Position Overview
We are seeking an experienced Senior Network Protection Engineer to support the California Department of Technology (CDT) Enterprise Network - Network Threat Protection Unit. In this role, you will work closely with state IT management to secure, configure, and maintain vital security infrastructure across data centers and wide area networks.
This is a long-term contract opportunity (1-year base starting October 1, 2026, with two 12-month extension options) based in Northern California.
- Salary: $90 to $110 per hour
- Job Type: Full-time, Contract
- Location: Hybrid / On-site (Rancho Cordova, Sacramento, Vacaville, and San Jose, CA)
- Schedule: Monday–Friday, 40 hours/week (flexible to accommodate 7:00 AM – 6:00 PM PST; occasional weekend hours for maintenance windows)
What You Will Do
- Review, evaluate, and optimize security configurations on network hardware and software throughout data center and wide area networks.
- Install, configure, troubleshoot, and monitor critical security equipment, including firewalls, routers, switches, and load balancers.
- Manage and configure Intrusion Detection/Prevention Systems (IDS/IPS), specifically Trend Micro TippingPoint.
- Evaluate and document security practices for firewalls, IPS, and DDoS prevention services.
- Configure and troubleshoot encryption, IPsec VPNs, and content load balancing.
- Provide detailed written documentation, troubleshooting procedures, and knowledge transfer/training to state staff.
- Submit weekly written contract status reports in MS Word format tracking completed tasks, project risks, and hours.
Required Qualifications (Mandatory)
To be considered for this role, you must meet the following baseline requirements:
- Minimum of 7 years of dedicated Network Protection experience.
- Active Certification: Must hold a TippingPoint Intrusion Prevention System Expert Certification.
- Protocol Expertise: Strong configuration and troubleshooting skills in Ethernet, VLAN, L2TP, CDP, MPLS, RIPv2, BGPv4, IPv4, IPv6, IPsec, SFTP, TCP, TLS, NTP, and DNS.
- Hardware/Software Proficiency: Extensive experience with Cisco, Juniper, Palo Alto, F5, and Ciena equipment (routers, switches, firewalls, and load balancers).
- Virtualization: Hands-on experience with VMware NSX in a data center context.
- Appliance Security: Direct experience with Cisco ASA, Juniper SRX, Palo Alto firewalls, and F5.
- Advanced Threat Protection: Solid understanding of F5 ASM/WAF, Trend TippingPoint, and Distributed Denial of Service (DDoS) technologies.
- VPN & SD-WAN: Proficiency with IPsec, 3DES, AES, IKE, DMVPN, Cisco AnyConnect, Full/Split-Tunnel client VPNs, Site-to-Site VPNs, and SD-WAN.
Preferred Qualifications (Desirable)
- 12+ years of network protection experience.
- Experience with AWS and/or Azure cloud networking services.
- Strong experience writing complex network designs, change logs, and troubleshooting documentation.
- Experience in sniffer packet capture and protocol analysis.
- Basic scripting experience (Python, Perl, PowerShell, Java, etc.).
- Familiarity with NIST 800-53 v4 security controls.
- Experience using Security Information and Event Management (SIEM) tools.
Benefits & Perks
- Competitive W2 hourly compensation or C2C options.
- Weekly payroll with direct deposit.
- Dedicated administrative support from our team.
- The opportunity to support vital public-sector state infrastructure alongside seasoned professionals.
About Us
Testudo Logistics is a veteran-led, mission-driven Service-Disabled Veteran-Owned Small Business (SDVOSB) specializing in healthcare, technical, and performance staffing for state and federal agencies. We partner with elite professionals to deliver critical solutions that protect and support public infrastructure.
Pay: $90.00 - $110.00 per hour
Experience:
- Network Protection: 7 years (Required)
License/Certification:
- TippingPoint Intrusion Prevention System Expert Cert (Required)
Work Location: Hybrid remote in San Jose, CA 95139