Lead Network Engineer
MAG USA Inc., Fairfax, VA, United States
Position Summary
The Lead, Network Engineering is responsible for designing, securing, and operating the enterprise connectivity fabric that enables all business and mission systems. This role ensures reliable, compliant, and high-performance connectivity across cloud, corporate, and secure environments.
This is a working leadership role in a lean IT organization. You will set direction, define architecture, and execute hands-on network engineering while coordinating closely with Platform Engineering, Cybersecurity, and Digital & AI Engineering to ensure secure and integrated delivery.
Essential Duties and Responsibilities
Network Architecture & Strategy
Define and maintain the enterprise network architecture across LAN/WAN, VPN, SD-WAN, and hybrid cloud environments
Design Azure connectivity (ExpressRoute, site-to-site VPN, virtual network architecture) aligned to GCCH constraints
Establish network segmentation and boundary enforcement consistent with Zero Trust principles and CMMC requirements
Maintain documentation of network topology, boundaries, and system interconnections for audit and compliance purposes
Secure Connectivity & Operations
Own enterprise connectivity across physical sites, remote workforce, and cloud environments
Design and maintain firewall policies, routing configurations, and secure access controls
Enable secure remote access for distributed and mobile users
Support SCIF and secure facility network requirements, including design, documentation, and compliance alignment
Performance & Reliability
Monitor network performance, availability, and capacity across all locations
Identify and resolve performance bottlenecks impacting application and data workloads
Establish and track SLAs for network uptime and recovery objectives
Lead incident response efforts related to connectivity and network disruptions
Security & Compliance Alignment
Partner with Cybersecurity to implement and validate network security controls and segmentation
Ensure transport-layer security meets FIPS 140-2/140-3 requirements
Maintain network boundary documentation and evidence required for CMMC assessment
Support vulnerability remediation and security incident containment at the network layer
Integration & Cross-Pillar Coordination
Partner with Platform Engineering on cloud networking, private endpoints, and identity-aware access
Support Digital & AI Engineering by designing data paths and connectivity for application and AI workloads
Participate in CAB and ARB forums to assess network impact of changes and new designs
Secondary Responsibilities
Contribute to System Security Plan (SSP) documentation related to network architecture and boundaries
Support CMMC audit readiness activities, including documentation and evidence collection
Participate in vendor evaluation and selection for networking hardware, services, and connectivity solutions
Mentor junior engineers and contribute to hiring and onboarding efforts
Requirements
Experience
8-12+ years of experience in network engineering, infrastructure engineering, or cloud networking
Experience designing and operating enterprise network architectures across hybrid environments
Hands-on experience with Azure networking (or equivalent cloud platform)
Experience supporting geographically distributed organizations with multiple sites and remote users
Experience working in regulated environments (CMMC, NIST, ISO, or equivalent)
Technical Skills
Experience with Network technologies: routing, switching, VPN, SD-WAN, firewall configuration
Experience with Cloud networking: Azure virtual networks, ExpressRoute, private endpoints
Experience with Security: Zero Trust architecture, segmentation, encryption standards
Experience with Monitoring and troubleshooting tools for network performance and availability
Experience with Documentation and diagramming of enterprise network architectures
Leadership & Communication
Ability to operate as a technical leader and domain owner in a lean organization
Strong cross-functional collaboration skills
Ability to communicate technical concepts to both engineering teams and leadership
Experience coordinating work across multiple teams without direct authority
Preferred Qualifications
Experience supporting SCIF or secure facility network environments
Familiarity with CMMC Level 2 requirements and audit expectations
Experience with network automation and infrastructure-as-code approaches
Experience in a GovCon or similarly regulated environment
Attained industry recognized certifications such as CCNP, CCNA or some subset of those certifications (Cisco routing and switching for example).
Experience or familiarity with the FortiNet suite of products and solutions.
Security & Compliance Requirements
U.S. Citizenship required
Must be eligible for security clearance
Must comply with all enterprise security and data handling policies
Must adhere to CMMC-mandated practices and training requirements
Special Note
What Makes You Successful Here
You think in terms of systems and connectivity, not just devices and configurations
You understand that network design is foundational to security and performance
You operate comfortably as both architect and operator
You prioritize clarity, documentation, and repeatability in your work
You are effective in a lean environment, where ownership is broad and resources are limited
Organizational Fit & Role Context
This role is one of five pillar leadership positions within Enterprise IT. The team operates with shared accountability and a strong emphasis on cross-functional execution. The Lead, Network Engineering is responsible for ensuring that connectivity is never a constraint to business operations or technology delivery.
Benefits and Compensation
At MAG Aerospace, we value your contributions providing our employees with a robust Total Rewards package that supports your total well-being. Full-time and part-time employees working at least 30 hours a week on a regular basis are eligible to participate in MAG's Total Rewards programs. Our offerings include health, life, disability, financial, and retirement benefits as well as paid leave, professional development, and tuition assistance. Individuals that do not meet the threshold are only eligible for select offerings not inclusive of health benefits. We encourage you to learn more about our Total Rewards Program by visiting the Resource page on our Careers site: https://www.magaero.com/benefits/. Salary at MAG Aerospace is determined by various factors including but not limited to location, the particular combination of education, knowledge, skills, competencies, and experience as well as contract-specific affordability and organizational requirements. The projected compensation range for this position is $165,000 to $175,000 (annualized USD). The estimate displayed represents the typical salary range for this position and is just one component of MAG's total compensation package for employees.
Need help finding the right job?
We can recommend jobs specifically for you!
Job Locations
Remote US
ID
12729
Work Region
CONUS
Type
Regular Full-Time
Clearance
Ability to Obtain Secret
The Lead, Network Engineering is responsible for designing, securing, and operating the enterprise connectivity fabric that enables all business and mission systems. This role ensures reliable, compliant, and high-performance connectivity across cloud, corporate, and secure environments.
This is a working leadership role in a lean IT organization. You will set direction, define architecture, and execute hands-on network engineering while coordinating closely with Platform Engineering, Cybersecurity, and Digital & AI Engineering to ensure secure and integrated delivery.
Essential Duties and Responsibilities
Network Architecture & Strategy
Define and maintain the enterprise network architecture across LAN/WAN, VPN, SD-WAN, and hybrid cloud environments
Design Azure connectivity (ExpressRoute, site-to-site VPN, virtual network architecture) aligned to GCCH constraints
Establish network segmentation and boundary enforcement consistent with Zero Trust principles and CMMC requirements
Maintain documentation of network topology, boundaries, and system interconnections for audit and compliance purposes
Secure Connectivity & Operations
Own enterprise connectivity across physical sites, remote workforce, and cloud environments
Design and maintain firewall policies, routing configurations, and secure access controls
Enable secure remote access for distributed and mobile users
Support SCIF and secure facility network requirements, including design, documentation, and compliance alignment
Performance & Reliability
Monitor network performance, availability, and capacity across all locations
Identify and resolve performance bottlenecks impacting application and data workloads
Establish and track SLAs for network uptime and recovery objectives
Lead incident response efforts related to connectivity and network disruptions
Security & Compliance Alignment
Partner with Cybersecurity to implement and validate network security controls and segmentation
Ensure transport-layer security meets FIPS 140-2/140-3 requirements
Maintain network boundary documentation and evidence required for CMMC assessment
Support vulnerability remediation and security incident containment at the network layer
Integration & Cross-Pillar Coordination
Partner with Platform Engineering on cloud networking, private endpoints, and identity-aware access
Support Digital & AI Engineering by designing data paths and connectivity for application and AI workloads
Participate in CAB and ARB forums to assess network impact of changes and new designs
Secondary Responsibilities
Contribute to System Security Plan (SSP) documentation related to network architecture and boundaries
Support CMMC audit readiness activities, including documentation and evidence collection
Participate in vendor evaluation and selection for networking hardware, services, and connectivity solutions
Mentor junior engineers and contribute to hiring and onboarding efforts
Requirements
Experience
8-12+ years of experience in network engineering, infrastructure engineering, or cloud networking
Experience designing and operating enterprise network architectures across hybrid environments
Hands-on experience with Azure networking (or equivalent cloud platform)
Experience supporting geographically distributed organizations with multiple sites and remote users
Experience working in regulated environments (CMMC, NIST, ISO, or equivalent)
Technical Skills
Experience with Network technologies: routing, switching, VPN, SD-WAN, firewall configuration
Experience with Cloud networking: Azure virtual networks, ExpressRoute, private endpoints
Experience with Security: Zero Trust architecture, segmentation, encryption standards
Experience with Monitoring and troubleshooting tools for network performance and availability
Experience with Documentation and diagramming of enterprise network architectures
Leadership & Communication
Ability to operate as a technical leader and domain owner in a lean organization
Strong cross-functional collaboration skills
Ability to communicate technical concepts to both engineering teams and leadership
Experience coordinating work across multiple teams without direct authority
Preferred Qualifications
Experience supporting SCIF or secure facility network environments
Familiarity with CMMC Level 2 requirements and audit expectations
Experience with network automation and infrastructure-as-code approaches
Experience in a GovCon or similarly regulated environment
Attained industry recognized certifications such as CCNP, CCNA or some subset of those certifications (Cisco routing and switching for example).
Experience or familiarity with the FortiNet suite of products and solutions.
Security & Compliance Requirements
U.S. Citizenship required
Must be eligible for security clearance
Must comply with all enterprise security and data handling policies
Must adhere to CMMC-mandated practices and training requirements
Special Note
What Makes You Successful Here
You think in terms of systems and connectivity, not just devices and configurations
You understand that network design is foundational to security and performance
You operate comfortably as both architect and operator
You prioritize clarity, documentation, and repeatability in your work
You are effective in a lean environment, where ownership is broad and resources are limited
Organizational Fit & Role Context
This role is one of five pillar leadership positions within Enterprise IT. The team operates with shared accountability and a strong emphasis on cross-functional execution. The Lead, Network Engineering is responsible for ensuring that connectivity is never a constraint to business operations or technology delivery.
Benefits and Compensation
At MAG Aerospace, we value your contributions providing our employees with a robust Total Rewards package that supports your total well-being. Full-time and part-time employees working at least 30 hours a week on a regular basis are eligible to participate in MAG's Total Rewards programs. Our offerings include health, life, disability, financial, and retirement benefits as well as paid leave, professional development, and tuition assistance. Individuals that do not meet the threshold are only eligible for select offerings not inclusive of health benefits. We encourage you to learn more about our Total Rewards Program by visiting the Resource page on our Careers site: https://www.magaero.com/benefits/. Salary at MAG Aerospace is determined by various factors including but not limited to location, the particular combination of education, knowledge, skills, competencies, and experience as well as contract-specific affordability and organizational requirements. The projected compensation range for this position is $165,000 to $175,000 (annualized USD). The estimate displayed represents the typical salary range for this position and is just one component of MAG's total compensation package for employees.
Need help finding the right job?
We can recommend jobs specifically for you!
Job Locations
Remote US
ID
12729
Work Region
CONUS
Type
Regular Full-Time
Clearance
Ability to Obtain Secret