Lead Network Engineer

Job Summary: 

In the hands-on role of Senior Network Engineer, you will serve as the technical lead for enterprise and cloud networking, owning design, implementation, and operational reliability of DISA’s hybrid network across on‑premises data centers, Remote Offices, Microsoft Azure, and Amazon Web Services (AWS). This position includes coordination responsibility over a team of Network Engineers and NOC members, ensuring consistent execution of runbooks, change management, incident response, and project delivery. You will drive the shift to Infrastructure as Code (IaC) and automation for network and firewall changes, and you will play a key leadership role in Zero Trust Micro‑Segmentation (ZTM) initiatives, including segmentation, default‑deny policies, and hypercare to minimize business

disruption.  

Essential Functions: 

• Team coordination: plan and coordinate daily/weekly work for Network Engineers and NOC members; manage Network On-Call Rota, partner with Cloud Ops (Cloud Engineering Level 2 support). Assign and prioritize work across projects and operational queues; provide escalation support and mentoring.

• Service ownership & standards: own and continuously improve network services including firewalls, VPN, LAN/WAN, load balancing/SSL offload, centralized network management, and NOC operations; define standards, runbooks, and guardrails. 

• Hybrid & cloud networking (Azure/AWS): design and operate cloud network components (VNet/VPC, subnets, routing, security groups/NSGs, VPN/ExpressRoute/site‑to‑site connectivity) to support application migration and cloud landing zones. 

• Zero Trust Micro‑Segmentation (ZTM): lead segmentation and policy enforcement across on‑prem, Azure, and AWS; implement ‘default deny’ patterns; partner with application owners for traffic validation and testing; lead hypercare and post‑change stabilization. 

• Infrastructure as Code & automation: implement and maintain IaC for firewalls and cloud networks (e.g., Terraform and automation pipelines); use scripting/CLI tooling (PowerShell, AWS CLI) to reduce manual toil and configuration drift. 

• Change management & reliability: plan and execute changes through CAB/standard changes/emergency change processes; ensure pre‑change communication, post‑change testing, and hypercare; maintain audit‑ready documentation. 

• Manage all network devices, including Meraki, Palo Alto, Panorama, Citrix Netscaler, Cisco, and more. Responsible for DNS, VPN, WAN, and DNS. 

• Incident response: coordinate with NOC and stakeholders to triage, troubleshoot, and resolve incidents; ensure ServiceNow ticket quality (clear impact, source/destination, timestamps, evidence) and ensure lessons learned are captured. 

• Monitoring & logging: ensure network telemetry is available and actionable (syslog, flow logs, monitoring/diagnostics); improve alert quality, reduce noise, and ensure NOC has the visibility and access required for first response. 

• Vendor & lifecycle management: partner with vendors and internal teams on troubleshooting and upgrades; contribute to network hardware lifecycle planning, capacity, and licensing compliance. 

• Documentation: maintain accurate network diagrams, traffic flow documentation, routing rules, and operational procedures; ensure documentation is usable by both engineers and NOC operators. Develop AI managed network documentation. 

• Additional duties as assigned.   

Key Skills and Experience:  

• Bachelor’s degree in Computer Science, Information Systems, or a related field; an equivalent combination of education and relevant professional experience may be considered in lieu of a degree.

• 7+ years of enterprise network engineering experience across LAN/WAN, routing/switching, VPN, and network security.

• Advanced hands‑on expertise with Palo Alto firewalls and enterprise switching/wireless platforms (Cisco Meraki, Nexus, Arista, and other Cisco technologies).

• Proven ability to design, implement, and troubleshoot network segmentation and least‑privilege security architectures.

• Cloud networking experience in Azure and AWS, including VNet/VPC design, routing, NSGs/security groups, and hybrid connectivity (VPN, ExpressRoute).

• Proficiency with monitoring and logging platforms such as Nagios, LogicMonitor, SolarWinds, and Sumo Logic for performance analysis and troubleshooting.

• Experience implementing Infrastructure as Code (IaC) and automation, including Terraform, PowerShell/Python scripting, and CLI‑based workflows.

• Strong understanding of core networking protocols and technologies, including BGP, OSPF, HSRP/VRRP, IPsec, QoS, and OSI/TCP‑IP models.

• Operational excellence in change management, incident response, documentation, and cross‑team communication.

• Demonstrated leadership supporting small technical teams, including task coordination, mentoring, escalation handling, and quality control.