SME Network Engineer Job at Harmonia Holdings Group, LLC in Lorton
Harmonia Holdings Group, LLC, Lorton, VA, United States
Harmonia Holdings Group, LLC is an award-winning, rapidly growing federal government contractor committed to providing innovative, high-performing solutions to our government clients and focused on fostering a workplace that encourages growth, initiative, creativity, and employee satisfaction.
SME Network Engineer
Location: Lorton, VA (22079)
Citizenship: U.S. Citizen (required for access to DHS IT systems)
Clearance: Must be able to obtain and maintain DHS/ICE Fitness Determination (Public Trust), including favorable preliminary Fitness and full NBIS eAPP investigation (SF-85P, OF-306, SSA-89, fingerprints, PREA questionnaire if required)
Schedule: Full-time; 8-hour workdays with on-call support as needed.
Hybrid Work: Lorton, VA roles may telework up to 2 days per week; 3 days onsite required (subject to mission needs)
Travel: Occasional CONUS travel; local travel within 50 miles is not reimbursable.
Role Overview
Harmonia Holdings Group is seeking an experienced SME Network Engineer to support DHS ICE Homeland Security Investigations (HSI) Title III and Linguists Unit (T3LU) under the CALEA program. This role provides hands‑on leadership across all network engineering functions, including architecture, routing, switching, firewall engineering, VPN and PKI integration, segmentation design, troubleshooting, and IA/accreditation‑grade documentation. The SME ensures the integrity, resilience, and performance of mission‑critical CALEA networks and collaborates closely with Systems, Virtualization, Storage, and Field Engineering teams to ensure end‑to‑end operational success.
Responsibilities
Network Architecture & Design
Design, document, and maintain CALEA network architecture, including:
Layer 2/Layer 3 topology
IP address schema and subnetting
VLAN/VRF segmentation
Routing design (OSPF, BGP, EIGRP, static routing)
Firewall zoning, NAT policies, and security segmentation
VPN tunnels, encrypted transport paths, and PKI integrations
COOP/DR network routing and failover paths
Produce and maintain authoritative network diagrams, data flows, trust boundaries, and configuration baselines.
Evaluate, recommend, and implement enhancements to improve security, availability, and performance.
Network Operations & Troubleshooting
Serve as the primary network engineer for diagnosing, resolving, and preventing outages across the CALEA enterprise.
Perform packet‑level analysis (Wireshark/tcpdump), flow analysis, and log correlation to identify and remediate issues.
Lead network upgrades, configuration changes, ACL/policy adjustments, and planned maintenance.
Monitor network performance and availability; tune routing, firewall, and VPN parameters as needed.
Firewall, Security & Accreditation Support
Engineer and maintain firewall policies and segmentation (Palo Alto preferred; Fortinet/Cisco ASA experience acceptable).
Support security hardening, vulnerability remediation, and IA/ATO documentation requirements.
Produce accreditation‑ready artifacts, including boundary diagrams, data‑flow representations, rule documentation, and enclave segmentation maps.
Collaborate with ISSO and security teams to address findings and strengthen compliance posture.
Interoperability & Cross‑Domain Integration
Document and support network dependencies across Active Directory, DNS/DHCP, VMware/vSphere, SAN/iSCSI/NFS storage, and application tiers.
Validate end‑to‑end system functionality after network changes.
Partner with Systems, Virtualization, Storage, and Field SMEs to maintain seamless operations across CALEA sites.
COOP/DR & Lab Engineering
Contribute to COOP/DR planning, design, and testing to ensure high availability and rapid failover capabilities.
Support lab environment setup for replication, patch validation, and network simulation.
Documentation & Mission Coordination
Maintain technical documentation, diagrams, IP plans, SOPs, and configuration repositories.
Coordinate with Harmonia and ICE technical leads to resolve issues, support field operations, and sustain mission readiness.
Required Qualifications
Bachelor’s degree in IT, Engineering, or related field OR +5 years equivalent experience.
10+ years of enterprise network engineering experience with increasing responsibility.
Technical Proficiency
Deep hands‑on experience with:
Cisco routing/switching (3k–9k platforms)
Palo Alto or Fortinet firewalls and policy design
VPN architecture, IPsec tunneling, PKI integration
Network segmentation using VLANs, VRFs, and security zones
Packet capture and analysis
Network monitoring and telemetry tools (SolarWinds, NetFlow, Splunk, etc.)
Demonstrated ability to produce complete network diagrams and architecture documentation based solely on device configuration, logs, and analysis.
Strong understanding of cross‑domain interactions (DNS, AD, VMware networking, SAN connectivity).
Preferred Certifications
CCNA, CCNP Enterprise or CCNP Security
PCNSE
Fortinet NSE4/NSE5
CCIE‑level competency (or equivalent expertise)
Professional Competencies
Excellent communication skills with both technical and non‑technical stakeholders.
Proven ability to work independently in high‑pressure, mission‑critical environments.
Strong analytical, investigative, and documentation skills.
Preferred Experience
Experience supporting federal law enforcement IT systems or CALEA‑aligned mission operations.
Hands‑on participation in COOP/DR architecture or failover site execution.
Experience with VPN transitions, network segmentation, and multi‑site resiliency.
Familiarity with Kubernetes/container environments (e.g., JSI platforms).
Experience supporting 24/7 high‑availability operations.
Soft Skills
Strong initiative and attention to detail.
Adaptability to evolving mission requirements and operational tempo.
Collaborative approach with technical teams, vendors, and government partners.
Alignment with Harmonia’s principles of excellence, collaboration, curiosity, and integrity.
Physical Demands / Work Environment
Must regularly lift/move up to 50 lbs.; occasionally up to 80 lbs. using a hand truck or lift cart.
Requires standing, kneeling, crouching, and navigating server‑room environments.
Normal vision and hearing required; moderate server‑room noise.
Benefits
Traditional and HSA‑eligible medical insurance plans
100% employer‑paid dental and vision insurance options
100% employer‑sponsored STD, LTD, and life insurance
5% 401(k) company matching
Flexible‑schedules and teleworking options
Paid holidays and PTO accrual plans
Paid parental leave
Professional development and career growth opportunities
Team and company‑wide events, recognition, and appreciation
Company Recognitions
Recognized as a Top 20 "Best Place to Work in Virginia"
Recipient of Department of Labor's HireVets Gold Medallion
Great Place to Work Certification for five years running
A Virginia Chamber of Commerce Fantastic 50 company
A Northern Virginia Technology Council Tech 100 company
Inc. 5000 list of fastest-growing companies for eleven years
Two-time SBA SBIR Tibbett's Award winner
Virginia Values Veterans (V3) Certification
Harmonia is an Equal Opportunity Employer providing equal employment opportunity to all employees and applicants for employment without regard to race, color, religion, national origin, age, gender, gender identity, sexual orientation, disability, or genetics. Harmonia does and will take affirmative action to employ and advance in employment individuals with disabilities and protected veterans. To perform the above job successfully, an individual must possess the knowledge, skills, and abilities listed; meet the education and work experience required; and must be able to perform each essential duty and responsibility satisfactorily. Other duties in addition to those listed may be assigned as necessary to meet business needs. Reasonable accommodation will be made to enable an applicant with a disability to successfully apply for and/or perform the essential duties of the job. If you are in need of an accommodation, please contact HR@harmonia.com.
#J-18808-Ljbffr
SME Network Engineer
Location: Lorton, VA (22079)
Citizenship: U.S. Citizen (required for access to DHS IT systems)
Clearance: Must be able to obtain and maintain DHS/ICE Fitness Determination (Public Trust), including favorable preliminary Fitness and full NBIS eAPP investigation (SF-85P, OF-306, SSA-89, fingerprints, PREA questionnaire if required)
Schedule: Full-time; 8-hour workdays with on-call support as needed.
Hybrid Work: Lorton, VA roles may telework up to 2 days per week; 3 days onsite required (subject to mission needs)
Travel: Occasional CONUS travel; local travel within 50 miles is not reimbursable.
Role Overview
Harmonia Holdings Group is seeking an experienced SME Network Engineer to support DHS ICE Homeland Security Investigations (HSI) Title III and Linguists Unit (T3LU) under the CALEA program. This role provides hands‑on leadership across all network engineering functions, including architecture, routing, switching, firewall engineering, VPN and PKI integration, segmentation design, troubleshooting, and IA/accreditation‑grade documentation. The SME ensures the integrity, resilience, and performance of mission‑critical CALEA networks and collaborates closely with Systems, Virtualization, Storage, and Field Engineering teams to ensure end‑to‑end operational success.
Responsibilities
Network Architecture & Design
Design, document, and maintain CALEA network architecture, including:
Layer 2/Layer 3 topology
IP address schema and subnetting
VLAN/VRF segmentation
Routing design (OSPF, BGP, EIGRP, static routing)
Firewall zoning, NAT policies, and security segmentation
VPN tunnels, encrypted transport paths, and PKI integrations
COOP/DR network routing and failover paths
Produce and maintain authoritative network diagrams, data flows, trust boundaries, and configuration baselines.
Evaluate, recommend, and implement enhancements to improve security, availability, and performance.
Network Operations & Troubleshooting
Serve as the primary network engineer for diagnosing, resolving, and preventing outages across the CALEA enterprise.
Perform packet‑level analysis (Wireshark/tcpdump), flow analysis, and log correlation to identify and remediate issues.
Lead network upgrades, configuration changes, ACL/policy adjustments, and planned maintenance.
Monitor network performance and availability; tune routing, firewall, and VPN parameters as needed.
Firewall, Security & Accreditation Support
Engineer and maintain firewall policies and segmentation (Palo Alto preferred; Fortinet/Cisco ASA experience acceptable).
Support security hardening, vulnerability remediation, and IA/ATO documentation requirements.
Produce accreditation‑ready artifacts, including boundary diagrams, data‑flow representations, rule documentation, and enclave segmentation maps.
Collaborate with ISSO and security teams to address findings and strengthen compliance posture.
Interoperability & Cross‑Domain Integration
Document and support network dependencies across Active Directory, DNS/DHCP, VMware/vSphere, SAN/iSCSI/NFS storage, and application tiers.
Validate end‑to‑end system functionality after network changes.
Partner with Systems, Virtualization, Storage, and Field SMEs to maintain seamless operations across CALEA sites.
COOP/DR & Lab Engineering
Contribute to COOP/DR planning, design, and testing to ensure high availability and rapid failover capabilities.
Support lab environment setup for replication, patch validation, and network simulation.
Documentation & Mission Coordination
Maintain technical documentation, diagrams, IP plans, SOPs, and configuration repositories.
Coordinate with Harmonia and ICE technical leads to resolve issues, support field operations, and sustain mission readiness.
Required Qualifications
Bachelor’s degree in IT, Engineering, or related field OR +5 years equivalent experience.
10+ years of enterprise network engineering experience with increasing responsibility.
Technical Proficiency
Deep hands‑on experience with:
Cisco routing/switching (3k–9k platforms)
Palo Alto or Fortinet firewalls and policy design
VPN architecture, IPsec tunneling, PKI integration
Network segmentation using VLANs, VRFs, and security zones
Packet capture and analysis
Network monitoring and telemetry tools (SolarWinds, NetFlow, Splunk, etc.)
Demonstrated ability to produce complete network diagrams and architecture documentation based solely on device configuration, logs, and analysis.
Strong understanding of cross‑domain interactions (DNS, AD, VMware networking, SAN connectivity).
Preferred Certifications
CCNA, CCNP Enterprise or CCNP Security
PCNSE
Fortinet NSE4/NSE5
CCIE‑level competency (or equivalent expertise)
Professional Competencies
Excellent communication skills with both technical and non‑technical stakeholders.
Proven ability to work independently in high‑pressure, mission‑critical environments.
Strong analytical, investigative, and documentation skills.
Preferred Experience
Experience supporting federal law enforcement IT systems or CALEA‑aligned mission operations.
Hands‑on participation in COOP/DR architecture or failover site execution.
Experience with VPN transitions, network segmentation, and multi‑site resiliency.
Familiarity with Kubernetes/container environments (e.g., JSI platforms).
Experience supporting 24/7 high‑availability operations.
Soft Skills
Strong initiative and attention to detail.
Adaptability to evolving mission requirements and operational tempo.
Collaborative approach with technical teams, vendors, and government partners.
Alignment with Harmonia’s principles of excellence, collaboration, curiosity, and integrity.
Physical Demands / Work Environment
Must regularly lift/move up to 50 lbs.; occasionally up to 80 lbs. using a hand truck or lift cart.
Requires standing, kneeling, crouching, and navigating server‑room environments.
Normal vision and hearing required; moderate server‑room noise.
Benefits
Traditional and HSA‑eligible medical insurance plans
100% employer‑paid dental and vision insurance options
100% employer‑sponsored STD, LTD, and life insurance
5% 401(k) company matching
Flexible‑schedules and teleworking options
Paid holidays and PTO accrual plans
Paid parental leave
Professional development and career growth opportunities
Team and company‑wide events, recognition, and appreciation
Company Recognitions
Recognized as a Top 20 "Best Place to Work in Virginia"
Recipient of Department of Labor's HireVets Gold Medallion
Great Place to Work Certification for five years running
A Virginia Chamber of Commerce Fantastic 50 company
A Northern Virginia Technology Council Tech 100 company
Inc. 5000 list of fastest-growing companies for eleven years
Two-time SBA SBIR Tibbett's Award winner
Virginia Values Veterans (V3) Certification
Harmonia is an Equal Opportunity Employer providing equal employment opportunity to all employees and applicants for employment without regard to race, color, religion, national origin, age, gender, gender identity, sexual orientation, disability, or genetics. Harmonia does and will take affirmative action to employ and advance in employment individuals with disabilities and protected veterans. To perform the above job successfully, an individual must possess the knowledge, skills, and abilities listed; meet the education and work experience required; and must be able to perform each essential duty and responsibility satisfactorily. Other duties in addition to those listed may be assigned as necessary to meet business needs. Reasonable accommodation will be made to enable an applicant with a disability to successfully apply for and/or perform the essential duties of the job. If you are in need of an accommodation, please contact HR@harmonia.com.
#J-18808-Ljbffr