Trace Systems

Returning Candidate?

Network Infrastructure Engineer

Network Infrastructure Engineer

Job ID 
# of Openings 
Job Locations 
Posted Date 

More information about this job


Trace Systems, headquartered in Vienna, Virginia, was founded in 1999 to support and defend our nation's security interests at home and abroad–– whenever and wherever. We provide cybersecurity, intelligence, communications, networking and information technology services, systems, and solutions to the United States Department of Defense, Intelligence Community and Department of Homeland Security.


Job Title:  Network Infrastructure Engineer


Job Location: DC Metro


Security Clearance:  Interim TS.  Must meet IT-1 standards of SSBI.

Job Responsibilities

  • The Network Infrastructure Engineer will participate in the Information Assurance process by providing expertise to resolve computer security incidents and vulnerability compliance as it relates to networking (wireless and cabled) as well as assisting other teammates with networking issues that may arise at it relates to Information Assurance.
  • Network Infrastructure Engineer will provide expertise to resolve computer security incidents and vulnerabilities. 
  • Recommend best business practices and secure methodologies where required to maintain and/or improve the security posture of Information Systems (IS), the network, and remedy deficiencies. 
  • Verify Enterprise compliance through the following activities:  analysis of CCRI/SAV/ACAS results and POA&Ms; evaluation of mitigation efforts; identification of gaps; providing recommendations to address security deficiencies; tracking of POA&Ms to completion using Government provided tool, reporting of results and recommendations to senior leadership. and providing cybersecurity support for certification and accreditation. 
  • Recommend best business practices and secure methodologies where required to maintain or improve the security posture of Information Systems (IS) and the network and mitigate vulnerabilities.
  • Verify compliance of all network devices with DISA Security Technical Implement Guides (STIG’s) using Gov't provided tracking tool (reported as part of Site Compliance Report).
  • Provide expertise in assessing, documenting and reporting vulnerabilities due to evolving technologies (e.g. complexity of networks and systems, overlapping areas of responsibilities of complex networks, threat modeling). 
  • Provide security engineering services with recommendations throughout project lifecycles from inception of projects through initial and follow on accreditation. 
  • Provide technical expertise in implementing, applying, executing, and enforcing RMF standards, STIG or successor program standards. 
  • Provide input to the Risk Management Framework (RMF) process activities and related documentation (e.g., system lifecycle support plans, concept of operations, operational procedures, and maintenance training materials). 
  • Provide analysis and reports in support of the Compliance Assessment Program and DoD Risk Management Framework, which provides a comprehensive and quality security review and guidance throughout the lifecycle of networks.
  • Provide technical support for the review of internal processes, such as incident reporting and trouble ticket handling; recommend and document process improvements. 
  • Support the government in reviewing, verifying, and reporting findings for privileged level account requests utilizing ARAMP and ATCT. 
  • Audit, Review, coordinate, document, and provide recommendations for DoD and Army Ports, Protocols, and Services Management (PPSM) requests to the IAPM. 
  • Identify deviations from approved configurations within eMASS and document them. 
  • Collect, compile and report Information Assurance Vulnerability Management (IAVM) for unclassified and classified networks, devices and systems. 
  • Track site application of security patches for commercial products integrated into system design to meet the timelines dictated by the management authority for the intended operational environment and ensure compliance.

Minimum Qualifications

  • Minimum 10 years of experience with Network Engineering in a DOD environment.
  • Minimum 3 years of experience with Information Assurance programs for DOD networks including items such as: Enterprise Missions Assurance Support Service (eMASS), Assured Compliance Assessment Solution (ACAS), Continuous Monitoring and Risk Scoring (CMRS), and/or Ports / Protocols / Services Management Registry (PPSM).  CND experience (Protect, Detect, Respond and Sustain) within a Computer Incident Response organization.
  • Advanced understanding of TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth and common security elements.
  • Solid understanding of the operating concepts of Windows Server Operating Systems 2008 and higher in a federal government enterprise environment (Active Directory, DNS, DHCP)
  • Solid understanding of Windows Client Operating Systems, Windows XP and higher in a federal government enterprise environment
  • Experience with VOIP endpoints, network devices, and policies.
  • Ability to operate and configure CISCO Wireless Services Module (WISM2)
  • Ability to work with the WISM web interface and CLI.
  • Ability to draft, document, and interpret network configurations
  • Ability to operate and configure Cisco Wireless Access Points (WAPs)
  • Experience with 802.11 protocols, wireless devices and controllers.
  • Demonstrated ability to employ best business practices and secure methodologies to maintain and/or improve security posture of Information Systems, the network, and remedy deficiencies.
  • Experience verifying Enterprise compliance through analysis of CCRI/SAV/ACAS results, POA&M tracking, and analysis of mitigation efforts; report results, provide recommendations and risk assessment to senior leadership
  • Experience resolving computer security incidents and vulnerability compliance, assessing vulnerabilities due to evolving technologies, and security engineering services with recommendations throughout project lifecycles.
  • Demonstrated understanding of the life cycle of network threats, attacks, attack vectors and methods of exploitation with an understanding of intrusion set tactics, techniques and procedures (TTPs).
  • Experience and proficiency with any of the following: Network Boundaries, Anti-Virus, HIPS, ID/PS, Full Packet Capture, Host-Based Forensics, Network Forensics.
    Experience with malware analysis concepts and methods.

Desired Qualifications

  • CCNA required at minimum, CCNP strongly preferred.
  • CWNA or other wireless security certification strongly preferred.
  • Advanced certifications such as SANS GIAC/GCIA/GCIH, CISSP or CASP and/or SIEM-specific training and certification strongly preferred.

Security Clearance

  • Interim TS.  Must meet IT-1 standards of SSBI.


To Apply: We invite you to put your talents to work by joining a growing team of dynamic professionals here at Trace Systems! Be part of a culture at our leading edge company where you can achieve great things while fostering a satisfying and rewarding career progression. Please apply directly through the website at:      #jointracesystems


For any additional questions or to submit any referrals, please contact

Trace Systems is an Equal Opportunity and Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.


Connect With Us!

Not ready to apply? Connect with us for general consideration.