By Light HQ

IP Network Architect

Job Locations US-MD-Fort Meade
Posted Date 1 month ago(10/21/2022 10:39 AM)
# of Openings
Tier 3 - Secret/ADP II


An IP Architect assesses, tests, and recommends solutions and technologies to improve all aspects of DISN IP backbone. These technologies include network devices (routers, switches, firewalls, and Intrusion Detection Systems (IDS), and services Authentication, Authorization and Accounting (AAA), Access Control List (ACL), secure remote access (i.e Secure shell, Secure VPN, IPSec), and IPv6 capable devices. An IP Architect is responsible for all DISN aspects regarding the design review/recommendation, lab testing, evaluation/certification, and implementation/deployment as well as provide Tier3 support for DoD’s NIPRNet backbone network.


  • Oversee Network Design Engineers.
  • Conduct market research to find products to meet requirements.
  • Provide technical expertise in design review, lab testing & test report, implementation plan and deployment of new advanced large-scale complex DoD networks.  
  • Implement MPLS services offering on the DISN network.  MPLS services include L3VPN, L2VPN, VPLS (Virtual Private LAN service) and CsC (Carrier Supporting Carrier).  JPE platforms tested include Juniper MX960/MX480 and Cisco ASR9010/ASR9006 routers.
  • Provide technical security expertise in design, test, evaluation and deployment of advanced large-scale complex DoD networks. Review security requirements set by DoD agencies for the NIPRNET network protection; Assess and analyze current NIPRNET network architecture; Propose and analyze potential solutions. 
  • Conducting audits, risk assessment, threat analysis, contingency planning and implementing security standards and methods.
  • Reviews security threats to the current DoD NIPRNet/Internet gateway IA infrastructure, architecture, and technology and determines/implements effective countermeasures IAW established policies/regulations/directives.
  • Deliver Router and Firewall Test Plans and resulting Test Reports. Prepare field recommendations and Configuration Guides.
  • Provide Tier III engineering support to field operations personnel and deliver Field Support Lessons Learned reports.

Required Experience/Qualifications

  • BS in Networking, Telecommunications, or related area required.
  • CCIE or JNCIE or equivalent routing and switching experience.
  • DoD 8570-01-M IAT Level II or higher to include Security+, GSEC, SCNP, SSCP, or CISSP.
  • DISN IP Design Experience
  • Extensive experience in IP networking, including all current and planned IP platforms such as customer edge routers, provider edge routers, switches, firewalls, Internet Access Points (IAP’s), Cloud Access Points (CAP’s), Layer 2 and Layer 3 Virtual Private Networks (L2VPN and L3VPN), Internet Protocol Version 4 (IPV4), Internet Protocol Version 6 (IPV6/6VPE), Ethernet VPN (EVPN), Quality of Service (QoS), Segment Routing, Multiprotocol Label Switching (MPLS), Virtual Local Area Network (VLAN), Autonomous System Boundary Router (ABSR), external border gateway protocol (BGP) (eBGP), Layer 2 Psuedowire, Interior Gateway Protocols (IGP), Inter- Intermediate System to Intermediate System (IS-IS), Open Shortest Path First (OSPF), MPLS – Resource Reservation Protocol (RSVP), Label Distribution Protocol (LDP), Carrier servicing Carrier (CsC), Multicast, Filter Based Forwarding (FBF), Multi-Hop Bidirectional Forwarding Detection (MBFD), Ethernet Operation, Firewalls including Access Control List (ACL) , Operation Administration and Maintenance (OAM) Protocol and Network Management., 802.1Q and VRRP/HSRP.
  • Expertise in large-scale IP Networking & Testing with backbone routers (Juniper T1600/MX960/MX480 and Cisco ASR9K) running ISIS, BGP/MP-BGP (multi AS), MPLS routing protocols, switches and testing gear including traffic generators from IXIA, Spirent Test Center and Agilent N2X.
  • Performed extensive router certification testing, JUNOS/IOS/IOS-XR operating system regression testing which include all protocols and services required for DISN backbone routers.  Router platforms include Juniper M120/MX960/MX480 routers and Cisco ASR9K (ASR9010/ASR9006) routers.
  • Routing protocols: BGP, MP-BGP, MPLS/RSVP, OSPF, IS-IS, RIP, Multicast, IPv6, QoS.
  • Advanced MPLS (Multiprotocol Label Switching)  services (L3VPN, L2VPN, VPLS & CSC).
  • TCP/IP , LAN/WAN, SONET, ICMP and SNMP management protocols.
  • Firewalls (Juniper/Netscreen, Cisco ASA/PIX, CyberGuard, SideWinder), VPN products (IPSec, SSL VPN).
  • Network test equipment/Traffic Generator such as IXIA, Spirent Test Center, Smartbits and Agilent N2X.
  • IDS/IPS (Arbor Peakflow DoS & Traffic, Top Layer, ForeScout).
  • F5 Big-IP load balancer, BlueCoat Web Proxy.
  • Unix (SUN/HP/BSD) Servers/Workstations, Linux, PC Servers/Workstations
  • VMWare ESXi server.
  • JunOS, Cisco IOS & IOS-XR, UNIX (Sun Solaris, BSD, HPUX, SCO), VMWare, Linux, FreeBSD, Microsoft OS Servers and Workstations.
  • Certificate Authority Server, ACE/SecureID Server, TACACS+, RADIUS, MS Exchange, Sendmail, Apache web server, PKI, WINS, DHCP, DNS, FTP/SFTP/TFTP, SSH, NTP, Netflow/Cflowd servers.
  • Possess excellent interpersonal communication skills with the ability to interact with management and staff at all levels.
  • Candidate should also have excellent verbal and written communication skills.

Preferred Experience/Qualifications

  • MS in Networking, Telecommunications, or related area desired

Special Requirements/Security Clearance

  • Minimum SECRET Clearance required.
  • By Light does not require COVID-19 vaccinations or boosters; vaccination requirements and testing are subject to the status of the federal contractor mandate and customer site requirements; testing is at the cost of the employee. 

Physical Demands

  • Ability to type, communicate via telephone and sit for extended periods of time.


Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed