Parsons Corporation
Senior cryptographic embedded software developers
Parsons Corporation, Centreville, Virginia, United States, 22020
In a world of possibilities, pursue one with endless opportunities. Imagine Next!
When it comes to what you want in your career, if you can imagine it, you can do it at Parsons. Imagine a career working with exceptional people sharing a common quest. Imagine a workplace where you can be yourself. Where you can thrive. Where you can find your next, right now. We've got what you're looking for.
Job Description:
We are seeking an experienced
Senior Embedded Cryptographic Systems Engineer
to lead the development of advanced embedded cryptographic systems across three critical domains: NSA Type 1 high assurance cryptography, NSA Suite B commercial cryptographic solutions, and Commercial Solutions for Classified (CSfC) architectures. This role requires balanced expertise across classified and commercial cryptographic implementations, with deep knowledge of secure network protocol implementation from Layer 2 through application layers.
What You'll Be Doing:
Lead development of NSA Type 1 cryptographic equipment for TOP SECRET and compartmented information systems
Design tamper-evident and tamper-resistant cryptographic modules meeting FIPS 140-2 Level 4 requirements
Implement classified encryption algorithms and key management systems for national security applications
Develop secure communications equipment for military, intelligence, and diplomatic use
Ensure compliance with NSA Information Systems Security Manager (ISSM) requirements and TEMPEST standards
Design cryptographic systems for air-gapped networks and isolated secure environments
NSA Suite B Commercial Cryptography
Implement NSA Suite B algorithms (AES-128/192/256, RSA-2048/3072, ECDSA/ECDH P-256/P-384, SHA-256/384)
Develop and/or utilize FIPS 140-2 validated cryptographic modules for commercial and government unclassified systems
Design interoperable cryptographic solutions meeting NSA Commercial National Security Algorithm (CNSA) Suite requirements
Implement Suite B Profile for Transport Layer Security (TLS) and Internet Protocol Security (IPsec)
Develop cryptographic libraries optimized for both performance and security across multiple platforms
Create Suite B compliant Public Key Infrastructure (PKI) and certificate management systems
Commercial Solutions for Classified (CSfC) Architecture
Design and implement layered cryptographic solutions using commercial products to protect classified information
Develop CSfC-compliant network encryption solutions combining multiple independent cryptographic layers
Create CSfC VPN solutions using approved commercial cryptographic components
Implement CSfC mobile device solutions for classified communications in commercial environments
Design CSfC data-at-rest encryption systems with dual-layer protection schemes
Ensure CSfC solutions meet NSA protection requirements for classified information up to TOP SECRET
Comprehensive Network Protocol Security Implementation
Implement IEEE 802.1AE (MACsec) for Layer 2 encryption with hardware acceleration across Type 1, Suite B, and CSfC domains
Develop IEEE 802.1X port-based network access control with EAP-TLS, EAP-TTLS, and PEAP authentication methods
Implement IEEE 802.1Q VLAN tagging with cryptographic separation and secure VLAN hopping prevention
Develop IEEE 802.3 Ethernet security extensions and secure switch management protocols
Create Layer 2 tunneling protocols (L2TP, L2F) with appropriate cryptographic protection
Layer 3 Network Security
Implement comprehensive IPsec suites (ESP, AH, IKEv1/v2) with domain-appropriate algorithm selection
Develop secure routing protocols including OSPFv3 with authentication, BGPsec, and IS-IS security extensions
Design IP multicast security (Group Domain of Interpretation, GDOI) and secure IGMP implementations
Implement IPv6 security features including IPsec mandatory support and secure neighbor discovery
Develop ICMP security extensions and secure network diagnostics protocols
Create network address translation (NAT) traversal solutions maintaining cryptographic integrity
Application Layer Security Protocols
Implement secure DNS (DNSSEC, DNS-over-TLS, DNS-over-HTTPS, DNS-over-QUIC) across all domains
Specialized Network Security Protocols
Familiarity with High Assurance IP Encryptor (HAIPE) protocols for government networks
Develop secure tunneling protocols (OpenVPN, WireGuard, proprietary secure tunnels)
High-Performance Cryptographic Networking
Implement line-rate encryption for 1Gbps, 10Gbps, 40Gbps, and 100Gbps network interfaces
Develop cryptographic load balancing and traffic distribution mechanisms
Design network security appliances with hardware-accelerated cryptographic processing
Implement deep packet inspection (DPI) with cryptographic pattern matching
Create network security monitoring with encrypted traffic analysis capabilities
Develop high-availability cryptographic networking with seamless failover
Required Qualifications
Active TS/SCI security clearance
Eligibility for program-specific clearances and special access programs
Bachelor's degree in Electrical Engineering, Computer Engineering, Computer Science, or related field
8+ years of embedded systems development with security focus
6+ years hands-on experience with network protocol implementation and cryptographic integration
5+ years experience across at least two of: Type 1 cryptography, Suite B implementations, or CSfC solutions
3+ years experience with FIPS 140-2 validation processes across multiple assurance levels
Network Protocol Expertise
Expert-level knowledge of TCP/IP stack implementation from Layer 2 through Application layers
Hands-on experience implementing and troubleshooting complex network protocols
Deep understanding of network protocol security vulnerabilities and cryptographic countermeasures
Experience with network protocol analyzers (Wireshark, tcpdump) and network simulation tools
Proficiency with network programming APIs (BSD sockets, WinSock, raw sockets, packet capture libraries)
Balanced Technical Expertise
Expert proficiency in C/C++ for network stack development and cryptographic integration
Experience with network processor programming (Intel DPDK, Cavium OCTEON, Broadcom XGS)
Hands-on experience with hardware-accelerated cryptography (Intel QAT, Marvell/Cavium Nitrox, Broadcom SPU)
Knowledge of real-time operating systems (VxWorks, QNX, Linux-RT) for networking applications
Experience with FPGA development for custom network protocol processing
Domain-Specific Network Security Knowledge
Type 1
: Relevant protocols, COMSEC network requirements, secure tactical networking
Suite B
: Commercial VPN implementations, enterprise network security, PKI integration
CSfC
: Layered network security architectures, commercial network product integration
Standards & Compliance
Experience with network security standards (IEEE 802.1AE, RFC IPsec series, TLS RFCs)
Knowledge of government network security requirements (NIST 800-series, NSA network guidance)
Understanding of network protocol conformance testing and interoperability validation
Familiarity with network equipment certification processes (Common Criteria, FIPS validation)
What Desired Skills You'll Bring:
Master's degree with focus on network security or distributed systems
Experience with software-defined networking (SDN) and network function virtualization (NFV)
Knowledge of 5G network security architecture and network slicing security
Experience with satellite communication networks and secure space-based networking
Background in industrial control network security (ICS/SCADA protocols)
Experience with secure multicast protocols and group key management
Knowledge of secure routing protocols for mesh networks and ad-hoc networking
Experience with quantum key distribution (QKD) network integration
Background in secure time synchronization protocols (NTS, PTP security extensions)
Experience with high-frequency trading network security requirements
Knowledge of content delivery network (CDN) security implementations
Experience with distributed denial of service (DDoS) mitigation at network protocol level
Background in network traffic analysis and encrypted traffic classification
Experience with network security in virtualized and containerized environments
Security Clearance Requirement:
An active Top Secret SCI security clearance is required for this position.?
This position is part of our Federal Solutions team.
The Federal Solutions segment delivers resources to our US government customers that ensure the success of missions around the globe. Our intelligent employees drive the state of the art as they provide services and solutions in the areas of defense, security, intelligence, infrastructure, and environmental. We promote a culture of excellence and close-knit teams that take pride in delivering, protecting, and sustaining our nation's most critical assets, from Earth to cyberspace. Throughout the company, our people are anticipating what's next to deliver the solutions our customers need now.
Salary Range: $120,800.00 - $217,400.00
We value our employees and want our employees to take care of their overall wellbeing, which is why we offer best-in-class benefits such as medical, dental, vision, paid time off, 401(k), life insurance, flexible work schedules, and holidays to fit your busy lifestyle!
Parsons is an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, veteran status or any other protected status.
We truly invest and care about our employee's wellbeing and provide endless growth opportunities as the sky is the limit, so aim for the stars! Imagine next and join the Parsons quest-APPLY TODAY!
Parsons is aware of fraudulent recruitment practices. To learn more about recruitment fraud and how to report it, please refer to https://www.parsons.com/fraudulent-recruitment/ .
About Us
Parsons is a digitally enabled solutions provider focused on the defense, security, and infrastructure markets. With nearly 75 years of experience, Parsons is uniquely qualified to deliver cyber/converged security, technology-based intellectual property, and other innovative services to federal, regional, and local government agencies, as well as to private industrial customers worldwide.
Parsons is an equal opportunity, drug-free employer committed to diversity in the workplace. Minority/Female/Disabled/Protected Veteran/LGBTQ+.
For more about Parsons, visit parsons.com and follow us on Facebook, Twitter, LinkedIn, and YouTube.
When it comes to what you want in your career, if you can imagine it, you can do it at Parsons. Imagine a career working with exceptional people sharing a common quest. Imagine a workplace where you can be yourself. Where you can thrive. Where you can find your next, right now. We've got what you're looking for.
Job Description:
We are seeking an experienced
Senior Embedded Cryptographic Systems Engineer
to lead the development of advanced embedded cryptographic systems across three critical domains: NSA Type 1 high assurance cryptography, NSA Suite B commercial cryptographic solutions, and Commercial Solutions for Classified (CSfC) architectures. This role requires balanced expertise across classified and commercial cryptographic implementations, with deep knowledge of secure network protocol implementation from Layer 2 through application layers.
What You'll Be Doing:
Lead development of NSA Type 1 cryptographic equipment for TOP SECRET and compartmented information systems
Design tamper-evident and tamper-resistant cryptographic modules meeting FIPS 140-2 Level 4 requirements
Implement classified encryption algorithms and key management systems for national security applications
Develop secure communications equipment for military, intelligence, and diplomatic use
Ensure compliance with NSA Information Systems Security Manager (ISSM) requirements and TEMPEST standards
Design cryptographic systems for air-gapped networks and isolated secure environments
NSA Suite B Commercial Cryptography
Implement NSA Suite B algorithms (AES-128/192/256, RSA-2048/3072, ECDSA/ECDH P-256/P-384, SHA-256/384)
Develop and/or utilize FIPS 140-2 validated cryptographic modules for commercial and government unclassified systems
Design interoperable cryptographic solutions meeting NSA Commercial National Security Algorithm (CNSA) Suite requirements
Implement Suite B Profile for Transport Layer Security (TLS) and Internet Protocol Security (IPsec)
Develop cryptographic libraries optimized for both performance and security across multiple platforms
Create Suite B compliant Public Key Infrastructure (PKI) and certificate management systems
Commercial Solutions for Classified (CSfC) Architecture
Design and implement layered cryptographic solutions using commercial products to protect classified information
Develop CSfC-compliant network encryption solutions combining multiple independent cryptographic layers
Create CSfC VPN solutions using approved commercial cryptographic components
Implement CSfC mobile device solutions for classified communications in commercial environments
Design CSfC data-at-rest encryption systems with dual-layer protection schemes
Ensure CSfC solutions meet NSA protection requirements for classified information up to TOP SECRET
Comprehensive Network Protocol Security Implementation
Implement IEEE 802.1AE (MACsec) for Layer 2 encryption with hardware acceleration across Type 1, Suite B, and CSfC domains
Develop IEEE 802.1X port-based network access control with EAP-TLS, EAP-TTLS, and PEAP authentication methods
Implement IEEE 802.1Q VLAN tagging with cryptographic separation and secure VLAN hopping prevention
Develop IEEE 802.3 Ethernet security extensions and secure switch management protocols
Create Layer 2 tunneling protocols (L2TP, L2F) with appropriate cryptographic protection
Layer 3 Network Security
Implement comprehensive IPsec suites (ESP, AH, IKEv1/v2) with domain-appropriate algorithm selection
Develop secure routing protocols including OSPFv3 with authentication, BGPsec, and IS-IS security extensions
Design IP multicast security (Group Domain of Interpretation, GDOI) and secure IGMP implementations
Implement IPv6 security features including IPsec mandatory support and secure neighbor discovery
Develop ICMP security extensions and secure network diagnostics protocols
Create network address translation (NAT) traversal solutions maintaining cryptographic integrity
Application Layer Security Protocols
Implement secure DNS (DNSSEC, DNS-over-TLS, DNS-over-HTTPS, DNS-over-QUIC) across all domains
Specialized Network Security Protocols
Familiarity with High Assurance IP Encryptor (HAIPE) protocols for government networks
Develop secure tunneling protocols (OpenVPN, WireGuard, proprietary secure tunnels)
High-Performance Cryptographic Networking
Implement line-rate encryption for 1Gbps, 10Gbps, 40Gbps, and 100Gbps network interfaces
Develop cryptographic load balancing and traffic distribution mechanisms
Design network security appliances with hardware-accelerated cryptographic processing
Implement deep packet inspection (DPI) with cryptographic pattern matching
Create network security monitoring with encrypted traffic analysis capabilities
Develop high-availability cryptographic networking with seamless failover
Required Qualifications
Active TS/SCI security clearance
Eligibility for program-specific clearances and special access programs
Bachelor's degree in Electrical Engineering, Computer Engineering, Computer Science, or related field
8+ years of embedded systems development with security focus
6+ years hands-on experience with network protocol implementation and cryptographic integration
5+ years experience across at least two of: Type 1 cryptography, Suite B implementations, or CSfC solutions
3+ years experience with FIPS 140-2 validation processes across multiple assurance levels
Network Protocol Expertise
Expert-level knowledge of TCP/IP stack implementation from Layer 2 through Application layers
Hands-on experience implementing and troubleshooting complex network protocols
Deep understanding of network protocol security vulnerabilities and cryptographic countermeasures
Experience with network protocol analyzers (Wireshark, tcpdump) and network simulation tools
Proficiency with network programming APIs (BSD sockets, WinSock, raw sockets, packet capture libraries)
Balanced Technical Expertise
Expert proficiency in C/C++ for network stack development and cryptographic integration
Experience with network processor programming (Intel DPDK, Cavium OCTEON, Broadcom XGS)
Hands-on experience with hardware-accelerated cryptography (Intel QAT, Marvell/Cavium Nitrox, Broadcom SPU)
Knowledge of real-time operating systems (VxWorks, QNX, Linux-RT) for networking applications
Experience with FPGA development for custom network protocol processing
Domain-Specific Network Security Knowledge
Type 1
: Relevant protocols, COMSEC network requirements, secure tactical networking
Suite B
: Commercial VPN implementations, enterprise network security, PKI integration
CSfC
: Layered network security architectures, commercial network product integration
Standards & Compliance
Experience with network security standards (IEEE 802.1AE, RFC IPsec series, TLS RFCs)
Knowledge of government network security requirements (NIST 800-series, NSA network guidance)
Understanding of network protocol conformance testing and interoperability validation
Familiarity with network equipment certification processes (Common Criteria, FIPS validation)
What Desired Skills You'll Bring:
Master's degree with focus on network security or distributed systems
Experience with software-defined networking (SDN) and network function virtualization (NFV)
Knowledge of 5G network security architecture and network slicing security
Experience with satellite communication networks and secure space-based networking
Background in industrial control network security (ICS/SCADA protocols)
Experience with secure multicast protocols and group key management
Knowledge of secure routing protocols for mesh networks and ad-hoc networking
Experience with quantum key distribution (QKD) network integration
Background in secure time synchronization protocols (NTS, PTP security extensions)
Experience with high-frequency trading network security requirements
Knowledge of content delivery network (CDN) security implementations
Experience with distributed denial of service (DDoS) mitigation at network protocol level
Background in network traffic analysis and encrypted traffic classification
Experience with network security in virtualized and containerized environments
Security Clearance Requirement:
An active Top Secret SCI security clearance is required for this position.?
This position is part of our Federal Solutions team.
The Federal Solutions segment delivers resources to our US government customers that ensure the success of missions around the globe. Our intelligent employees drive the state of the art as they provide services and solutions in the areas of defense, security, intelligence, infrastructure, and environmental. We promote a culture of excellence and close-knit teams that take pride in delivering, protecting, and sustaining our nation's most critical assets, from Earth to cyberspace. Throughout the company, our people are anticipating what's next to deliver the solutions our customers need now.
Salary Range: $120,800.00 - $217,400.00
We value our employees and want our employees to take care of their overall wellbeing, which is why we offer best-in-class benefits such as medical, dental, vision, paid time off, 401(k), life insurance, flexible work schedules, and holidays to fit your busy lifestyle!
Parsons is an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, veteran status or any other protected status.
We truly invest and care about our employee's wellbeing and provide endless growth opportunities as the sky is the limit, so aim for the stars! Imagine next and join the Parsons quest-APPLY TODAY!
Parsons is aware of fraudulent recruitment practices. To learn more about recruitment fraud and how to report it, please refer to https://www.parsons.com/fraudulent-recruitment/ .
About Us
Parsons is a digitally enabled solutions provider focused on the defense, security, and infrastructure markets. With nearly 75 years of experience, Parsons is uniquely qualified to deliver cyber/converged security, technology-based intellectual property, and other innovative services to federal, regional, and local government agencies, as well as to private industrial customers worldwide.
Parsons is an equal opportunity, drug-free employer committed to diversity in the workplace. Minority/Female/Disabled/Protected Veteran/LGBTQ+.
For more about Parsons, visit parsons.com and follow us on Facebook, Twitter, LinkedIn, and YouTube.