Journeyman Network Security Engineer with Security Clearance

Position Descriptions for NAVFAC CSPE Norfolk Network Security Engineer
Clearance: Secret
Location: Norfolk, Virginia
Schedule: 5 days / week onsite at the Naval base in Norfolk, VA.
Position Description
The Naval Facilities Engineering Systems Command (NAVFAC) builds and maintains sustainable facilities, delivers utilities, and services, and provides Navy expeditionary combat force capabilities. NAVFAC requires facilities under its command and the facility related controls systems (FRCS) in them to be interconnected to properly provide Technical Management, Continuous Monitoring, and an End-to-End (E2E) Cyber Defense capabilities to NAVFAC's Facilities Engineering Commands. The Control Systems Platform Enclave version 3 (CSPEv3) has been identified as the networking platform these systems will connect to and requires location specific integration for each of the designated control systems that will be connected. We are seeking a skilled and experienced Network Security Engineer to join our Network Operations Center (NOC) team. The ideal candidate for this position will have experience designing, deploying, and managing Palo Alto Next-Generation Firewalls (NGFWs)-both physical (e.g., PA-450) and virtual (e.g., VM-300, VM-700)-and Panorama across geographically dispersed sites. The primary job of the CSPEv3 support team is to integrate key locations into the CSPEv3 infrastructure by standing up all technologies, both software and hardware, to integrate FRCS systems into this network topology with an end goal of enhancing the cyber security posture and enable continuous monitoring of critical systems. Desired Skills
• Expertise in designing, deploying, and configuring Palo Alto firewalls (physical and virtual) and Panorama.
• Proficiency in deploying and managing virtual Palo Alto firewalls in VMware NSX for software-defined networking and security.
• Ability to manage firewall policies, rules, security zones, and access controls.
• Experience in planning and performing firmware updates, patches, and software upgrades.
• Knowledge of aligning firewall policies with Zero Trust principles, compliance requirements, and security best practices.
• Collaboration skills with network engineers and system administrators for configuration alignment.
• Capability to provide training and share expertise on Next Generation Firewall technologies
• Strong understanding of network security principles, Zero Trust architectures, and compliance requirements.
• Expertise in firewall policy management, access control, and policy enforcement across physical, virtual, and NSX-integrated firewalls.
• Proficiency with configuring network protocols (BGP) and security policies within the Palo Alto Environment
• Experience with automation tools (e.g., Python, Ansible) and NSX integrations
Minimum Qualifications
Must have a minimum of 5 years of experience in Network Engineering and Network Security with relevant technology
• Education/Experience 5 years of experience in configuring and managing Palo Alto Next-Generation Firewalls (physical and virtual) and Panorama. Experience with virtual Palo Alto firewalls as a service in VMware NSX environments is highly desirable.
• Preferred Certifications include Certified Information Systems Security Professional (CISSP) Palo Alto Networks Certified Network Security Engineer (PCNSE) or equivalent certification VMware certifications (e.g., VCP-NV) are a plus. Offensive Security Certified Professional (OSCP):