Lead Network & Virtualization Engineer (TS/SCI) — JWICS Installation, Ellsworth AFB

Project Summary

TANDT LLC is seeking a single hands‑on technical lead to plan, configure, integrate, and deliver a two‑phase JWICS infrastructure upgrade at Ellsworth AFB. Phase I establishes core router/switch infrastructure; Phase II builds a three‑cluster virtual environment supporting 150 VMware virtual desktops and 14 virtual servers. The role includes on‑site configuration, STIG hardening, integration with AFJWICS enterprise services (e.g., SolarWinds), documentation, and training of government technicians.

Key Responsibilities Planning and Design

• Lead site readiness, rack/stack planning, and integration design per government network diagrams and the List of Materials (HPE/Cisco/Omnissa/10ZiG).
• Produce configuration baselines aligned to published DISA STIGs; prepare artifacts for 16 AF Configuration Control Board acceptance.
• 
  
• Develop migration/runbooks, rollback plans, and cutover schedules minimizing mission impact.

Phase I : Core Network Build

• Install, configure, interconnect, and test L3/L2 switching/routing “equal to” the LOM.
• Replace/augment end‑of‑life equipment; ensure no wireless capability in any deployed hardware.
• Implement NTP, AAA, logging, SNMPv3, and integrate with SolarWinds; document all configs.
• Provide licenses and warranties equal to GEMSS; validate TAA compliance for all hardware.

Phase II : Virtualization & Servers

• Stand up a three‑cluster virtual infrastructure to support: 150 VMware VDI workstations (3 vCPU / 32 GB RAM / 512 GB storage each) 14 virtual servers (4 vCPU / 64 GB RAM / 1 TB storage each). Services: vCenter/management, DB, print, zero‑client mgmt, GEM One, file share, profile/app management, RODC, app servers.
• Engineer storage, networking (VDS/VLANs), templates/golden images, profiles, and GPOs.
• Integrate with AFJWICS enterprise services and ensure DISA STIG compliance end‑to‑end.
• Security, Testing, and Acceptance.
• Apply applicable STIGs, run SCAP/ACAS scans with remediation, and generate POA&Ms as needed.
• Prepare/maintain as‑built diagrams, IP plans, port maps, and configuration backups.
• Execute functional and performance testing; support acceptance with government POCs.
• Training and Handover
• Deliver hands‑on training to base technicians to install, configure, maintain, and troubleshoot.
• Create SOPs, admin guides, and troubleshooting trees tailored to Ellsworth AFB environment.

Must‑Have Qualifications

• Active U.S. Top Secret clearance with SCI eligibility (TS/SCI); U.S. citizenship required.
• 7 years hands‑on DoD network/virtualization engineering, including on‑site builds in secure facilities.
• Expert with enterprise switching/routing (Cisco Catalyst/9500 class or equivalent “equal to”).
• Strong VMware experience (vSphere/vCenter; VDI/Omnissa/Horizon or equivalent) building multi‑cluster environments.
• Proven DISA STIG implementation and audit readiness; ability to produce hardening checklists/evidence.
• Experience integrating with SolarWinds for monitoring/alerting, and creating SNMP/NetFlow configurations.
• Comfort training government technicians and producing high‑quality SOPs/runbooks.
• Ability to work within “no wireless” constraints and to integrate with legacy/end‑of‑life systems safely.

Preferred/Bonus

Prior AFJWICS/IC or 16 AF environments; familiarity with 16 AF CCB processes.

Cisco CCNP/CCIE, VMware VCP‑DCV/VDI, CompTIA Security , CASP , or similar.

Experience with GEMSS/GEM One, zero‑client deployments (10ZiG or similar), and TAA sourcing.

Familiarity with STIG automation tools (Ansible/PowerCLI), SCAP, ACAS/Nessus scans, and POA&M management.

Work Conditions and Schedule

On‑site hours generally Mon–Fri, 0900–1600 local; after‑hours cutovers as approved by the Government.

Access controlled environment; strict compliance with base entry, tool control, and conduct policies.

Period of performance: Begin upon NTP; schedule driven by government coordination and mission windows.

Deliverables

Phase I and Phase II installed, configured, and tested per SOW/LOM.

STIG checklists, scan results, remediation records, and acceptance artifacts.

As‑built documentation: diagrams, IP addressing, port maps, device configs/backups.

Training plan, slide decks, and SOPs; completion sign‑offs from government trainees.

Compensation

1099 hourly or fixed‑milestone; competitive and commensurate with clearance and experience.

Travel to Ellsworth AFB and per diem as required are reimbursable if not local (per contract policy).

Compliance Notes

No personal or project wireless devices/software allowed on deployed hardware.

All software/hardware must be TAA‑compliant and acceptable to 16 AF CCB.

Work subject to DD‑254 guidance; SF‑312 and VAR coordination handled through security channels.