In a world of possibilities, pursue one with endless opportunities. Imagine Next!
When it comes to what you want in your career, if you can imagine it, you can do it at Parsons. Imagine a career working with exceptional people sharing a common quest. Imagine a workplace where you can be yourself. Where you can thrive. Where you can find your next, right now. We’ve got what you’re looking for.

JOB DESCRIPTION:

We are seeking an experienced Senior Embedded Cryptographic Systems Engineer to lead the development of advanced embedded cryptographic systems across three critical domains: NSA Type 1 high assurance cryptography, NSA Suite B commercial cryptographic solutions, and Commercial Solutions for Classified (CSfC) architectures. This role requires balanced expertise across classified and commercial cryptographic implementations, with deep knowledge of secure network protocol implementation from Layer 2 through application layers.

REQUIRED QUALIFICATIONS

• Active TS/SCI security clearance
• Eligibility for program-specific clearances and special access programs
• Bachelor’s degree in Electrical Engineering, Computer Engineering, Computer Science, or related field
• 8+ years of embedded systems development with security focus
• 6+ years hands-on experience with network protocol implementation and cryptographic integration
• 5+ years experience across at least two of: Type 1 cryptography, Suite B implementations, or CSfC solutions
• 3+ years experience with FIPS 140-2 validation processes across multiple assurance levels

Network Protocol Expertise

• Expert-level knowledge of TCP/IP stack implementation from Layer 2 through Application layers
• Hands-on experience implementing and troubleshooting complex network protocols
• Deep understanding of network protocol security vulnerabilities and cryptographic countermeasures
• Experience with network protocol analyzers (Wireshark, tcpdump) and network simulation tools
• Proficiency with network programming APIs (BSD sockets, WinSock, raw sockets, packet capture libraries)

Balanced Technical Expertise

• Expert proficiency in C/C++ for network stack development and cryptographic integration
• Experience with network processor programming (Intel DPDK, Cavium OCTEON, Broadcom XGS)
• Hands-on experience with hardware-accelerated cryptography (Intel QAT, Marvell/Cavium Nitrox, Broadcom SPU)
• Knowledge of real-time operating systems (VxWorks, QNX, Linux-RT) for networking applications
• Experience with FPGA development for custom network protocol processing

Domain-Specific Network Security Knowledge

• Type 1 : Relevant protocols, COMSEC network requirements, secure tactical networking
• Suite B : Commercial VPN implementations, enterprise network security, PKI integration
• CSfC : Layered network security architectures, commercial network product integration

Standards & Compliance

• Experience with network security standards (IEEE 802.1AE, RFC IPsec series, TLS RFCs)
• Knowledge of government network security requirements (NIST 800-series, NSA network guidance)
• Understanding of network protocol conformance testing and interoperability validation
• Familiarity with network equipment certification processes (Common Criteria, FIPS validation)

WHAT DESIRED SKILLS YOU’LL BRING:

• Master’s degree with focus on network security or distributed systems
• Experience with software-defined networking (SDN) and network function virtualization (NFV)
• Knowledge of 5G network security architecture and network slicing security
• Experience with satellite communication networks and secure space-based networking
• Background in industrial control network security (ICS/SCADA protocols)
• Experience with secure multicast protocols and group key management
• Knowledge of secure routing protocols for mesh networks and ad-hoc networking
• Experience with quantum key distribution (QKD) network integration
• Background in secure time synchronization protocols (NTS, PTP security extensions)
• Experience with high-frequency trading network security requirements
• Knowledge of content delivery network (CDN) security implementations
• Experience with distributed denial of service (DDoS) mitigation at network protocol level
• Background in network traffic analysis and encrypted traffic classification
• Experience with network security in virtualized and containerized environments

• Lead development of NSA Type 1 cryptographic equipment for TOP SECRET and compartmented information systems
• Design tamper-evident and tamper-resistant cryptographic modules meeting FIPS 140-2 Level 4 requirements
• Implement classified encryption algorithms and key management systems for national security applications
• Develop secure communications equipment for military, intelligence, and diplomatic use
• Ensure compliance with NSA Information Systems Security Manager (ISSM) requirements and TEMPEST standards
• Design cryptographic systems for air-gapped networks and isolated secure environments

NSA Suite B Commercial Cryptography

• Implement NSA Suite B algorithms (AES-128/192/256, RSA-2048/3072, ECDSA/ECDH P-256/P-384, SHA-256/384)
• Develop and/or utilize FIPS 140-2 validated cryptographic modules for commercial and government unclassified systems
• Design interoperable cryptographic solutions meeting NSA Commercial National Security Algorithm (CNSA) Suite requirements
• Implement Suite B Profile for Transport Layer Security (TLS) and Internet Protocol Security (IPsec)
• Develop cryptographic libraries optimized for both performance and security across multiple platforms
• Create Suite B compliant Public Key Infrastructure (PKI) and certificate management systems

Commercial Solutions for Classified (CSfC) Architecture

• Design and implement layered cryptographic solutions using commercial products to protect classified information
• Develop CSfC-compliant network encryption solutions combining multiple independent cryptographic layers
• Create CSfC VPN solutions using approved commercial cryptographic components
• Implement CSfC mobile device solutions for classified communications in commercial environments
• Design CSfC data-at-rest encryption systems with dual-layer protection schemes
• Ensure CSfC solutions meet NSA protection requirements for classified information up to TOP SECRET

Comprehensive Network Protocol Security Implementation

• Implement IEEE 802.1AE (MACsec) for Layer 2 encryption with hardware acceleration across Type 1, Suite B, and CSfC domains
• Develop IEEE 802.1X port-based network access control with EAP-TLS, EAP-TTLS, and PEAP authentication methods
• Implement IEEE 802.1Q VLAN tagging with cryptographic separation and secure VLAN hopping prevention
• Develop IEEE 802.3 Ethernet security extensions and secure switch management protocols
• Create Layer 2 tunneling protocols (L2TP, L2F) with appropriate cryptographic protection
• Layer 3 Network Security
• Implement comprehensive IPsec suites (ESP, AH, IKEv1/v2) with domain-appropriate algorithm selection
• Develop secure routing protocols including OSPFv3 with authentication, BGPsec, and IS-IS security extensions
• Design IP multicast security (Group Domain of Interpretation, GDOI) and secure IGMP implementations
• Implement IPv6 security features including IPsec mandatory support and secure neighbor discovery
• Develop ICMP security extensions and secure network diagnostics protocols
• Create network address translation (NAT) traversal solutions maintaining cryptographic integrity
• Application Layer Security Protocols
• Implement secure DNS (DNSSEC, DNS-over-TLS, DNS-over-HTTPS, DNS-over-QUIC) across all domains
• Specialized Network Security Protocols
• Familiarity with High Assurance IP Encryptor (HAIPE) protocols for government networks
• Develop secure tunneling protocols (OpenVPN, WireGuard, proprietary secure tunnels)

High-Performance Cryptographic Networking

• Implement line-rate encryption for 1Gbps, 10Gbps, 40Gbps, and 100Gbps network interfaces
• Develop cryptographic load balancing and traffic distribution mechanisms
• Design network security appliances with hardware-accelerated cryptographic processing
• Implement deep packet inspection (DPI) with cryptographic pattern matching
• Create network security monitoring with encrypted traffic analysis capabilities
• Develop high-availability cryptographic networking with seamless failover