New 
Network Security Engineer (Zero Trust)
 Quadrant, Inc. | |
 United States, Maryland, Aberdeen | |
 Jun 06, 2025 | |
|
Network Security Engineer (Zero Trust) Aberdeen Proving Ground, MD Salary from : $145,000/yr MUST : Active DoD Secret Clearance 10+ years of experience in Network Security 5+ years of Security engineering Extensive experience in Elastic Technologies tools In-depth knowledge of security tools and platforms including ACAS, Elastic SIEM, Cisco ASA, Palo Alto, Endgame, MFA, Active Directory, MECM, and Microsoft Defender Experience working with privileged access management tools and Just-In-Time (JIT) admin management, including Privileged Access Workstations (PAW) and Tactical PKI solutions Strong understanding of network security, endpoint protection, identity and access management (IAM), and multi-factor authentication (MFA) Experience in network vulnerability scanning, patch management, and endpoint detection and response (EDR) Expertise in integrating and automating security platforms to create cohesive security ecosystems Familiarity with network firewalls and intrusion prevention systems (IPS) such as Cisco ASA and Palo Alt Proven experience in designing and implementing comprehensive Zero-Trust framework Strong experience with Tactical Public Key infrastructures (TPKI) Must have a deep understanding of security protocols, vulnerability, network security, and identity management Familiarity with EQL, KQL, painless or GROK is a plus Strong communication skills both written and verbal Ability to speak with and present to Senior Leaders and Government Clients Ability to convey complex security concepts to both technical and non-technical stakeholders High attention to detail Relevant certifications such as CISSP, CISM, or equivalent are a plus Bachelor's Degree is required for the role (preferably in a related field) DUTIES : The ideal Security Engineer will be responsible for the design, documentation, integration and automation of the tactical zero-trust security infrastructure Develop, implement, and maintain a zero-trust architecture across the organization's entire IT environment, ensuring that all systems adhere to the "never trust, always verify" security philosophy Act as a supporting engineer on the Elastic team integrating Elasticsearch, Kibana, Logstash, Endgame, and the Elastic agent software with custom ansible provisioning Create scripts and templates supporting custom Elastic integrations including logstash pipelines, beat inputs, ingest pipelines, indexes, data streams, and various visualizations Act as a supporting engineer on the Army DevOps team using an Ubuntu agent and python scripts to connect to the Azure DevOps (ADO) environment Provide Elastic support also includes STIG automation on Oracle Linux using bash scripts as well as customer support via Teams Public Key Infrastructure: (TKPI) Act as an engineer on the TPKI team supporting production Microsoft Certificate Authorities, Active Directory, and OCSP Responder Services Support continued maintenance of the existing root certificate chain including server rebuild and maintenance, customer support, and certificate and CRL Issuance Design and implement a new certificate root chain utilizing Information Security Corporation CertAgent software Help with Zero Trust Architecture Design Reconfigure and integrate multiple security technologies and platforms to ensure seamless communication and compatibility, including: ACAS (Network Vulnerability Scanner), Active Directory (Centralized Identity Provider), Cisco ASA & Palo Alto/Panorama (Network Firewall and IPS), Elastic (Network SIEM), Endgame (Endpoint Detection and Response), Cisco ISE (Radius and TACACS Server), MECM (Endpoint Management and Patching), Microsoft Defender (Windows Firewall and Anti-Virus), Privileged Access Workstation (PAW) (Dedicated Windows Platform for JIT Admin Management), Tactical PKI (Dedicated Windows Platform for JIT Admin Management) and MFA (User Tokens for multi-factor authentication) Ensure secure authentication and authorization mechanisms through centralized identity providers like Active Directory, Cisco ISE, and implement role-based access control (RBAC) aligned with Zero Trust principles Oversee the integration of endpoint detection and response (EDR) systems like Endgame, anti-virus tools like Microsoft Defender, and patch management through MECM to ensure endpoint security and compliance with Zero Trust policies Design and configure network firewalls and intrusion prevention systems (IPS) such as Cisco ASA and Palo Alto to limit lateral movement within the network and integrate them with a SIEM system like Elastic for real-time threat detection and response. Manage and secure privileged access using Privileged Access Workstations (PAW) and Tactical PKI platforms to ensure Just-In-Time (JIT) administrative access is enforced across critical systems Leverage the Elastic SIEM platform to monitor network activity and incidents, and work with the security team to respond to threats in real-time. Ensure that threat detection, response, and reporting adhere to Zero Trust standards This position also involves support for the Elastic team including working within the Azure DevOps Environment, using ansible, bash and python to automatically deploy changes to the Elastic baseline Quadrant is an affirmative action/equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, status as a protected veteran, or status as an individual with a disability. "Healthcare benefits are offered to all eligible employees according to compliance mandated by the Affordable Care Act". | |