Mission Security Engineer II

As a Mission Security Engineer focused on Endpoint Infrastructure, you will be a hands-on technical contributor responsible for the physical deployment, configuration, and documentation of classified network and endpoint infrastructure in support of critical U.S. Government programs. You will work as part of the Mission Security Engineering team, executing Layer 1/2/3deployments at classified facilities and serving as the first line of support for users as classified systems are stood up and brought into operation.

This role is ideal for a technically skilled engineer who is comfortable working in classified environments, has hands-on experience with NSA-approved cryptographic devices and network hardware, and takes pride in building reliable, secure infrastructure from the ground up — and keeping it running for the people who depend on it.

This position requires an active Secret clearance to start, with the ability to obtain and maintain aTS/SCI.

• →Install, configure, and maintain classified network infrastructure across Layer 1, 2, and 3,including cabling, switching, routing, and boundary protection hardware at classified facilities
• →Deploy, configure, and operate NSA Type 1 cryptographic devices including KG-175(TACLANE) and KG-142 units in accordance with USG regulations and NSA/CSS policies
• →Install and configure thin client and standalone workstations within classified and sensitive compartmented environments
• →Perform Data Transfer Agent (DTA) transfers in compliance with applicable security policies and keying material (KEYMAT) handling procedures
• →Document network architectures, hardware configurations, and as-built diagrams to support program security requirements and ATO activities
• →Maintain and update required documentation for all controlled cryptographic items (CCI)and keying material in accordance with USG regulations and best practices
• →Partner with information systems security engineers (ISSEs) and industrial security personnel to ensure infrastructure deployments meet program security requirements
• →Support RMF activities including control implementation, STIG validation, and remediation of findings at the hardware and network layer
• →Ensure compliance with applicable frameworks including NIST 800-53, CNSSI 1253, and other NSS standards for systems handling classified information
• →Serve as Tier 0 (helpdesk) support for classified systems as they are being stood up, acting as the first line of defense for troubleshooting and remediating user-facing issues in classified environments
• →Troubleshoot and resolve hardware, connectivity, configuration, and user issues across classified network and endpoint environments, escalating to senior engineers as appropriate

• 3–5 years of hands-on experience in network engineering, IT infrastructure, or systems administration with direct experience in classified or government environments
• Active Secret clearance required; must be able to obtain and maintain TS/SCI
• DoD 8140 IAT Level II certification (Security+, CySA+, or equivalent) required
• Hands-on experience installing and configuring NSA Type 1 cryptographic devices, including KG-175 (TACLANE) and/or KG-142 units
• Experience with Layer 1/2/3 network deployments including physical cabling, switch and router configuration, and network boundary hardware
• Familiarity with DTA transfer procedures and KEYMAT handling requirements
• Experience installing and configuring workstations (thin client and standalone) within classified or sensitive environments
• Strong documentation skills, with experience producing network diagrams, as-built documentation, and hardware configuration records
• Ability to work effectively with ISSEs, industrial security personnel, and cross-functional engineering teams
• Bachelor's degree in Computer Science, Cybersecurity, Engineering, Information Technology, or related field (or equivalent experience)

• Active Top Secret or TS/SCI clearance
• Experience working in SCIFs or other classified facilities
• Familiarity with RMF processes and STIG implementation at the hardware and network layer
• CompTIA Network+ or equivalent networking certification
• Experience with COMSEC account management and controlled cryptographic item (CCI)inventory procedures
• Familiarity with NIST 800-53, CNSSI 1253, ICD 503, or JSIG compliance requirements

• This role is onsite in our Denver, CO office #LI-Onsite
• Fast-paced, mission-critical environment supporting national security space operations
• Requires coordination across distributed teams including spacecraft engineers, ground operations, and government partners
• May require participation in on-call rotation for security incident response and mission-critical system support
• High degree of autonomy and ownership as a trusted, cleared team member
• Occasional travel to government sites, classified facilities, launch facilities, or partner locations may be required