Hardware / Network Engineer

Location: Onsite – Fairfax, VA · U.S. Citizen Required (ITAR / Government Customer Requirements)

Type: Full Time

Job description

NextgenID is a profitable, pre-Series A identity verification and biometric technology company operating 250+ self-service kiosks. We are hiring an on-site Hardware / Network Engineer to own the full lifecycle of our kiosk hardware platform: design, build, configure, deploy, and sustain.

This role is hands-on and cross-functional — you will work directly with software engineering, operations, field service, and client solutions to ensure every kiosk ships reliable, connected, and secure. Our kiosks process identity verification transactions in government and enterprise environments, meaning uptime, security, and network resilience are non-negotiable.

Role Fit & Non-Negotiables

  • Onsite in Fairfax, VA — remote is not available.
  • U.S. citizen required due to ITAR and government customer obligations.
  • Comfortable working with physical hardware (assembly, cabling, bench testing) as well as network configuration and troubleshooting.
  • Hands-on ownership of kiosk hardware and network infrastructure — this is not a design-only or advisory role.

What You’ll Own (90–180 Day Outcomes)

  • Document and standardize the current kiosk hardware BOM, assembly process, and QA acceptance criteria for consistent build quality.
  • Establish a repeatable hardware provisioning pipeline: image, configure, test, and ship kiosks with minimal manual intervention.
  • Audit and harden kiosk network architecture: VPN tunnels, firewall rules, cellular/LTE failover, and remote management access across hundreds of locations in the US and internationally.
  • Implement hardware lifecycle management: inventory tracking, warranty/RMA processes, component obsolescence planning, and spare parts strategy.
  • Define monitoring and alerting for hardware health: temperature, connectivity, peripheral status (camera, scanner, printer), and power/UPS telemetry.
  • Collaborate with DevSecOps and software engineering to ensure secure boot, firmware integrity, and patch delivery pipelines for deployed kiosks.

Key Responsibilities

Kiosk Hardware Engineering (Hands-On)

  • Own the kiosk hardware platform: component selection, integration, assembly documentation, and build-to-order manufacturing coordination.
  • Design and maintain hardware test fixtures and acceptance procedures to validate each unit before deployment.
  • Evaluate and qualify new components (cameras, biometric sensors, NFC readers, printers, touchscreens) for reliability, security, and cost optimization.
  • Manage hardware BOM, vendor relationships, and procurement lead times in coordination with Operations and Supply Chain.
  • Support field service engineers with remote hardware diagnostics and escalation procedures.

Network Engineering (Hands-On)

  • Design, deploy, and maintain the network infrastructure connecting kiosks to cloud services (AWS, Azure, GCP).
  • Configure and manage site-to-site VPN, SD-WAN, or zero-trust network access for kiosk fleet connectivity.
  • Implement network security controls: segmentation, firewall policies, intrusion detection, and encrypted transport.
  • Own cellular/LTE connectivity strategy for kiosks without dedicated wired connections; manage carrier relationships and SIM provisioning.
  • Monitor network performance, latency, and availability across the fleet using centralized dashboards and alerting.

Infrastructure & Reliability

  • Define and enforce hardware configuration baselines to ensure consistency across US and international kiosk deployments.
  • Implement remote management capabilities: BIOS/firmware updates, OS reimaging, peripheral diagnostics, and remote reboot/recovery.
  • Partner with the DevSecOps team on hardening Windows endpoints: secure boot, BitLocker, application whitelisting, and telemetry collection.
  • Support SOC 2 and FedRAMP compliance requirements related to physical security, hardware integrity, and network controls.

Cross-Functional Collaboration

  • Work with Software Engineering on hardware-software integration: driver compatibility, peripheral APIs, and firmware update mechanisms.
  • Coordinate with Client Solutions and Field Service on deployment logistics, site surveys, and installation requirements.
  • Provide technical input on international deployments (power, connectivity, compliance differences for global kiosk fleet).
  • Contribute to capacity planning as NextgenID scales over the next 12–24 months.

Required Qualifications

  • 5+ years in hardware engineering, network engineering, or a combined hardware/infrastructure role with hands-on production responsibility.
  • Strong networking fundamentals: TCP/IP, DNS, DHCP, VPN (IPSec/WireGuard), VLAN, firewall configuration, and cellular/LTE connectivity.
  • Hands-on experience building, integrating, or maintaining hardware systems (kiosks, POS, IoT devices, edge computing, or industrial/embedded systems).
  • Working knowledge of Windows 10/11 deployment and hardening in a fleet/device management context.
  • Experience with hardware BOM management, vendor evaluation, and component lifecycle planning.
  • Familiarity with at least one cloud platform (AWS, Azure, or GCP) for network connectivity and remote device management.
  • Ability to read and create hardware schematics, wiring diagrams, and assembly documentation.
  • Must be able to work onsite in Fairfax, VA; U.S. citizen.

Preferred Qualifications

  • Experience with biometric hardware: cameras, fingerprint sensors, NFC/RFID readers, document scanners, or identity verification peripherals.
  • Network security certifications: CCNA, CompTIA Network+, or equivalent.
  • Familiarity with FedRAMP or government compliance requirements related to hardware and network controls (NIST 800-53).
  • Experience with SD-WAN, zero-trust network access (ZTNA), or SASE architectures.
  • Wiring-level troubleshooting or embedded systems experience (firmware, BIOS, UEFI).
  • Prior experience scaling hardware deployments internationally (power standards, carrier/ISP coordination, customs/logistics).

Signals We Look For

  • You can explain how you’d design a kiosk network architecture that maintains connectivity and security across hundreds of locations in diverse locations with intermittent connectivity.
  • You have debugged hardware failures in the field and can describe your systematic approach to root-cause analysis and permanent fix.
  • You think in standardization and repeatability: every kiosk that leaves the facility is identical, documented, and remotely manageable.
  • You balance cost and reliability, selecting components that meet security and performance requirements without over-engineering.

What Success Looks Like

  • Every kiosk ships with a documented, repeatable build process and passes standardized acceptance testing before deployment.
  • Network connectivity is resilient: kiosks maintain >99.5% uptime with automated failover and proactive alerting.
  • Hardware issues are diagnosed and resolved remotely whenever possible, reducing field service dispatches by 40%+.
  • The hardware platform scales smoothly to 1000+ units with established BOM, vendor relationships, and provisioning automation.
  • Hardware and network controls meet SOC 2 and FedRAMP evidence requirements with minimal manual documentation overhead.

To Apply

Please submit your resume and a cover letter detailing your relevant experience and how you meet the qualifications outlined above to careers@nextgenid.com. We look forward to reviewing your application and considering you for this exciting opportunity to contribute to our innovative identity technology startup.

About NextgenID

NextgenID focuses on improving the efficiency and speed of mission critical, high assurance identity enrollment and credentialing operations that are essential to hundreds of millions of users worldwide.

Our technologies are engineered to dramatically reduce the time and cost of capturing accurate data when creating a digital identity. Our industry-neutral solutions revolve around "Supervised Remote-Identity Proofing" to automatically, securely and "remotely" perform all proofing, enrollment and credentialing processes and workflows for our customers. The industry is taking notice as we are now working with some of the largest agencies in the US Defense, intelligence, Civil, State and Local government markets, as well as other national governments and commercial organizations throughout the world.