Job Description

Harmonia Holdings Group, LLC is an award-winning, rapidly growing federal government contractor committed to providing innovative, high-performing solutions to our government clients and focused on fostering a workplace that encourages growth, initiative, creativity, and employee satisfaction.

SME Network Engineer

Location: Lorton, VA (22079)

Citizenship: U.S. Citizen (required for access to DHS IT systems)

Clearance: Must be able to obtain and maintain DHS/ICE Fitness Determination (Public Trust), including a favorable preliminary Fitness and full NBIS eAPP investigation (SF-85P, OF-306, SSA-89, fingerprints, PREA questionnaire if required)

Schedule: Full-time; business hours (7:00–5:30, M–F) with required 24/7 on-call availability

Hybrid Work: Lorton, VA roles may telework up to 2 days per week; 3 days onsite required (subject to mission needs)

Travel: Occasional CONUS travel; local travel within 50 miles is not reimbursable

Role Overview

Harmonia Holdings Group is seeking an experienced SME Network Engineer to support DHS ICE Homeland Security Investigations (HSI) Title III and Linguists Unit (T3LU) under the CALEA program.

This role provides hands-on leadership across all network engineering functions , including architecture, routing, switching, firewall engineering, VPN and PKI integration, segmentation design, troubleshooting, and IA/accreditation-grade documentation. The SME ensures the integrity, resilience, and performance of mission-critical CALEA networks and collaborates closely with Systems, Virtualization, Storage, and Field Engineering teams to ensure end-to-end operational success.

This position supports DHS’s mission while contributing to Harmonia’s overarching goals: delivering premier technology services, driving mission-focused innovation, sustaining organizational excellence, and being an employer of choice for skilled professionals.

Responsibilities

Network Architecture & Design

• Design, document, and maintain CALEA network architecture, including:
• Layer 2/Layer 3 topology
• IP address schema and subnetting
• VLAN/VRF segmentation
• Routing design (OSPF, BGP, EIGRP, static routing)
• Firewall zoning, NAT policies, and security segmentation
• VPN tunnels, encrypted transport paths, and PKI integrations
• COOP/DR network routing and failover paths
• Produce and maintain authoritative network diagrams, data flows, trust boundaries, and configuration baselines.
• Evaluate, recommend, and implement enhancements to improve security, availability, and performance.

Network Operations & Troubleshooting

• Serve as the primary network engineer for diagnosing, resolving, and preventing outages across the CALEA enterprise.
• Perform packet-level analysis (Wireshark/tcpdump), flow analysis, and log correlation to identify and remediate issues.
• Lead network upgrades, configuration changes, ACL/policy adjustments, and planned maintenance.
• Monitor network performance and availability; tune routing, firewall, and VPN parameters as needed.

Firewall, Security & Accreditation Support

• Engineer and maintain firewall policies and segmentation (Palo Alto preferred; Fortinet/Cisco ASA experience acceptable).
• Support security hardening, vulnerability remediation, and IA/ATO documentation requirements.
• Produce accreditation-ready artifacts, including boundary diagrams, data-flow representations, rule documentation, and enclave segmentation maps.
• Collaborate with ISSO and security teams to address findings and strengthen compliance posture.

Interoperability & Cross-Domain Integration

• Document and support network dependencies across Active Directory, DNS/DHCP, VMware/vSphere, SAN/iSCSI/NFS storage, and application tiers.
• Validate end-to-end system functionality after network changes.
• Partner with Systems, Virtualization, Storage, and Field SMEs to maintain seamless operations across CALEA sites.

COOP/DR & Lab Engineering

• Contribute to COOP/DR planning, design, and testing to ensure high availability and rapid failover capabilities.
• Support lab environment setup for replication, patch validation, and network simulation.

Documentation & Mission Coordination

• Maintain technical documentation, diagrams, IP plans, SOPs, and configuration repositories.
• Coordinate with Harmonia and ICE technical leads to resolve issues, support field operations, and sustain mission readiness.

Required Qualifications

• Bachelor’s degree in IT, Engineering, or related field OR +5 years equivalent experience.
• 10+ years of enterprise network engineering experience with increasing responsibility.

Technical Proficiency

• Deep hands-on experience with:
• Cisco routing/switching (3k–9k platforms)
• Palo Alto or Fortinet firewalls and policy design
• VPN architecture, IPsec tunneling, PKI integration
• Network segmentation using VLANs, VRFs, and security zones
• Packet capture and analysis
• Network monitoring and telemetry tools (SolarWinds, NetFlow, Splunk, etc.)
• Demonstrated ability to produce complete network diagrams and architecture documentation based solely on device configuration, logs, and analysis.
• Strong understanding of cross-domain interactions (DNS, AD, VMware networking, SAN connectivity).

Preferred Certifications

• CCNA, CCNP Enterprise, or CCNP Security
• PCNSE
• Fortinet NSE4/NSE5
• CCIE-level competency (or equivalent expertise)

Additional certifications may be required after hire and must be obtained within designated timelines.

Professional Competencies

• Excellent communication skills with both technical and non-technical stakeholders.
• Proven ability to work independently in high-pressure, mission-critical environments.
• Strong analytical, investigative, and documentation skills.

Preferred Experience

• Experience supporting federal law enforcement IT systems or CALEA-aligned mission operations.
• Hands-on participation in COOP/DR architecture or failover site execution.
• Experience with VPN transitions, network segmentation, and multi-site resiliency.
• Familiarity with Kubernetes/container environments (e.g., JSI platforms).
• Experience supporting 24/7 high-availability operations.

Soft Skills

• Strong initiative and attention to detail.
• Adaptability to evolving mission requirements and operational tempo.
• Collaborative approach with technical teams, vendors, and government partners.
• Alignment with Harmonia’s principles of excellence, collaboration, curiosity, and integrity.

Physical Demands / Work Environment

• Must regularly lift/move up to 50 lbs.; occasionally up to 80 lbs. using a hand truck or lift cart.
• Requires standing, kneeling, crouching, and navigating server-room environments.
• Normal vision and hearing required; moderate server-room noise.

Job Tags

Similar Jobs