SECTION III. SCOPE OF WORK (SOW)A.SUMMARYWe need one (1) Network Security Engineer to support a five (5) year contract. The Network Security Engineer will actively participate in planning and coordinating the design, installation, and connectivity of computer and network systems to ensure stable, scalable, redundant, and secure 24x7 network operations.Some Telework Permitted. Network Security Engineer may work two (2) days per week remotely and three (3) days per week on site in Annapolis Maryland. See details in “Place of Performance” section below.B.QUALIFICATIONS1.Minimum required qualification:a.Associate degree in an Information Technology (IT) related field; andb.Active certifications as follows:(1)Palo Alto Networks Certified Network Security Engineer (PCNSE) Certification.(2)Cisco Certified Network Professional (CCNP) Enterprise or (CCNP) Security Certification.2.Preferred (not required) qualifications:a.Ten (10) years of technical experience acquired in the Continental United States in IT networking and network security.b. Bachelor’s degree in an Information Technology (IT) related fieldc.Active Certifications as follows:(1)Prisma Certified Cloud Security Engineer (PCCSE) Certification from Palo Alto Networks(2)Cisco Certified Internetwork Expert (CCIE) in Enterprise Infrastructure or Security CertificationC.SCOPE OF WORKResource shall be responsible for the following:1.Pro-actively identifying organization requirements, and helping to design, and engineer implementations that best serve the needs.2.Performing project-based engineering, design, installation and troubleshooting of data security networks.3.Providing assessment, design and implementation services of data and secure networking environments.4.Developing comprehensive graphical and text-based design documentation and effectively managing the implementation process from design to acceptance.5.Assisting internal groups through capacity planning, maintaining, monitoring and reviewing secure data communications networks.6.Leading migrations or assisting a team of engineers who will migrate traditional/legacy network security platforms to current/next generation technologies and expose customers to the full life cycle of defense in depth solutions.7.Assisting network engineers in troubleshooting critical problems or threat remediation relating to network security products.8.Working with the engineering team to successfully implement configuration guidelines, change management, and standard operating procedures for secure network solutions.9.Leading, scheduling, providing guidance and coordinating the activities with other team members to resolve end user problems in a timely and accurate fashion.10.Generating weekly status reports including project progress, key milestones, and tasks accomplished.11.Hosting weekly status meetings/calls with team or on as needed basis.D.PREFERRED SKILLS, EXPERIENCE, & CAPABILITIES1.Resource must possess the following preferred skills, experience, and capabilities:a.Five (5) years of experience with:(1)Palo Alto Networks next generation firewall services.(2)Intrusion Detection and Prevention with Palo Alto networks.(3)Content Filtering Palo Alto networks.(4)Virtual Private Networks using Palo Alto network systems.(5)Data Loss Prevention(6)TLS/SSL Inspectionb.Four (4) years of experience in Complex switching, routing, wireless with Cisco Systems.c.Three (3) years of experience in Reverse Proxies, Load Balancing with A10 networks.d.Two (2) years of experience in Network Access Control - Cisco Identity Services Engine (ISE), Free Radius, and Access Control Lists (ACLs).e.General experience with the following:(1)Implementing multi-factor authentication solutions with Microsoft.(2)Cloud-based virtual networking and security services(3)Authentication standards - (802.1x) in wired and wireless applications.(4)Scalable routing protocols Enhance Interior Gateway Routing Protocol (EIGRP), Open Shortest Path Fist (OSPF), and Border Gateway Protocol (BGP).(5)Enterprise Data Center implementing Micro segmentation.(6)Certificate Management, Public Key Infrastructure (PKI).(7)Vulnerability management using Nessus, NMAP, Windows, Unix, and Linux OS(8)Packet/Protocol Analysis using Opnet, Riverbed, Wireshark, and taps.(9)Centralized Management using Panorama, SolarWinds(10)Major server and desktop operating systems and utilitiesf.Ability to:(1)To work independently, troubleshoot and provide mentoring to junior associates.(2)Communicate effectively when providing presentations.(3)Produce technical documents (diagrams, design documents, project plans and schedules, and user instructions) as required.E.PLACE OF PERFORMANCE1.Work shall be performed in a hybrid setting each week, Monday through Friday, as follows:a.Two (2) days remote at a suitable off-site location selected by the Resource.(1)We reserve the right to determine if the off-site location is not suitable (e.g., crowded public space with distracting background noise during meetings).b.Three (3) days on site in Annapolis, MD 21401.2.Resource will be required to perform in accordance with Section III.E.1. of this SOW during an initial six (6) month performance period. If performance is satisfactory, as determined by the Contract Manager, the proposed resource may seek approval from us to perform in an expanded hybrid role, Monday through Friday, as follows:a.Three (3) days remote at a suitable off-site location selected by the Resource.(1)We reserve the right to determine if the off-site location is not suitable (e.g., crowded public space with distracting background noise during meetings).b.Two (2) days on site in Annapolis, MD 21401.3. On-site support may be required. As designated by our client’s Chief Technology Officer, the resource must be able to report on-site within four (4) hours after notification.a.If required to report, the Resource shall report to 189 Harry S Truman Parkway, Annapolis, MD 21401.b.Our client does not have a limit on the number of times the Resource may be required to be onsite.4.We reserve the right to regularly evaluate performance and withdraw remote privileges in the event of a decline in Purchase Order performance.5. We reserve the right to modify the allocation of on-site and remote work effort throughout the life of the Purchase Order. In the event of a modification, the client’s Contract Manager will coordinate with TechOpps on a mutually agreeable allocation of work effort.6. If the Resource has a work allocation that includes remote work at any time during the life of the Purchase Order, the Resource may not perform remote work from a country other than the United States of America without prior approval from the client’s Contract Manager. Unless there are extenuating circumstances, Offerors shall not anticipate receiving approval for remote work from a country other than the United States of America.F.SCHEDULE & COORDINATION1.Resource shall perform during normal operating hours, Monday through Friday, 8:00AM to 4:30PM Eastern Standard Time (EDT).a.Resource shall have the flexibility to extend coverage hours or schedule to meet deadlines, project requirements, and/or on-call operational support, including evenings, nights, weekends, and holidays.b. The client’s Project Manager or Department/Senior Manager must approve work prior to or after normal operation hours, not to exceed 2,040 hours per year.c.Offerors can review court holidays at the following link:(1)2.A two (2) to four (4) week training period will be provided to acclimate the successful resource in the methods, processes, equipment, and software used by the client.G.INTERVIEW PROCESSShort-listed Resource(s) will be required to complete a multi-part interview including the following:1.The anticipated duration of the interview is one (1) hour.a.The client anticipates conducting the interview(s) at the 189 Harry S. Truman Parkway, Annapolis, MD 21401. However, the proposed resource(s) may be invited for an interview via a Microsoft Teams meeting.b.For client interview(s) via a Microsoft Teams meeting.(1)The proposed resource(s) must have their camera on for the duration of the interview.END OF SECTION III.TechOpps Inc. is committed to creating a diverse environment and is proud to be an Equal Opportunity Employer. For more information on our Company, please visit our website atWe thank all applicants for their interest; however, only those selected for an interview will be contacted.Contact Information: Please send resumes to