· Provide Cyber Security Engineering (CE) services to the USAISEC, MED located at Fort Huachuca, AZ. This effort will consist of CE support to multiple customers such as: Department of the Army Program Executive Offices/Program Management Offices, USACE, USARPAC, HFPA, and other agencies such as the DoD, DHS, MDA, and DoE
· Conduct baseline level system administration and maintenance on the workstations, servers, and network devices that comprise the EEDRS system enclave in both a physical and virtualized environment. This includes creating a new approved baseline, making any changes necessary to meet the current Security Configuration Guide (SCG), and applying patches as required to comply with the current Information Assurance Vulnerability Management (IAVM) program. Microsoft Structured Query Language (SQL) Server expertise is required.
· Review vendor-released updates and patches, determine applicability, and update workstations and servers as necessary. Test the applications on the workstations and servers after applying any patches or upgrades to verify that functionality of the systems has not been affected.
· Update the RMF documentation and artifacts based on any system changes to ensure that the RMF package is accurate and up to date.
· Ensure the entries in the eMASS remain current and are up-to-date.
· Maintain the EEDRS Cyber Security posture and determine if system changes affect the validity of its authorization
· Conduct automated scans for Information Assurance Vulnerability Alerts (IAVA), analyze the results of the scans, check for compliancy status, and document the findings
· Perform monthly full backups of each workstation and server in the enclave using the most current and approved method for conducting backups.
· Perform quarterly security reviews using available DISA STIGs to determine applicability and compliance to the EEDRS operating systems, applications, hosts, networking devices, and document the review's results in a STIG Compliance Report Manual checks will be performed for systems that cannot be checked with an automated tool.
· Assess the suitability of any IT being considered for inclusion as trusted components of supported systems.
· Perform annual Security Control Self-Assessment activities.
· Perform SCA-O activities if the systems being supported are designated as Stand-Alone Information Systems (SIS) or as Closed Restricted Networks (CRNs).
· Provide technical insight and regulatory guidance in the areas of: CE; Cyber Security requirements; Planning, Oversight, and Execution of the DoD RMF processes. This includes any Cyber Security input needed for systems engineering specifications, plans, and designs that are incorporating security controls and requirements
· Participate in weekly, biweekly, and monthly meetings such as the Engineering Review Board (ERB), Technical Reviews (TR), System Registration Reviews (SSR), and Integrated Product Team meetings (IPT).
· Provide operational security support to ensure that the system owner has all necessary Cyber Security processes developed, implemented, and documented
· Provide security incident tracking support. This includes recommending courses of action, providing the necessary support to an intrusion incident, and analyzing real-time or historical intrusion audit data
· Evaluate and then update or develop the supported organization’s Cyber Security documentation and artifacts. This can include security concepts of operations, detailed security plans, allocation of component and sub-system security requirements, and Cyber Security Standard Operating Procedures
· Conduct and document vulnerability and risk assessments, making recommendations for eliminating or mitigating deficiencies.
· Provide Cyber Security configuration and implementation for supported systems. This will ensure systems and components are configured securely and in highest as possible compliance with STIGs, SCGs and other applicable authoritative security configuration guidance. All non-compliant settings must be fully documented and mitigated as much as possible. Strong working knowledge of various security technologies, architecture, networking, engineering and administration
· Have the ability to speak and write, conveying complex ideas, with ease and concisely in support of briefings, writings, or oral presentations.
Must have CISSP or CASP.
Must have a completed Secret-level security clearance (no interim)
Must have a Computing Environment Cert. Preferred certifications include: MCSE/MCDBA but will consider others
Other helpful skills: MS SQL, VMWare, ACAS, WSUS, SCCM, routing/switching
Prefer Bachelor's degree or equivalent experience
5+ years of related experience in data security administration.
We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.
GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.