Job Requirements
Remote Washington, DC
Secret Polygraph not specified
Mid Level Career (5+ yrs experience)
$145,000 - $147,000
Job Description
Cloud Network Engineer (Network SME), DoD AWS GovCloud — Secret Clearance
Summary
We need a builder, not a ticket-closer. You will stand up and own DoD network connectivity into AWS GovCloud, and you will be the person the program leans on when a BCAP cutover has to go right the first time. This is hands-on, end to end, and it carries real ownership.
What you will own
The BCAP cutover from planning through execution, including coordination with DISA where required.
Route table topology across the Inspection, Egress, and Perimeter VPCs, plus any Transit Gateway route table changes needed to bring new workload accounts online.
SNAP submissions and NIPRNet IP block assignment using issued /24 ranges.
Connectivity design and trade-off calls across BCAP, Direct Connect, and Transit Gateway routing patterns, including when to reach for DXGW versus VGW.
AWS Network Firewall configuration, which means authoring Suricata rules and tuning stateful inspection for both east-west and north-south traffic.
Required
Demonstrated, hands-on experience standing up DoD network connectivity into AWS GovCloud.
Working fluency across BCAP, Direct Connect, and Transit Gateway routing patterns.
AWS Network Firewall depth: Suricata rule authoring and stateful east-west and north-south inspection.
A clear grasp of DXGW versus VGW trade-offs and when each one fits.
Strong plus
Prior hands-on experience with SNAP submissions and NIPRNet /24 assignment. These workflows are trainable on the job, so prior experience helps but is not required.
Familiarity with the Cloud Permission to Connect (CPTC) workflow.
Exposure to JWCC-style pass-through architecture.
Summary
We need a builder, not a ticket-closer. You will stand up and own DoD network connectivity into AWS GovCloud, and you will be the person the program leans on when a BCAP cutover has to go right the first time. This is hands-on, end to end, and it carries real ownership.
What you will own
The BCAP cutover from planning through execution, including coordination with DISA where required.
Route table topology across the Inspection, Egress, and Perimeter VPCs, plus any Transit Gateway route table changes needed to bring new workload accounts online.
SNAP submissions and NIPRNet IP block assignment using issued /24 ranges.
Connectivity design and trade-off calls across BCAP, Direct Connect, and Transit Gateway routing patterns, including when to reach for DXGW versus VGW.
AWS Network Firewall configuration, which means authoring Suricata rules and tuning stateful inspection for both east-west and north-south traffic.
Required
Demonstrated, hands-on experience standing up DoD network connectivity into AWS GovCloud.
Working fluency across BCAP, Direct Connect, and Transit Gateway routing patterns.
AWS Network Firewall depth: Suricata rule authoring and stateful east-west and north-south inspection.
A clear grasp of DXGW versus VGW trade-offs and when each one fits.
Strong plus
Prior hands-on experience with SNAP submissions and NIPRNet /24 assignment. These workflows are trainable on the job, so prior experience helps but is not required.
Familiarity with the Cloud Permission to Connect (CPTC) workflow.
Exposure to JWCC-style pass-through architecture.
group id: 90970085