Duties and Responsibilities: CACI has an opening for a Network Engineer, Lead in our Norfolk, VA location to support the Naval Facilities Command (NAVFAC) Engineering Team. The selected candidate will be responsible to architect, build, test and implement newly procured firewalls and Intrusion Prevention Systems (IPS) the Industrial Control System Platform Enclave (ICS-PE) under the Technical Direction of the NAVFAC Technical Lead. Individual will provide engineering expertise to include: Responsible for development of automated security policies, CISCO Access Controls Lists (ACL), signatures selection, configuration, documentation, monitoring, tuning and day-to-day change management of all of the dedicated firewalls and IPS Cisco equipment. Design, build, maintenance, operations and communications activities related to the ICS-PE information security infrastructure. Perform systems analysis, data analysis, scheduled vulnerability assessments, and any assigned security monitoring, Research of new and existing security technologies such as hardware, software or data networking Develop required documentation, design diagrams, inspection reports, user validation spreadsheets, checklists or update the same following system modifications or other change. Responsible for supporting the full engineering lifecycle to include; the ability to work with customers to determine network requirements, write system requirement documents, and develop design solutions (physical and logical) that are in compliance with best engineering practices, standards, and guidelines, implementing and testing the solution to ensure compliance with customer requirements for network security (e.g.; ACL‘s, IPSec Tunnels (site to site), Cisco ASA‘s, port security, etc.). Perform (advanced level) configuration, testing, and troubleshooting of IP network infrastructure. Recommend network design changes/enhancements for improved network security. Ability to perform (advanced level) configuration, testing, and troubleshooting of IP network infrastructure. Troubleshoot technical issues related to information Assurance (IA) compliance. Adherence to technical guidance and quality standards, as communicated by the NAVFAC Technical Lead. Attend technical, project, and status meetings. Provide percent complete, level of effort and duration information to the Project Management Staff weekly Raise roadblocks and technical issues for resolution to the Space and Naval Warfare Systems Command (SPAWAR) Project Manager and NAVFAC Technical Lead. Collaborate with other System Administrators on build and fielding teams to ensure system continuity in building and fielding the ICS-PE. Perform gap analysis with Cisco infrastructure and routers of current vs. previous STIGs and hardening guidance, enumerate and document conflicts. Required Qualifications: Typically requires a bachelor's degree or equivalent and seven to nine years of related experience. Current Secret security clearance. Strong knowledge of Virtual LAN‘s and Trunking (VLAN‘s); Network Security (ACL‘s, IPSec Tunnels), Cisco ASA‘s (Security Appliances) and how to properly implement these technologies. Experience with design, build, test, integration, and operation of Cisco ASA 55xx Series ASAs, including IPS modules for ASA. Demonstrated ability to work on complex technical problems, analyzing, evaluating, and recommending best practice methods and processes. Familiarity with complete system development life cycle from requirements gathering to design, testing, implementation and configuration management. Working knowledge of scanning/penetration tools, network firewall technologies, and/or computer systems analysis. Proven ability to work successfully with technical and non-technical groups, participate effectively on teams, and manage multiple responsibilities. Strong working knowledge of DoD Security Technical Implementation Guide (STIG) and Checklists. Strong operational experience with configuring/troubleshooting routers, switches, firewalls and VPNs. Strong CISCO experience Working Knowledge of Microsoft Windows Workstation and Server Operating Systems. Excellent organization and communication skills. Must have current Information Assurance (IA) Technical Level II (i.e. GSEC, Security+ and enrolled in Continuing Education (CE) Program, SCNP, SSCP) certification IAW DoDD 8570 Information Assurance Training, Certification, and Workforce Management and DoD 8570.01-M, Information Assurance Workforce Improvement Program. Requires that candidate has an active DoD Secret security clearance. Completion of the SPAWAR IA training - Cyber Awareness Challenge DoD version. Desired Qualifications: Cisco Certified Networking Professional (CCNP) would be preferred, but will consider Cisco Certified Network Associate (CCNA) with recent experience. Navy experience would be a plus. Company Description: CACI employs a diverse range of talent to create an environment that fuels innovation and fosters continuous improvement and success. Join CACI, where you will have the opportunity to make an immediate impact by providing information solutions and services in support of national security missions and government transformation for Intelligence, Defense, and Federal Civilian clients. A member of the Fortune 1000 Largest Companies and the Russell 2000 Index, CACI provides dynamic careers for approximately 15,000 employees working in over 120 offices worldwide. CACI is an Equal Opportunity Employer - Females/Minorities/Protected Veterans/Individuals with Disabilities.This job description summarizes the main duties of the job. It neither prescribes nor restricts the exact tasks that may be assigned to carry out these duties. This document should not be construed in any way to represent a contract of employment. Management reserves the right to review and revise this document at any time. POSITION SUMMARY: As an emerging expert, evaluates, designs, documents, installs, implements, tests, performs problem isolation and resolution, monitors, tunes, and sets standards. Maintains a complex range of computer network components and systems. Provide team leadership to less experienced engineers. Assists in internal training programs. Works with other network professionals as directed or as needed to coordinate efforts, resolve cross-team issues and communicate changes. RESPONSIBILITIES: Identifies, assesses, and develops detailed requirements for upgrading networks as well as re-architecting network segments in order to facilitate new requirements, technologies and growth. Provides client consulting and training on the interfacing and use of the network facilities. Plans and leads computer network initiatives. Researches, evaluates, and recommends new computer network equipment and technologies. Analyzes current products and recommends changes/upgrades to senior management. Collaborates with other technical staff and management in the testing of new software and network technologies. Utilizes monitoring, performance analysis, network management, software and hardware equipment to trouble shoot and isolate problems, gauge network performance, and trace data and protocol activity. Maintains timely and complete documentation of all daily and project work, using standard methods and procedures. Devises solutions to complex operational problems within the capacity and operational limitations of installed equipment. Develops and executes contingency plans for network software and hardware failures including isolated and major outages. Diagnoses and repairs problems in a manner that prevents future errors and problems. Provides internal consulting, technical guidance, information and support to application developers, computer operations, workstation support, company management and departmental clients. Keeps abreast of relevant technologies and maintains selected technical certifications. EDUCATION & EXPERIENCE: Typically requires bachelor‘s degree or equivalent, and seven to nine years of related (telecommunication analysis) experience. PHYSICAL DEMANDS: Normal demands associated with an office environment. Ability to work on computer for long periods, and communicate with individuals by telephone, email and face to face. Some travel may be required.