Evergreen: Senior Network/Security Engineer

Senior Network/Security Engineer

Ad Hoc is a technology company that empowers organizations to deliver scalable, impactful digital services. Using modern, agile methods, our team creates products that meet people’s needs and transform their experience of government.

Our collaborations have shaped some of the defining moments in public-sector service delivery. We’ve helped build products that connect Veterans to tailored services, help millions access affordable health care, and support important programs like Head Start. As we work with agencies to deliver critical services, we’re also changing how the government approaches technology.

Our culture, communications, and tools are built for remote work, enabling us to bring together top talent nationwide. At Ad Hoc, remote life empowers our teams to design work environments that fit their lives and that foster flexibility and collaboration to achieve positive outcomes for our customers.

Ad Hoc values acceptance, accountability, and humility. We aren’t heroes. We learn from our mistakes and improve the process for the next time. We build small, inclusive teams to collaborate closely with our partners to solve the right problems and deliver software that works.

The Federal Civilian business unit supports many customers spanning the federal, commercial, and nonprofit space. Our customers include NASA, the General Services Administration, Office of Personnel Management, the Library of Congress, Health & Human Services, and the FDIC. We partner with these agencies to build new capabilities, deliver products, establish data as a strategic asset for informed decision-making, modernize legacy systems, and build the digital service infrastructure necessary to scale their mission impact.

Experience with Palo Alto, panorama OS (PAN-OS), Firewalls, SIEM, Security Configuration Management (SCM), migration, security and compliance, RBAC and access models, Data Loss Prevention (DLP), Strata Cloud Manager

Operate and engineer enterprise web proxy, deliver reliable policy changes, and diagnose issues down to packet level

• →Configuring Network ACLs, firewalls, and security groups to enforce policy and isolate sensitive workloads.
• →Design secure network infrastructure enforcing Zero Trust principles for the DXP.
• →Ensure 100% compliance with IRS/NIST boundary protection standards.
• →Proxy Engineering
  • →Forward/reverse proxy modes; explicit vs transparent; PAC/WPAD design and distribution.
  • →SSL/TLS inspection: cert chains, pinning impacts, ALPN, HTTP/2 behavior, auth flows (Kerberos/NTLM, SAML/OIDC).
  • →Safe bypass strategies (domain/SNI/IP/risk-based) without degrading coverage.
• →Layer 3 & Internet Fundamentals
  • →Routing & addressing (CIDR, MTU/fragmentation/PMTUD, NAT44/66, VRFs), basic BGP/OSPF, DNS recursion/forwarding and failure modes.
• →Ports & Protocols
  • →TCP/UDP behavior, ephemeral ranges, TLS handshake/SNI, and middlebox interactions (no QUIC/HTTP-3 requirement).
• →PCRE
  • →Writes and reviews complex PCRE (lookarounds, backreferences, atomic groups) with an eye for performance (avoid catastrophic backtracking).
• →Troubleshooting: Packets + Analytics
  • →tcpdump/Wireshark proficiency (TLS/HTTP analysis, TCP dynamics).
  • →Log correlation at scale (e.g., Splunk/ELK) to isolate issues off-box (client, network, IdP, upstream).
  • →Can distinguish origin responses vs proxy-generated errors and document root cause.
• →Communication & Prioritization
  • →Clear stakeholder comms; triage correctly under load—doesn’t treat every noisy issue as P1.

• Normalize firewall / Panorama versions
• Get Panorama 12.x integrated with Strata Cloud Manager as the “real” central manager
• Upgrade the DLP plug-in so it works cleanly in SCM

• Current or previous Federal Government Clearance