ZipRecruiter

Log In

1

Network Segmentation Jobs in Washington (NOW HIRING)

Ardent

Network Engineer

Washington, DC · On-site

Enforce Zero Trust network architecture principles in accordance with NIST SP 800-207, including network segmentation, micro-segmentation, and continuous verification of users and devices. * Design ...

The Swift Group, LLC

Network Engineer

Chantilly, VA · On-site

Enforce security controls including next-generation firewalls, VPNs (IPsec/SSL), ACLs, network segmentation, and Zero Trust architecture; collaborate closely with Cybersecurity teams on policy and ...

KNZ Solutions, Inc

Senior Aruba Network Engineer

Mclean, VA · On-site

$105K - $144K/yr

Senior Aruba Network Engineer Location: McLean, VA (On-site) Type: Full-time Role Summary KNZ ... Dynamic segmentation * Certificate-based authentication * Integrate ClearPass with: * Active ...

KNZ Solutions Inc

Senior Aruba Network Engineer

Vienna, VA · On-site

$104K - $143K/yr

Senior Aruba Network Engineer Location: McLean, VA (On-site) Type: Full-time Role Summary KNZ ... Dynamic segmentation * Certificate-based authentication * Integrate ClearPass with: * Active ...

GuidePoint Security

Gigamon Network Engineer

Quantico, VA · On-site

$112K - $154K/yr

... DIA network segments • Administer GigaVUE Fabric Manager (GFM) for policy management, traffic mapping, and tool load balancing; configure GigaSMART features including deduplication, slicing ...

ECS

Senior Network Engineer

Washington, DC · On-site

$117K - $160K/yr

Responsibilities : • Design, configure, monitor, troubleshoot, and sustain secure enterprise network infrastructure. • Support routing, switching, firewall, network segmentation, connectivity ...

New

GuidePoint Security

Gigamon Network Engineer

Reston, VA · On-site

$108K - $149K/yr

... DIA network segments • Administer GigaVUE Fabric Manager (GFM) for policy management, traffic mapping, and tool load balancing; configure GigaSMART features including deduplication, slicing ...

next page

Showing results 1-20

All JobsNetwork Segmentation JobsNetwork Segmentation Jobs in Washington

Network Segmentation information

What is the difference between Network Segmentation vs Network Security Engineer?

AspectNetwork SegmentationNetwork Security Engineer
Primary FocusDividing a network into segments to control trafficDesigning, implementing, and managing security measures
Required SkillsNetworking protocols, VLANs, firewallsFirewall configuration, intrusion detection, security policies
Work EnvironmentNetwork infrastructure, data centers, enterprise networksSecurity teams, IT departments, cybersecurity environments
CertificationsCCNA, CompTIA Network+CISSP, CEH, CompTIA Security+

Network segmentation involves dividing a network into smaller parts to improve performance and security, while a Network Security Engineer focuses on protecting the network through security measures. Both roles require networking knowledge, but their primary objectives differ: segmentation manages network structure, whereas security engineers safeguard it from threats.

What are the key skills and qualifications needed to thrive in a Network Segmentation role, and why are they important?

To thrive in a Network Segmentation role, you need a solid understanding of networking concepts, security best practices, and experience with firewalls and VLAN configuration, often supported by certifications like CCNA or CISSP. Familiarity with tools such as network monitoring systems, segmentation platforms, and security information and event management (SIEM) solutions is typically required. Strong analytical thinking, attention to detail, and effective communication are essential soft skills for collaborating with IT teams and identifying security gaps. These skills ensure that network environments are properly segmented to minimize security risks and maintain organizational compliance.

What is network segmentation?

Network segmentation is the practice of dividing a computer network into smaller, isolated subnetworks to improve security and performance. By separating systems and data, organizations can limit the spread of cyber threats and control user access to sensitive information. This approach helps contain breaches, simplifies compliance, and enhances the efficiency of network management. Common techniques include using VLANs, firewalls, and access control lists to enforce boundaries between segments.

What are some common challenges faced by professionals working in network segmentation roles, and how can they be addressed?

Professionals in network segmentation roles often encounter challenges such as effectively balancing security with business operations, managing legacy systems, and ensuring seamless communication between segmented zones. Addressing these challenges typically involves working closely with IT and business units to understand critical workflows, implementing robust access controls and monitoring, and regularly updating segmentation policies to adapt to organizational changes. Staying current with industry best practices and leveraging automation tools can also help streamline the process and minimize human error.
What are popular job titles related to Network Segmentation jobs in Washington? For Network Segmentation jobs in Washington, the most frequently searched job titles are:
What job categories do people searching Network Segmentation jobs in Washington look for? The top searched job categories for Network Segmentation jobs in Washington are:
Network Segmentation jobs near you
Infographic showing various Network Segmentation job openings in Washington as of June 2026, with employment types broken down into 4% Locum Tenens, 4% As Needed, 78% Full Time, and 14% Contract. Highlights an 73% Physical, 7% Hybrid, and 20% Remote job distribution.
ZERO TRUST (ZT) NETWORK ARCHITECTURE SME

ZERO TRUST (ZT) NETWORK ARCHITECTURE SME

Zermount, Inc

Arlington, VA • On-site

Full-time

Posted 3 days ago

Job description

ZERO TRUST (ZT) NETWORK ARCHITECTURE SME
POSITION OVERVIEW
The Zero Trust Network Architecture Technical SME exists to serve as the agency's primary technical advisor for the CISA ZTMM v2.0 Networks pillar. This role advances TSA's network segmentation posture, TIC 3.0 compliance, and ZTNA adoption by providing senior-level advisory on network architecture design, micro-segmentation strategy, and software-defined networking (SDN) capabilities. The expected outcome is a continuously advancing Networks pillar maturity posture with network macro- and micro-segmentation maturing, ZTNA architecture advisory driving enforcement design, and lateral movement risk proactively identified and addressed. This is a senior technical advisory role requiring hands-on network architecture and ZTNA design experience in a federal environment.
DUTIES & RESPONSIBILITIES
General Duties
  • Serve as the primary technical advisor for the CISA ZTMM v2.0 Networks pillar across network security architecture, segmentation, and ZTNA domains.
  • Continuously assess the agency's network architecture against CISA ZTMM v2.0 Networks pillar criteria and NIST SP 800-207; proactively identify emerging network risk indicators, including lateral movement exposure, traffic encryption and visibility deficiencies, and TIC 3.0 compliance drift, and deliver real-time advisory recommendations.
  • Provide technical advisory guidance on ZTNA architecture design options, micro-segmentation strategies, and SDN approaches, recommending solutions and implementation pathways for agency decision-making.
  • Evaluate ZTNA platform capabilities (e.g., Zscaler, Palo Alto Prisma) and develop configuration and deployment recommendations aligned to federal ZT requirements for agency adoption.
  • Advise TIC 3.0 compliance strategies, cloud network access patterns, and secure remote access approaches in a hybrid federal environment; develop recommended solutions for agency review.
  • Assess network access control mechanisms, lateral movement risk, and east-west traffic enforcement against ZT principles; develop findings and recommended remediation approaches for agency concurrence.
  • Provide advisory support for the development and maturation of Networks pillar entries in the Common Control Catalog (CCC), ensuring traceability to NIST SP 800-53 Rev. 5 control families.
  • Develop recommended Networks pillar inputs to the ZT Roadmap, IG FISMA maturity reporting, and enterprise performance reporting for agency review and approval.
  • Collaborate with Identity, Device, Data, and Applications SMEs to ensure network enforcement approaches integrate coherently across all ZTMM pillars.
  • Review network-related policy documents and technical standards; identify gaps relative to ZT mandates and develop recommended updates for agency concurrence.
  • Support all network-related ZT data calls, audits, and compliance reporting by providing advisory analysis and recommended responses.
  • Prepare and present network architecture findings, maturity assessments, and advisory recommendations to senior leadership and the CISO.
  • Leverage AI-assisted analysis tools, automation platforms, and prompt engineering techniques to enhance advisory productivity, accelerate gap analysis and documentation tasks, and enable focus on higher-value technical advisory work; apply all AI capabilities in accordance with agency acceptable use policies and Zermount's ethical AI use guidelines.

SUBJECT MATTER EXPERTISE
SME Area #1 - Network Security Architecture, ZTNA & Micro-Segmentation Advisory
  • Expert-level mastery of network security architecture including ZTNA design, micro-segmentation strategy, and software-defined networking demonstrated through production deployment or senior advisory engagement.
  • Authoritative knowledge of CISA ZTMM v2.0 Networks pillar criteria, NIST SP 800-207 network access tenets, TIC 3.0 use cases and security capabilities, and NIST SP 800-53 Rev. 5 control families.
  • Expert-level proficiency with ZTNA platforms such as Zscaler and/or Palo Alto Prisma at architecture design, configuration, and deployment depth for federal environments.
  • Expert-level capability in network segmentation design including macro-segmentation, micro-segmentation, lateral movement risk assessment, and east-west traffic enforcement strategy.
  • Independent decision-making authority on Networks pillar advisory scope, architecture assessment methodology, and recommended ZTNA and segmentation approach. Bring solutions for concurrence.
  • Problem-solving at the intersection of network enforcement and cross-pillar ZT integration. Able to identify how network segmentation deficiencies create risk in Identity enforcement decisions and Applications access control.

SME Area #2 - Enterprise Network Infrastructure & Cloud Networking Foundations
  • Deep foundational expertise in enterprise network architecture including routing and switching (BGP, OSPF, VLAN design), firewall policy management, VPN technologies, and load balancing at architecture or senior engineering level.
  • Hands-on experience with enterprise network infrastructure platforms (Cisco, Palo Alto Networks, Fortinet, or equivalent) including firewall rule design, segmentation architecture, and traffic inspection configuration.
  • Strong working knowledge of cloud networking constructs, including VPC/VNet design, cloud-native security groups, transit gateways, and cloud-based SD-WAN, Infrastructure-as-Code (IaC), and hybrid connectivity patterns relevant to ZT network enforcement.
  • Foundational understanding of database network access patterns, systems administration network dependencies, and application-layer traffic flows as they relate to segmentation design and ZT enforcement policy.
  • Supports Network pillar advisory by enabling technically credible engagement with agency network engineers, firewall administrators, and cloud infrastructure teams.
  • Interacts directly with other Zero Trust SMEs.

QUALIFICATIONS
Minimum Requirements
  • A minimum of 10 years of experience in network security architecture, ZTNA design, or enterprise network engineering with demonstrated Zero Trust scope.
  • Demonstrated hands-on experience designing or implementing ZTNA architectures in federal or large enterprise environments, reflecting operational design and deployment, not vendor evaluation or documentation.
  • Hands-on experience with ZTNA platforms (e.g., Zscaler, Palo Alto Prisma, Cisco) including architecture design, configuration, and deployment.
  • Expert knowledge of NIST SP 800-207, CISA ZTMM v2.0 Networks pillar criteria, and TIC 3.0 requirements.
  • Experience with micro-segmentation design, SDN, and lateral movement risk assessment in a ZT context.
  • Ability to assess network security controls against NIST SP 800-53 Rev. 5 control families.
  • Demonstrated experience designing and implementing Zero Trust network architectures operationally, not limited to assessments or gap analyses.
  • Experience supporting ZT-related IG FISMA metrics reporting pertaining to network security and TIC 3.0.
  • Strong written and oral communication skills; ability to translate complex network architecture concepts into CISO-ready findings.
  • Demonstrated familiarity with AI-assisted analysis tools or prompt engineering; ability to apply AI capabilities ethically to accelerate advisory work and surface higher-value technical insights.

Preferred Qualifications
  • Five years of IT cybersecurity experience, including direct support to the U.S. Government. This experience can be concurrent with the minimum 10 years of network architecture experience.
  • Prior direct involvement in a ZT Networks pillar implementation or enterprise ZTNA deployment in a technical architecture or advisory capacity.
  • ZTNA vendor certification: Zscaler Zero Trust Certified Associate (ZTCA) or Palo Alto Networks PCNSE.
  • Experience with encrypted traffic management (SSL/TLS inspection) and east-west traffic visibility in a ZT network environment.
  • Experience with cloud-native networking security (Azure Virtual WAN, AWS Transit Gateway, GCP Cloud Armor, or Infrastructure-as-Code) in a federal hybrid environment.

Competencies
  • Technical: CISA ZTMM v2.0 Networks pillar, NIST SP 800-207, TIC 3.0, Zscaler, Palo Alto Prisma, Cisco, ZTNA architecture, micro-segmentation, BGP/OSPF/VLAN, VPN, firewall policy design, cloud networking (VPC/VNet), NIST SP 800-53, AI-assisted analysis.
  • Leadership: Technical advisory leadership for Networks pillar; cross-pillar SME coordination with Identity, Devices, and Applications teams; CISO-facing network architecture briefing; engagement with agency network engineers and cloud infrastructure teams.
  • Behavioral: Proactive continuous network posture monitoring; precision in architecture assessment and segmentation advisory; continuous learning toward evolving ZTNA platform capabilities, TIC 3.0 updates, and federal network security guidance.

Education & Certifications
  • Minimum of a Bachelor of Science (or higher) in Information Technology, Computer Science, Network Engineering, Cybersecurity, or related field.
  • Required: Certified Information Systems Security Professional (CISSP) or Cisco Certified Network Professional Security (CCNP Security), or equivalent certification.
  • Strongly preferred: Certified Information Security Manager (CISM) or equivalent senior security management certification.
  • Strongly preferred: ZTNA vendor certification. Zscaler ZTCA, Palo Alto Networks PCNSE, or equivalent.

Clearance Level
  • Active Secret Clearance required.

WORK LOCATION
  • Hybrid - Primarily Remote. Occasional onsite work required at the client location in Springfield, VA and Zermount HQ in Arlington, VA.

HOURS OF OPERATION
  • Business Hours: 8:00 AM EST - 4:30 PM EST
  • Core Hours: 9:00 AM EST - 3:00 PM EST

REPORTING STRUCTURE
  • Reports To: ZT SME Team Leader
  • Direct Reports: None

Apply