In a world of possibilities, pursue one with endless opportunities. Imagine Next!

When it comes to what you want in your career, if you can imagine it, you can do it at Parsons. Imagine a career working with exceptional people sharing a common quest. Imagine a workplace where you can be yourself. Where you can thrive. Where you can find your next, right now. We’ve got what you’re looking for.

Job Description:

We are seeking an experienced Senior Embedded Cryptographic Systems Engineer to lead the development of advanced embedded cryptographic systems across three critical domains: NSA Type 1 high assurance cryptography, NSA Suite B commercial cryptographic solutions, and Commercial Solutions for Classified (CSfC) architectures. This role requires balanced expertise across classified and commercial cryptographic implementations, with deep knowledge of secure network protocol implementation from Layer 2 through application layers.

What You'll Be Doing:

Lead development of NSA Type 1 cryptographic equipment for TOP SECRET and compartmented information systemsDesign tamper-evident and tamper-resistant cryptographic modules meeting FIPS 140-2 Level 4 requirementsImplement classified encryption algorithms and key management systems for national security applicationsDevelop secure communications equipment for military, intelligence, and diplomatic useEnsure compliance with NSA Information Systems Security Manager (ISSM) requirements and TEMPEST standardsDesign cryptographic systems for air-gapped networks and isolated secure environments

NSA Suite B Commercial Cryptography

Implement NSA Suite B algorithms (AES-128/192/256, RSA-2048/3072, ECDSA/ECDH P-256/P-384, SHA-256/384)Develop and/or utilize FIPS 140-2 validated cryptographic modules for commercial and government unclassified systemsDesign interoperable cryptographic solutions meeting NSA Commercial National Security Algorithm (CNSA) Suite requirementsImplement Suite B Profile for Transport Layer Security (TLS) and Internet Protocol Security (IPsec)Develop cryptographic libraries optimized for both performance and security across multiple platformsCreate Suite B compliant Public Key Infrastructure (PKI) and certificate management systems

Commercial Solutions for Classified (CSfC) Architecture

Design and implement layered cryptographic solutions using commercial products to protect classified informationDevelop CSfC-compliant network encryption solutions combining multiple independent cryptographic layersCreate CSfC VPN solutions using approved commercial cryptographic componentsImplement CSfC mobile device solutions for classified communications in commercial environmentsDesign CSfC data-at-rest encryption systems with dual-layer protection schemesEnsure CSfC solutions meet NSA protection requirements for classified information up to TOP SECRET

Comprehensive Network Protocol Security Implementation

Implement IEEE 802.1AE (MACsec) for Layer 2 encryption with hardware acceleration across Type 1, Suite B, and CSfC domainsDevelop IEEE 802.1X port-based network access control with EAP-TLS, EAP-TTLS, and PEAP authentication methodsImplement IEEE 802.1Q VLAN tagging with cryptographic separation and secure VLAN hopping preventionDevelop IEEE 802.3 Ethernet security extensions and secure switch management protocolsCreate Layer 2 tunneling protocols (L2TP, L2F) with appropriate cryptographic protection

Layer 3 Network Security

Implement comprehensive IPsec suites (ESP, AH, IKEv1/v2) with domain-appropriate algorithm selectionDevelop secure routing protocols including OSPFv3 with authentication, BGPsec, and IS-IS security extensionsDesign IP multicast security (Group Domain of Interpretation, GDOI) and secure IGMP implementationsImplement IPv6 security features including IPsec mandatory support and secure neighbor discoveryDevelop ICMP security extensions and secure network diagnostics protocolsCreate network address translation (NAT) traversal solutions maintaining cryptographic integrity

Application Layer Security Protocols

Implement secure DNS (DNSSEC, DNS-over-TLS, DNS-over-HTTPS, DNS-over-QUIC) across all domains

Specialized Network Security Protocols

Familiarity with High Assurance IP Encryptor (HAIPE) protocols for government networksDevelop secure tunneling protocols (OpenVPN, WireGuard, proprietary secure tunnels)

High-Performance Cryptographic Networking

Implement line-rate encryption for 1Gbps, 10Gbps, 40Gbps, and 100Gbps network interfacesDevelop cryptographic load balancing and traffic distribution mechanismsDesign network security appliances with hardware-accelerated cryptographic processingImplement deep packet inspection (DPI) with cryptographic pattern matchingCreate network security monitoring with encrypted traffic analysis capabilitiesDevelop high-availability cryptographic networking with seamless failover

Required Qualifications

Active TS/SCI security clearanceEligibility for program-specific clearances and special access programsBachelor's degree in Electrical Engineering, Computer Engineering, Computer Science, or related field8+ years of embedded systems development with security focus6+ years hands-on experience with network protocol implementation and cryptographic integration5+ years experience across at least two of: Type 1 cryptography, Suite B implementations, or CSfC solutions3+ years experience with FIPS 140-2 validation processes across multiple assurance levels

Network Protocol Expertise

Expert-level knowledge of TCP/IP stack implementation from Layer 2 through Application layersHands-on experience implementing and troubleshooting complex network protocolsDeep understanding of network protocol security vulnerabilities and cryptographic countermeasuresExperience with network protocol analyzers (Wireshark, tcpdump) and network simulation toolsProficiency with network programming APIs (BSD sockets, WinSock, raw sockets, packet capture libraries)

Balanced Technical Expertise

Expert proficiency in C/C++ for network stack development and cryptographic integrationExperience with network processor programming (Intel DPDK, Cavium OCTEON, Broadcom XGS)Hands-on experience with hardware-accelerated cryptography (Intel QAT, Marvell/Cavium Nitrox, Broadcom SPU)Knowledge of real-time operating systems (VxWorks, QNX, Linux-RT) for networking applicationsExperience with FPGA development for custom network protocol processing

Domain-Specific Network Security Knowledge

Type 1: Relevant protocols, COMSEC network requirements, secure tactical networkingSuite B: Commercial VPN implementations, enterprise network security, PKI integrationCSfC: Layered network security architectures, commercial network product integration

Standards & Compliance

Experience with network security standards (IEEE 802.1AE, RFC IPsec series, TLS RFCs)Knowledge of government network security requirements (NIST 800-series, NSA network guidance)Understanding of network protocol conformance testing and interoperability validationFamiliarity with network equipment certification processes (Common Criteria, FIPS validation)

What Desired Skills You'll Bring:

Master's degree with focus on network security or distributed systemsExperience with software-defined networking (SDN) and network function virtualization (NFV)Knowledge of 5G network security architecture and network slicing securityExperience with satellite communication networks and secure space-based networkingBackground in industrial control network security (ICS/SCADA protocols)Experience with secure multicast protocols and group key managementKnowledge of secure routing protocols for mesh networks and ad-hoc networkingExperience with quantum key distribution (QKD) network integrationBackground in secure time synchronization protocols (NTS, PTP security extensions)Experience with high-frequency trading network security requirementsKnowledge of content delivery network (CDN) security implementationsExperience with distributed denial of service (DDoS) mitigation at network protocol levelBackground in network traffic analysis and encrypted traffic classificationExperience with network security in virtualized and containerized environments

Security Clearance Requirement:

An active Top Secret SCI security clearance is required for this position.​

This position is part of our Federal Solutions team.

The Federal Solutions segment delivers resources to our US government customers that ensure the success of missions around the globe. Our intelligent employees drive the state of the art as they provide services and solutions in the areas of defense, security, intelligence, infrastructure, and environmental. We promote a culture of excellence and close-knit teams that take pride in delivering, protecting, and sustaining our nation's most critical assets, from Earth to cyberspace. Throughout the company, our people are anticipating what’s next to deliver the solutions our customers need now.

Salary Range: $120,800.00 - $217,400.00

We value our employees and want our employees to take care of their overall wellbeing, which is why we offer best-in-class benefits such as medical, dental, vision, paid time off, 401(k), life insurance, flexible work schedules, and holidays to fit your busy lifestyle!

Parsons is an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, veteran status or any other protected status.

We truly invest and care about our employee’s wellbeing and provide endless growth opportunities as the sky is the limit, so aim for the stars! Imagine next and join the Parsons quest—APPLY TODAY!

Parsons is aware of fraudulent recruitment practices. To learn more about recruitment fraud and how to report it, please refer to https://www.parsons.com/fraudulent-recruitment/.