CACI has an opening for a Network Engineer, Lead in our Norfolk, VA location to support the Naval Facilities Command (NAVFAC) Engineering Team. The selected candidate will be responsible to architect, build, configure, test and implement newly procured firewalls and Intrusion Prevention Systems (IPS). You will be supporting the Control System Platform Enclave (CSPE), Navy Utilities Management Control System (NUMCS) and SMARTGRID deployment under the Technical Direction of the NAVFAC Technical Lead. Individual will provide engineering expertise to include: Responsible for development of automated security policies, CISCO Access Controls Lists (ACL), signatures selection, configuration, documentation, monitoring, tuning and day-to-day change management of all of the dedicated firewalls and IPS Cisco equipment. Design, build, maintenance, operations and communications activities related to the CSPE/NUMCS information security infrastructure. Perform systems analysis, data analysis, scheduled vulnerability assessments, and any assigned security monitoring, Research of new and existing security technologies such as hardware, software or data networking. Develop required documentation, design diagrams, inspection reports, user validation spreadsheets, checklists or update the same following system modifications or other change. Responsible for supporting the full engineering lifecycle to include; the ability to work with customers to determine network requirements, write system requirement documents, and develop design solutions (physical and logical) that are in compliance with best engineering practices, standards, and guidelines, implementing and testing the solution to ensure compliance with customer requirements for network security (e.g.; ACL's, IPSec Tunnels (site to site), Cisco ASA's, port security, etc.). Perform (advanced level) configuration, testing, and troubleshooting of IP network infrastructure. Recommend network design changes/enhancements for improved network security. Ability to perform (advanced level) configuration, testing, and troubleshooting of IP network infrastructure. Troubleshoot technical issues related to information Assurance (IA) compliance. Adherence to technical guidance and quality standards, as communicated by the NAVFAC Technical Lead. Attend technical, project, and status meetings. Provide percent complete, level of effort and duration information to the Project Management Staff weekly Raise roadblocks and technical issues for resolution to the Space and Naval Warfare Systems Command (SPAWAR) Project Manager and NAVFAC Technical Lead. Collaborate with other System Administrators on build and fielding teams to ensure system continuity in building and fielding the CSPE/NUMCS. Perform gap analysis with Cisco infrastructure and routers of current vs. previous STIGs and hardening guidance, enumerate and document conflicts Required Qualifications: Typically requires a bachelor's degree or equivalent and seven to nine years of related experience. Current Secret security clearance. Strong knowledge of Virtual LAN's and Trunking (VLAN's); Network Security (ACL's, IPSec Tunnels), Cisco ASA's (Security Appliances) and how to properly implement these technologies. Experience with design, build, test, integration, and operation of Cisco ASA 55xx Series ASAs, including IPS modules for ASA. Demonstrated ability to work on complex technical problems, analyzing, evaluating, and recommending best practice methods and processes. Familiarity with complete system development life cycle from requirements gathering to design, testing, implementation and configuration management. Working knowledge of scanning/penetration tools, network firewall technologies, and/or computer systems analysis. Proven ability to work successfully with technical and non-technical groups, participate effectively on teams, and manage multiple responsibilities. Strong working knowledge of DoD Security Technical Implementation Guide (STIG) and Checklists. Strong operational experience with configuring/troubleshooting routers, switches, firewalls and VPNs. Strong CISCO experience Working Knowledge of Microsoft Windows Workstation and Server Operating Systems. Excellent organization and communication skills. Must have current Information Assurance (IA) Technical Level II (i.e. GSEC, Security+ and enrolled in Continuing Education (CE) Program, SCNP, SSCP) certification IAW DoDD 8570 Information Assurance Training, Certification, and Workforce Management and DoD 8570.01-M, Information Assurance Workforce Improvement Program. Requires that candidate has an active DoD Secret security clearance. Completion of the SPAWAR IA training - Cyber Awareness Challenge DoD version upon hire. Desired Qualifications: Cisco Certified Networking Professional (CCNP) would be preferred, but will consider Cisco Certified Network Associate (CCNA) with recent experience. Experience with SMARTGRID technologies would be a significant plus.