Amazon Web Services (AWS) Network Administrator

Nakupuna Consulting seeks a Network Administrator with Amazon Web Services specialty who will be responsible for designing, deploying, and maintaining network infrastructure solutions from the enterprise Cloud Access Points (CAPs) to the Amazon Web Services (AWS) Secure Cloud Computing Architecture (SCCA). This role involves configuring and optimizing AWS networking services to ensure high availability, reliability, and security of network resources. The AWS Network Administrator collaborates with several cross-functional teams - including other network administrators, systems administrators, cyber engineers, and developers - to support business requirements and drive the adoption of best practices for network architecture and operations in the AWS cloud.

The following reflects management's definition of essential functions for this job but does not restrict the tasks that may be assigned. Management may assign additional duties and responsibilities to this job at any time due to reasonable accommodation or other reasons.

AWS Network Design and Implementation:
• Design, deploy, and manage AWS networking components such as Virtual Private Clouds (VPCs), subnets, route tables, network access control lists (NACLs), and security groups to ensure proper routing including traffic flow.
• Configure and maintain VPN connections, Direct Connect, and other connectivity solutions in AWS, including establishing and managing VPC peering relationships.
• Configure, maintain, and monitor AWS Transit Gateways to facilitate inter-VPC communication, optimize routing paths and traffic flow supporting scalable architectures.
• Develop and enforce routing policies in addition to network segmentation strategies that ensure efficient traffic distribution, security, and compliance.
• Monitor, analyze, and troubleshoot traffic flow patterns to identify performance bottlenecks, optimize throughput, and maintain compliance with SCCA standards.
1. Network Security and Compliance:
• Implement and enforce network security best practices in AWS environments, including firewall rules, encryption, and intrusion detection/prevention systems (IDS/IPS).
• Responsible for network security hardening per Department of Defense (DoD) Security and Technical Implementation Guidelines (STIGs) by conducting reviews and remediation.
• Integrate Amazon GuardDuty and Amazon CloudWatch with Splunk for centralized log ingestion, alerting, and compliance reporting.
• Maintain logs for visibility into traffic patterns, anomalies, and troubleshooting.
• Administer ForeScout CounterACT for Comply-to-Connect (C2C), including policy-based authentication, AWS integrations, and device compliance enforcement in alignment with DoD Zero Trust and NAC requirements.
2. Additional Network Services:
• Collaborate with the Defense Information Systems Agency (DISA) to ensure connectivity as well as compliance between AWS GovCloud and DoD enterprise networks.
• Configure and manage Out of Band Management (OOBM) for Virtual Private Clouds (VPCs) to enable separate management access.

Develop and maintain documentation including Standard Operating Procedures (SOPs), diagrams, and System Security Plans (SSPs).

Skills/Qualifications:

Excellent technical, organizational, decision-making, analytical, writing and planning skills. Effective communicator who takes initiative and the ability to adapt to dynamic environments. In addition, the following technical skills are needed:

• Proven experience as a network administrator or engineer with hands-on experience in designing and managing network infrastructure in AWS.
• In-depth understanding of AWS networking services including VPC, Elastic Compute Cloud (EC2), Elastic Load Balancer (ELB), Route 53, Transit Gateway, and CloudWatch.
• In-depth understanding of the following AWS Services: GuardDuty, Security Hub, AWS Inspector, AWS IAM Access Analyzer, AWS Detective, Cloudwatch, CloudTrail, Athena, Cloud Formation, Terraform.
• Strong knowledge of network protocols (TCP/IP, DNS, DHCP, BGP, etc.) and networking concepts (subnetting, routing, virtual local area networks, etc.).
• Experience with network security technologies (firewalls, VPN, IDS/IPS, etc.) and best practices for securing cloud environments.
• Proficiency in scripting or programming languages (e.g., Python, PowerShell) for automation tasks.
• Experience supporting Zero Trust (ZT) principles, including network segmentation, identity-based access, and continuous monitoring is highly desirable.
• Strong knowledge of Comply-to-Connect (C2C) with implementation experience within a cloud environment.

Education/Experience: Bachelor's degree in a technical major from an accredited institution as well as a minimum of (3) three years of relevant professional experience. Equivalent years of related work or military experience in lieu of degree will also be considered.

Certification:

• Required: Active IAT II Certification which may include CompTIA Advanced Security Practitioner (CASP+), CompTIA Cybersecurity Analyst (CySA+), Certified Information Systems Security Professional (CISSP), or CompTIA Security+.
• Preferred: Amazon Web Services (AWS) certifications which may include AWS Certified Solutions Architect - Associate or AWS Certified Advanced Networking.

Clearance Requirement: Must currently hold an active Secret level of security clearance. Must be a U.S. citizen.

Work Location:

• Position may be based in Arlington, VA or Honolulu, HI.
• Must be on-site at least three (3) days per week.
• Occasional travel (1-2 weeks per year) within the Continental U.S. or to Hawaii may be required.
• Core hours: 9:00 AM - 3:00 PM local time, with a minimum 8-hour workday. Flexibility is expected to respond to after-hours emergencies and to support coordination across Hawaii and Virginia time zones.

Physical Requirements: In addition to the skills and qualifications mentioned above, candidates must, at a minimum, be able to meet the following physical requirements.

• Ability to lift up to 25 pounds
• Ability to use stairs without assistance
• Ability to perform repetitive motions with the hands, wrists, and fingers
• Ability to engage in and follow audible communications in emergency situations
• Ability to sit for prolonged periods at a desk and working on a computer

The Nakupuna Companies use a market-based compensation strategy to ensure that our employees are compensated within applicable market ranges commensurate with multiple factors, including but not limited to the individual's particular combination of education, knowledge, skills, competencies, and experience, as well as contract-specific affordability, organizational requirements, and position location. The projected compensation range for this position is $110,000.00 to $125,000.00 (annualized USD). The salary range displayed represents the typical salary range for this position and is just one component of Nakupuna Companies total compensation package for employees.NC26