Trusted Internet Connections 3.0 Cloud Network Security Architect

Location: Washington, District of Columbia, United States

Department: Information Technology

Workplace: remote

Employment Type: full

Description

Trusted Internet Connections 3.0 Cloud Network Security Architect

Location: Fully Remote (East Coast)
Clearance: Public Trust, Secret Clearance preferred
Employment Type: Full-time

Salary: $160,000-$190,000

Role Overview

The Trusted Internet Connections 3.0 Cloud Network Security Architect will focus on architecting, implementing, and maintaining secure, compliant network environments in AWS with an emphasis on Trusted Internet Connections (TIC) 3.0 principles. This role involves hands-on deployment and management of Palo Alto VM-Series firewalls, infrastructure as code (IaC), hybrid connectivity, and Zero Trust/TIC-aligned security controls, often functioning independently to support federal client requirements.

Responsibilities

• Architect and manage complex AWS network environments to meet TIC 3.0 and federal security standards.
• Deploy and manage Palo Alto VM-Series firewalls in AWS, including configuration of GlobalProtect, Panorama, and security policy orchestration.
• Use Terraform or CloudFormation to deploy major networking components via Infrastructure as Code (IaC), ensuring repeatable, documented, and auditable environments.
• Configure, troubleshoot, and maintain hybrid connectivity solutions, including AWS Direct Connect, Site-to-Site VPNs, and SD-WAN integrations.
• Design and implement Transit Gateway architecture and VPC Peering in multi-account AWS environments.
• Apply Zero Trust principles and TIC 3.0 requirements within AWS and Palo Alto ecosystems to enhance application and network security.
• Serve as the primary (or sole) Network Architect/Engineer responsible for discovery, documentation, design, and execution of network security solutions with minimal supervision.
• Collaborate with stakeholders to ensure secure, compliant network designs that support mission-critical federal applications.

Requirements

Minimum Qualifications

• 5+ years of experience architecting and managing complex AWS network environments
• 3+ years of experience deploying and managing Palo Alto VM-Series firewalls within a public cloud environment (AWS), including with Global Protect, Panorama, and security policy orchestration
• 2+ years of experience with Terraform or CloudFormation, including using IaC to deploy major networking components to ensure repeatable, documented environments
• Experience with Hybrid Connectivity and WAN, including configuring and troubleshooting AWS Direct Connect, Site-to-Site VPNs, and SD-WAN integrations to maintain hybrid-cloud connectivity
• Knowledge of Transit Gateway architecture and VPC Peering in multi-account environments
• Knowledge of implementing Zero Trust AND TIC 3 principles within an AWS or Palo Alto ecosystem
• Ability to function as the sole Network Architect or Engineer to be responsible for discovery, documentation, and execution with minimal supervision
• Ability to obtain and maintain a Public Trust or Suitability/Fitness determination based on client requirements
• HS diploma or GED

Preferred Qualifications

• AWS Certified Advanced Networking – Specialty Certification
• Palo Alto Networks Certified Network Security Engineer (PCNSE) Certification
• Bachelors degree
• Active Secret clearance

Benefits

Salary: $160,000-$190,000

Benefits include Health, Vision, and Dental Insurance, and PTO.