• Engineers, architects, implements, deploys, maintains, and administers security products and tools.
• Conducts research, evaluates, and makes recommendations on emerging technology.
• Conduct cyber assessment activities including threat modeling, analysis and analysis of mitigation solutions;
• Coordinate and address supply chain management concerns;
• Coordinate with system architects and developers to provide oversight in the development of solutions and integration of security tools;
• Conduct security testing and evaluation during the development and release process for security tools and hardware (virtual or physical);
• Reviews, and interprets Federal guidelines and policies, and industry standard best practices.
• Provides subject matter expertise, support, leadership, and training.
• Provides support on all information security activities at the program level including policy development, compliance inspections, audits, reviews and communications security.
• Provides support and works on the development phases of information security systems development lifecycle.
• Evaluates, and supports the documentation, validation, and SA&A processes necessary to meet the organization's IA requirements; and ensures compliance from internal and external perspectives.
• Conducts assessments of threats and vulnerabilities pertaining to security tools and architecture, determines deviations from acceptable configurations, enterpriseConducts assessments of threats and vulnerabilities pertaining to security tools and architecture, determines deviations from acceptable configurations, enterprise or local policy, assesses the level of risk, and develops and/or recommends appropriate mitigation countermeasures in operational and non-operational situations.
• Documents incident correlation requirements, selects incident correlation engines and recommends configuration guidelines. Performs analysis to determine the optimum configuration of network and host sensors.
• Conducts the integration/testing, operations, and maintenance of systems security.
• This analysis includes traffic load analysis, performance impacts of monitoring, determination of potential attack characteristics based on mission and infrastructure, and determination of site-specific data collection requirements.
• Provides system operation support, administers hardware and software inventory, and oversees administration of a laboratory environment.
Analyzes and recommends resolution of information security problems based on knowledge of the major information security products and services, an understanding of their limitations, and a working knowledge of the disciplines of information security.
• Conducts research and develops security policies relevant to the client environment and analyzes outside security information for relevance to the agency.
Minimum Relevant Experience for Cybersecurity and Security Engineering:
Eight (8+) years of experience in Information System Security, security engineering and integration computer forensics, insider threat, or SA&A. Extensive work experience and knowledge in; network monitoring, intrusion detection using host-based and network-based intrusion detection systems (IDS) and log management applications; testing, installing, patching, and upgrading computer hardware and operating systems (e.g., Windows, and UNIX) in an enterprise environment; identifying, collecting, processing, documenting, reporting, cyber security/ incident response events; architecting, engineering, developing and implementing cyber security/incident response policies and procedures; engineering, testing, installing, patching, and upgrading various information security hardware and software applications. Examples of tools include SourceFire, Arcsight, Splunk, NetWitness, Guidance Software, Digital Guardian, Raytheon (SureView), NMAP, Metasploit, Request Tracker, Nagios, Intelliview, Nessus, and Foundstone. Experience with government IT security regulations, Federal Information Security Management Act (FISMA), National Institute of Standards and Technology (NIST), and American Society of Crime Laboratory Directors (ASCLD).
Any combination of certificates such as Microsoft's MCSE, or Cisco's, CCNA, CCDA, or CCNP, may be considered equivalent to two (2) year of general experience. Certificates under the DoD lAM, IAT, IASAE, or CSSP Levels II or III may be considered equivalent to two (2) years of relevant experience.