Network Security Engineer - USCIS - Remote

JOB TITLE: Network Security Engineer
AGENCY SUPPORTED: Department of Homeland Security (DHS) - USCIS OIT Architecture Engineering Support (AES2)
LOCATION: Fully Remote
POSITION TYPE: Full-time
CLEARANCE REQUIREMENT: Must be able to obtain DHS Suitability security clearance, which typically requires 2-4 weeks for processing and must be completed prior to the start date.

ITC Federal is an information technology and consulting company focused on servicing the needs of the Federal Government. ITC's mission is to apply earned expertise in information technology and information assurance/security to assist this client in achieving its mission. ITC is located in Fairfax, VA and offers outstanding compensation and benefits plan and a challenging and rewarding professional work environment.

The project supports USCIS's Office of Information Technology by delivering enterprise IT architecture, engineering, and solution development services. The team partners across OIT to design, implement, and optimize leading-edge technologies-including cloud, network, Zero Trust architecture, automation, and AI/ML-using agile and DevOps practices. The work enables USCIS to modernize IT systems, enhance mission delivery, and support major enterprise initiatives such as digitization, cloud migration, and software-defined networking.

The Network Security Engineer is a hands-on technical contributor responsible for implementing, maintaining, and enhancing secure network solutions across USCIS hybrid, cloud, and remote-access environments. This role supports USCIS's evolving Zero Trust architecture by engineering and operating network security controls that enable a large, distributed workforce while ensuring the confidentiality, integrity, and availability of mission-critical systems.

The engineer will work closely with architects, operations teams, and stakeholders to deploy and optimize security technologies in accordance with DHS Directive 4300A, NIST 800-53, TIC 3.0, and industry best practices. This position requires strong practical experience with enterprise network security platforms, cloud networking, and modern security frameworks, with an emphasis on execution, troubleshooting, and continuous improvement rather than high-level strategy definition.

RESPONSIBILITIES:

Engineer, implement, and maintain network security controls across cloud, on-premises, and virtual environments in support of USCIS's Zero Trust framework.
• Support the development, enhancement, and operation of secure ingress and egress points in accordance with TIC 3.0 and subsequent requirements.
• Design, configure, and deploy network security technologies including next-generation firewalls, intrusion prevention systems (IPS), and proxy/reverse proxy services.
• Implement and support Secure Access Service Edge (SASE) and Zero Trust network access solutions to enable a large remote workforce, including teleworkers and geographically distributed teams.
• Audit firmware versions and configuration settings across SD-WAN, SDN, WAN, LAN, and cloud networking platforms to identify and remediate vulnerabilities.
• Review existing network and security configurations to identify gaps, risks, and compliance issues; recommend and implement corrective actions.
• Engineer and support Network Access Control (NAC) solutions to enforce device and user-based access policies.
• Orchestrate, automate, and enforce configuration standards and security policies using approved tools and processes.
• Support SaaS and IaaS service adoption by implementing secure network architectures and controls.
• Conduct threat, risk, and cost analyses for proposed network security changes, including new TIC boundary implementations.
• Collaborate with architects, operations teams, vendors, and stakeholders to ensure secure, scalable, and compliant network operations.
• Support compliance with DHS Directive 4300A, NIST SP 800-53, DoD STIGs, and DHS configuration guidance

REQUIRED:

• 7-10+ years of experience in network and cloud security engineering.
• Bachelor's degree in Computer Science, Information Systems, Engineering, or related field strongly preferred; Advanced degree, preferred.
• Demonstrated experience engineering and supporting enterprise network security solutions in hybrid cloud and on-premises environments.
• Hands-on experience with Zero Trust architectures and secure remote access solutions.
• Strong knowledge of next-generation firewalls, intrusion prevention systems, and network security policy enforcement.
• Hands-on experience with Cisco and Palo Alto network and security platforms.
• Experience with Secure Access Service Edge (SASE) implementations.
• Familiarity with Network Access Control (NAC) solutions.
• Experience implementing and supporting TIC 3.0-aligned network security services, including proxy and reverse proxy solutions.
• Working knowledge of SD-WAN, SDN, WAN, LAN, and cloud networking platforms.
• Experience auditing network devices and configurations to identify vulnerabilities and ensure compliance with security standards.
• Familiarity with DHS Directive 4300A, NIST SP 800-53, and industry best practices.
• Strong troubleshooting skills and ability to implement remediation in complex, multi-environment infrastructures.
• Ability to collaborate effectively with cross-functional teams and external vendors.
• Must be eligible to obtain DHS Suitability clearance.

DESIRED:

• Experience supporting large, distributed federal or enterprise environments.
• Automation experience for configuration management and policy enforcement.
• Prior experience supporting DHS, USCIS, or other federal government programs.

WORK ENVIRONMENT AND PHYSICAL DEMANDS: This position is fully remote. Candidates must have a dedicated workspace, reliable internet connectivity, and the ability to participate in virtual meetings and collaborate effectively with distributed teams.

ITC Federal is an equal opportunity employer and will not discriminate against any application for employment on the basis of age, race, color, gender, national origin, religion, creed, disability, veteran status, marital status, sexual orientation, genetic information, military status, disability, or sex including pregnancy and childbirth or related medical condition or on any other basis prohibited by law.