Share this job
Senior Network Enginer
Silver Spring, MD
Apply for this job

Senior Network Engineer (Tier 3) supporting NOAA National Marine Fisheries Service (NMFS) – Office of the CIO


Role Overview

The Senior Network Engineer is a hands-on Tier-3 individual contributor supporting the NOAA National Marine Fisheries Service (NMFS) Office of the CIO. This role sits within a mature, mission-critical federal program and is responsible for designing, operating, and modernizing enterprise network infrastructure that enables NOAA’s fisheries science, conservation, and resource-management mission.


A defining aspect of this role is direct ownership of Cisco Identity Services Engine (ISE) as a core enterprise capability. The Senior Network Engineer owns ISE policy architecture, authentication flows, and troubleshooting in production, supporting Zero-Trust-aligned access control across campus, data center, VPN, and cloud-connected environments.


This position is ideal for an engineer who enjoys owning complex systems end to end, solving hard problems, and translating network strategy into stable, auditable production outcomes.


Location: Silver Spring, MD (NOAA Headquarters) — hybrid; on-site three days per week required

Residency: National Capital Region (MD, DC, Northern VA)

Clearance: Public Trust eligible

Compensation: $175,000 – $200,000 (W-2), plus comprehensive benefits


Mission & Program Context


NOAA NMFS supports scientific research and operational programs that protect marine ecosystems and manage the nation’s fisheries resources. The OCIO infrastructure program provides the networking, cloud, and security foundation that enables:

  • Distributed fisheries science centers across the United States
  • Data collection, modeling, and research workflows
  • Secure collaboration between NOAA, partner agencies, and research institutions


This long-running program emphasizes reliability, security, and thoughtful modernization rather than rapid experimentation. Engineering decisions directly impact operational continuity and scientific outcomes.


Team Structure & Working Model

  • Total program team: approximately 17–18 engineers and specialists nationwide
  • Network pod: 5-person team consisting of:
  • Tier‑1 engineer
  • Two Tier‑2 engineers
  • One Tier‑3 engineer (this role)
  • Network manager


The Senior Network Engineer operates as a technical peer, not a people manager. Success in the role depends on collaboration, mentoring, and shared ownership rather than command-and-control leadership.


Technical Environment

  • On‑prem data centers located in Ashburn, VA and Seattle, WA
  • Multi‑cloud environment spanning:
  • Oracle Cloud Infrastructure (OCI)
  • Google Cloud Platform (GCP)
  • Amazon Web Services (AWS)
  • Enterprise Cisco ecosystem including routing, switching, identity, and security platforms
  • Security and access control centered on Cisco Firepower Threat Defense and Cisco Identity Services Engine


What You Will Work On

This role blends steady-state operational ownership with forward-leaning modernization efforts, with Cisco ISE ownership at the center of the access-control strategy:

  • Own Cisco Identity Services Engine (ISE) policy architecture and operations, including 802.1X, MAB, profiling, posture, and RADIUS authentication
  • Design, troubleshoot, and stabilize identity-based access across wired, wireless, VPN, and hybrid cloud-connected environments
  • Lead Tier-3 design and troubleshooting for enterprise LAN/WAN
  • Engineer and sustain Cisco Firepower/FMC environments and their integration with identity-aware access controls
  • Maintain and improve hybrid connectivity between data centers and cloud platforms
  • Operate and troubleshoot large-scale site-to-site and remote-access VPNs
  • Lead EVPN rollout across data center environments
  • Participate in IPv6 proof-of-concept and phased enterprise deployment
  • Support cloud connectivity improvements (Direct Connect, ExpressRoute, redundant VPN design)
  • Contribute to upcoming SD-WAN evaluation and pilot efforts


How Work Gets Done

  • Changes are planned, reviewed, and executed with clear rollback procedures
  • Engineers are expected to document designs, operational procedures, and troubleshooting steps
  • Runbooks, diagrams, and audit‑ready artifacts are part of normal delivery—not afterthoughts
  • Tier‑3 engineers mentor Tier‑1 and Tier‑2 staff and help set technical standards across the pod


What Success Looks Like

  • Networks are stable, well‑documented, and predictable under failure conditions
  • Modernization initiatives progress without disrupting mission operations
  • Tier‑1 and Tier‑2 engineers are empowered through clear standards and mentorship
  • Stakeholders trust the network team to handle complex changes cleanly


Required Background

  • 8+ years designing and operating enterprise networks
  • Demonstrated, hands-on ownership of Cisco Identity Services Engine (ISE) in production environments
  • Strong experience designing and troubleshooting 802.1X, MAB, profiling, posture, and RADIUS authentication workflows
  • Deep experience with Cisco enterprise environments (IOS, NX-OS, Catalyst, Nexus)
  • Strong routing and switching foundation (BGP, OSPF v2/v3, redistribution, loop prevention)
  • Hands-on experience with network security platforms and Zero-Trust-aligned access controls
  • Extensive VPN experience (IPsec site-to-site and remote access)
  • Exposure to IPv6 and dual-stack environments
  • Cloud networking experience with at least one major provider (AWS, Azure, GCP, or OCI)
  • Comfort working in regulated, audit-driven environments


Why...?

  • You own real systems that matter
  • You work alongside peers who value depth and discipline
  • You help modernize a national‑level scientific mission without hype or chaos
  • You get to solve hard problems and leave the environment better than you found it



Apply for this job
Powered by