Network Engineer
KeenLogic is seeking a Network Engineer to support a federal program at the Congressional Budget Office (CBO). The Network Engineer will provide engineering and operational support for CBO's enterprise Cisco network environment, helping to maintain secure, reliable, and resilient network infrastructure while supporting the organization's cybersecurity and modernization initiatives.
The Network Engineer will assist in the design, implementation, monitoring, and maintenance of enterprise network systems across core, distribution, access, and edge environments. This role will support network security operations, vulnerability remediation, infrastructure upgrades, incident response activities, and the implementation of Zero Trust principles, including network segmentation and identity-based access controls. Working closely with cybersecurity, cloud, and infrastructure teams, the Network Engineer will help ensure compliance with federal security standards, optimize network performance, and support the ongoing evolution of CBO's mission-critical technology environment.
Candidates must be able to support on-site work as-needed in Washington, DC. This position supports a long-term federal contract, offering up to five years of continued work. This is a full-time position with an anticipated start date of August 15, 2026. KeenLogic offers Fortune 500-level benefits, including health, dental, and vision insurance, PTO, 401(k), and life insurance.
Required Qualifications
U.S. Citizen and eligible for a Public Trust clearance
Bachelor's degree in an IT-related field.
5+ years of experience supporting enterprise network infrastructure
Experience configuring, maintaining, and troubleshooting routers, switches, firewalls, VPNs, DNS, DHCP, VLANs, and related network technologies.
Experience supporting network security initiatives, including vulnerability remediation, network segmentation, access controls, and incident response activities.
Working knowledge of NIST cybersecurity frameworks, including NIST SP 800-53 and Zero Trust principles.
Experience maintaining network documentation, diagrams, standard operating procedures, and configuration baselines.
Job Duties and Tasks
Implement and maintain network security controls aligned with NIST SP 800-53, including access control (AC), configuration management (CM), system and communications protection (SC), and audit and accountability (AU) control families.
Enforce Zero Trust network architecture principles in accordance with NIST SP 800-207, including network segmentation, micro-segmentation, and continuous verification of users and devices.
Design and implement least-privilege network access controls, ensuring role-based and identity-aware access across all network layers.
Manage 802.1X port-based network access control to prevent unauthorized device connectivity and enforce authentication at the network edge.
Configure and maintain centralized logging and audit capabilities for all network devices, ensuring logs are forwarded to enterprise SIEM platforms and retained in accordance with compliance requirements.
Conduct continuous monitoring and vulnerability assessments of network infrastructure, identifying risks and coordinating remediation in alignment with NIST Risk Management Framework (RMF) practices.
Harden all network devices using secure configuration baselines (e.g., Cisco Secure Configuration Guides), including disabling unnecessary services, enforcing strong encryption protocols, and securing management interfaces.
Secure public-facing and perimeter network assets by implementing strict ingress/egress filtering, firewall rule optimization, and multi-factor authentication for administrative access.
Support incident response activities by providing network-level analysis, containment actions (e.g., segmentation, blocking malicious traffic), and forensic data collection.
Establish and maintain secure network segmentation strategies to limit lateral movement and protect high-value assets and sensitive environments.
Ensure all network changes follow formal change control processes with security impact analysis, supporting compliance with NIST configuration management requirements.
Develop, implement, and maintain Network Standard Operating Procedures (SOPs); review and update all SOPs on at least an annual basis or as required to reflect changes in technology, policy, or security requirements.
Document and maintain detailed hardware and configuration baselines for all network devices, including Cisco switches, routers, firewalls, and related infrastructure; conduct annual reviews and updates.
Perform root cause analysis (RCA) for network incidents, including performance degradation, outages, and security events; document findings and implement corrective and preventive actions.
Maintain automated network patch management and firmware update procedures in accordance with Cisco best practices and organizational security policies.
Develop, maintain, and update comprehensive network diagrams that accurately reflect the CBO enterprise network architecture, including cloud, production, and secure environments; review and update diagrams annually or as changes occur.
Troubleshoot and maintain DNS services, including configuration changes, issue resolution, and performance optimization.
Support continuous, real-time monitoring of network infrastructure (24/7 operations), including integration with network management and security monitoring tools.
Maintain accurate and up-to-date documentation of network configurations, assets, and operational procedures to support audit readiness and operational continuity.