Senior Network Engineer

At Ardent, we hire people who want more than a job — they want to serve a mission that matters. Our teams support the federal government’s most critical national security and defense priorities, helping protect the nation, strengthen resilience, and advance the technologies and capabilities that keep America secure. For veterans, cleared professionals, and purpose-driven innovators, Ardent is a place to continue serving alongside a team that understands the importance of the mission and the people behind it.

We also know top talent has choices, which is why we back our mission with benefits and flexibility that stand out: competitive pay, comprehensive health coverage, flexible PTO, federal holidays off, tuition reimbursement, professional development support, wellness stipends, and a culture that values and rewards hard work, dedication, and adaptability. If you want to build something meaningful, while enjoying the kind of flexibility and support that you need to do your best work — Ardent is where your next mission begins.

• Enterprise Network Engineering: Design, implement, operate, and optimize the Congressional Budget Office’s Cisco-based network infrastructure, including core, distribution, access, and edge environments, to ensure high availability, scalability, performance, and resilience in support of mission requirements.
• Network Security Architecture & Compliance: Implement and maintain network security controls aligned with NIST SP 800-53, NIST SP 800-207 (Zero Trust Architecture), and Cisco security best practices, including continuous monitoring, risk mitigation, and network security posture management.
• Network Access Control & Identity Integration: Engineer and enforce secure network access controls, including 802.1X port-based authentication, role-based access, and integration with enterprise identity services to support Zero Trust principles and least-privilege access models.
• Routing, Switching & Infrastructure Services: Manage and support routing, switching, and network services (e.g., VLANs, DNS, DHCP, VPNs), ensuring secure configuration, optimal performance, and alignment with organizational standards and policies.
• Perimeter & Public-Facing Security: Secure and managing public-facing network infrastructure, including firewalls, remote access solutions, and edge devices, ensuring hardened configurations, restricted access, and continuous monitoring to prevent unauthorized access and external threats.
• Network Monitoring & Security Operations Enablement: Implement and manage network monitoring, logging, and alerting capabilities, integrating with enterprise SIEM and network detection and response (NDR) tools to enhance visibility, threat detection, and incident response readiness.
• Vulnerability Management & Device Lifecycle: Establish and maintain a structured program for network device patching, firmware updates, vulnerability remediation, and lifecycle management to ensure all infrastructure components remain secure, compliant, and supported.
• Change Management & Documentation: Support formal change management processes, maintain accurate network diagrams and configuration documentation, and contribute to standard operating procedures to ensure transparency, traceability, and operational continuity.
• Advisory & Technical Leadership: Serve as a senior technical advisor to CBO stakeholders, collaborating with cybersecurity, cloud, and operations teams to resolve complex network issues, improve architecture, and support audits, assessments, and compliance initiatives.
• Customer Service & Team Collaboration: Serve as the technical adviser for complicated service desk tickets and modifications to better support network operations, while collaborating with cloud, Microsoft engineering, and cybersecurity teams.

• →Implement and maintain network security controls aligned with NIST SP 800-53, including access control (AC), configuration management (CM), system and communications protection (SC), and audit and accountability (AU) control families.
• →Engineer and enforce Zero Trust network architecture principles in accordance with NIST SP 800-207, including network segmentation, micro-segmentation, and continuous verification of users and devices.
• →Design and implement least-privilege network access controls, ensuring role-based and identity-aware access across all network layers.
• →Deploy and manage 802.1X port-based network access control to prevent unauthorized device connectivity and enforce authentication at the network edge.
• →Configure and maintain centralized logging and audit capabilities for all network devices, ensuring logs are forwarded to enterprise SIEM platforms and retained in accordance with compliance requirements.
• →Conduct continuous monitoring and vulnerability assessments of network infrastructure, identifying risks and coordinating remediation in alignment with NIST Risk Management Framework (RMF) practices.
• →Harden all network devices using secure configuration baselines (e.g., Cisco Secure Configuration Guides), including disabling unnecessary services, enforcing strong encryption protocols, and securing management interfaces.
• →Secure public-facing and perimeter network assets by implementing strict ingress/egress filtering, firewall rule optimization, and multi-factor authentication for administrative access.
• →Support incident response activities by providing network-level analysis, containment actions (e.g., segmentation, blocking malicious traffic), and forensic data collection.
• →Establish and maintain secure network segmentation strategies to limit lateral movement and protect high-value assets and sensitive environments.
• →Ensure all network changes follow formal change control processes with security impact analysis, supporting compliance with NIST configuration management requirements.
• →Lead or participate in security assessments, audits, and compliance reviews, providing evidence, documentation, and remediation support as required.
• →Continuously evaluate and enhance network security posture through adoption of emerging best practices, threat intelligence, and Cisco security innovations.
• →Develop, implement, and maintain Network Standard Operating Procedures (SOPs); review and update all SOPs on at least an annual basis or as required to reflect changes in technology, policy, or security requirements.
• →Document and maintain detailed hardware and configuration baselines for all network devices, including Cisco switches, routers, firewalls, and related infrastructure; conduct annual reviews and updates.
• →Perform root cause analysis (RCA) for network incidents, including performance degradation, outages, and security events; document findings and implement corrective and preventive actions.
• →Establish, implement, and maintain automated network patch management and firmware update procedures in accordance with Cisco best practices and organizational security policies.
• →Develop, maintain, and update comprehensive network diagrams that accurately reflect the CBO enterprise network architecture, including cloud, production, and secure environments; review and update diagrams annually or as changes occur.
• →Administer and troubleshoot enterprise DNS services, including configuration changes, issue resolution, and performance optimization.
• →Support continuous, real-time monitoring of network infrastructure (24/7 operations), including integration with network management and security monitoring tools.
• →Maintain accurate and up-to-date documentation of network configurations, assets, and operational procedures to support audit readiness and operational continuity.

Requirements:

• →Bachelor's degree in Information Technology, Computer Science, Network Engineering, Cybersecurity, or a related field (or equivalent combination of education and experience).
• →Minimum of 8 years of experience designing, implementing, and supporting enterprise network infrastructures.
• →Minimum of 5 years of experience in a senior-level network engineering role supporting complex Cisco environments.
• →Extensive experience with Cisco networking technologies, including routers, switches, wireless infrastructure, and network management platforms.
• →Demonstrated experience implementing and maintaining Zero Trust Architecture principles, including network segmentation, micro-segmentation, and least-privilege access controls.
• →Strong knowledge of federal cybersecurity frameworks and standards, including NIST SP 800-53, NIST SP 800-207, and Risk Management Framework (RMF).
• →Experience implementing and supporting 802.1X network access control solutions and identity-aware networking technologies.
• →Advanced knowledge of routing and switching protocols, including BGP, OSPF, VLANs, STP, and related enterprise networking technologies.
• →Experience managing enterprise DNS, DHCP, VPN, and network authentication services.
• →Proven experience securing perimeter and public-facing network infrastructure, including firewalls, remote access solutions, and edge security technologies.
• →Experience integrating network infrastructure with Security Information and Event Management (SIEM) platforms and Network Detection and Response (NDR) tools.
• →Strong background in vulnerability management, network device hardening, patch management, and lifecycle management.
• →Experience conducting network troubleshooting, root cause analysis (RCA), incident response, and performance optimization.
• →Ability to develop and maintain network documentation, configuration baselines, network diagrams, and standard operating procedures (SOPs).
• →Experience supporting audits, security assessments, compliance reviews, and remediation activities.

Due to the nature of the work we support, all candidates in consideration for this role must be willing to undergo the government issued background investigation process.

Ardent is an equal opportunity employer. We will not discriminate in employment, recruitment, advertisements for employment, compensation, termination, upgrading, promotions, and other conditions of employment against any employee or job applicant on the bases of race, color, gender, national origin, age, religion, creed, disability, veteran's status, sexual orientation, gender identity, gender expression, or any other basis protected by state, local, or federal law.