As a Senior Cyber Security Engineer (Security Engineer IV), you will provide Security Engineering and Security Control Assessor-Validator (SCA-V) support services to the 7th Signal Command-Theater located at Joint Base San Antonio, TX (106th Signal Brigade). This support includes Risk Management Framework (RMF) validation testing (also referred to under the RMF as “assessment”) support to the Security Control Assessor (SCA). This includes supporting the Government in conducting validation preparation activities such as onsite staff assistance visits (SAVs) and other validation activities, and generating RMF scorecards. You will also provide annual assessments for installations in accordance to Federal Information Security Modernization Act (FISMA) standards and requirements. This position requires 50% travel, as our SCA-V team will be deployed to all supported stateside Network Enterprise Commands (NECs) and Regional Cyber Centers to perform cyber security assessments and updates. In assuming this position, you will be a critical contributor to meeting NCI's mission: To deliver innovative, cost-effective solutions and services that enable our customers to rapidly adapt to dynamic environments.
Highlights of Responsibilities:
- Assesses DoD Information Systems against the RMF security controls (IAW) Department of Defense (DoD) Instructions 8500.01 and 8510.01, NIST SP 800-37, 800-53, and 800-53A, Army Regulation 25-1 and 25‐2, US Army Best Business Practices (BBPs) and applicable NETCOM Tactics, Techniques & Procedures (TTPs).
- Effectively performs interviews of technical Subject Matter Experts (SMEs) as well as non-technical management personnel to ascertain the security posture of an IT system
- Identifies mitigating factors for identified risks and proposes additional mitigation strategies for identified vulnerabilities
- Evaluates a wide array of IT devices for Security Technical Implementation Guide (STIG) compliance using ACAS/ Nessus, SCAP Compliance Checker, and manual checklist reviews. This includes Windows, Solaris, and Red Hat Linux servers and desktops, routers, switches, firewalls, IDS, etc.
- Submit findings input into the Enterprise Mission Assurance Support Services (eMASS) system or other Army approved tracking database
Preferred Education and Experience:
- Bachelor's degree in Computer Science, Information Technology, or a similar field with at least seven (7) years of related experience in the fields of security engineering, cyber security, or information assurance; two (2) years of hands-on SCA-V experience may be substituted in lieu of a degree
- Current Information Assurance (IA) certification (required at performance start date): DoD 8570 IAM Level II (CAP, CISSP (or Associate), CASP CE, CISM, GSLC), or higher
- Current Computing Environment (CE) certification (required at performance start date): MCITP, MCSE, MCP, CCNA-Security, CEH, etc.
- Clearance (required at performance start date): active Secret clearance with valid SSBI/Tier 5 Background Investigation
- Willingness and ability to travel up to 50%, depending on site validation schedule.
- Experience with eMASS and a strong understanding of the CNSSI 1253 CCIs
- Experience with Security Content Default Protocols (SCAP) Compliance Checker (SCC), NESSUS (ACAS), Information Assurance Vulnerability Management (IAVM) scanners (that is, tools utilized to meet DoD Security Configuration Compliance Validation.
- CISSP and CCSP preferred
- Army-approved Network Operating Systems such as Microsoft Server Active Directory, Windows Server 2008, Windows Server 2012.
- Army-approved Client Operating Systems such as Microsoft Windows 7, Windows 10 and non- Microsoft Client Operating Systems, and their use in a Microsoft Active Directory Environment
- Army-approved patching utilities such as Microsoft System Center Configuration Manager (SCCM)/Microsoft Windows Server Update Services (WSUS), or any other DoD patching tools that will be used to implement Security Remediation Compliance.
- Army-approved network and boundary defense mechanisms such as routers, switches, firewalls and intrusion detection/intrusion prevention systems such as those made by Cisco, Juniper, or other network and boundary defense equipment and software vendors
- Army-approved Virtual Private Network (VPN) hardware- and software-based systems
- Army-approved Proxy Server such as Bluecoat Proxy
- Army-approved Data at Rest applications such as Microsoft BitLocker, or Microsoft EFS
- Army-approved mobile devices, such as laptops, personal digital assistants (PDAs), and handheld smart devices such as Blackberry-like devices
- Army Common Access Card (CAC)/Public Key Infrastructure and alternate smart-card requirements
- Wireless tools, technology, and Wireless Intrusion Detection requirements and tools (Flying Squirrel)
- RMF (or RMF) requirements for McAfee ePolicy Orchestrator and Host-Based Security
- System (HBSS) Video Teleconference (VTC) equipment
- Army-approved email solutions such as Microsoft Exchange
- Any other Army approved tools or technology that would be found on most ICANs.
This position requires the ability to perform the below essential functions:
- Sitting for long periods
- Ambulate throughout an office
- Ambulate between several buildings
- Travel by land or air transportation up to 50% (CONUS only)
It is the policy of NCI to provide equal opportunity in recruiting, hiring, training, and promoting individuals in all job categories without regard to race, color, religion, national origin, gender, age, disability, genetic information, veteran status, sexual orientation, gender identity, or any other protected class or category as may be defined by federal, state, or local laws or regulations. In addition, we affirm that all compensation, benefits, company-sponsored training, educational assistance, social, and recreational programs are administered without regard to race, color, religion, national origin, gender, age, disability, genetic information, veteran status, sexual orientation, or gender identity. It is our firm intent to support equal employment opportunity and affirmative action in keeping with applicable federal, state, and local laws and regulations. NCI is a VEVRAA Federal Contractor.