FedRAMP, NIST 800-53, HIPAA, PCI-DSS, etc.).
Experience supporting hybrid or cloud environments (e.g., AWS, Azure, GCP) including cloud networking and security services (VPCs, security groups, transit gateways, etc.).
Experience with automation and scripting for network tasks (e.g., Python, Ansible, PowerShell).
Experience with Zero Trust architecture and modern identity-centric security models.
If you're looking for comfort, keep scrolling. At Leidos, we outthink, outbuild, and outpace the status quo — because the mission demands it. We're not hiring followers. We're recruiting the ones who disrupt, provoke, and refuse to fail. Step 10 is ancient history. We're already at step 30 — and moving faster than anyone else dares.
For U.S. Positions: While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.
The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.