Job Openings

Cybersecurity Forensics Engineers are responsible for leading and overseeing all aspects of digital forensic investigations within the agency.

Responsibilities include collecting, preserving, and analyzing digital evidence from various sources such as computers, networks, and mobile devices. Other duties include managing and conducting complex forensic examinations, providing expert guidance on forensic methodologies and tools, collaborating with cross-functional teams, and delivering clear and concise reports to stakeholders. Additionally, Cybersecurity Forensics Engineers are responsible for ensuring adherence to legal and regulatory requirements pertaining to digital evidence handling and chain of custody. These responsibilities and standards will be leveraged to develop training as well as mentoring of junior members. Cybersecurity Forensics Engineers are also responsible for researching, evaluating, and designing technical security solutions for the agency; providing technical security assessment support; and developing, maintaining, and monitoring an effective Information Security program to provide logical and physical protection of the company’s technical resources. Enterprise accountabilities include executing security engineering practices for IS projects; conduct product research and participate in the selection process of technologies to support security requirements.

The Cybersecurity Engineer will be implementing, managing, and enhancing the ESS (Endpoint Security Solutions) suite to support a Department of Defense customer ( DCSA).

Responsibilities:

• Experience with ESS (Endpoint Security Solutions) EndPoint Security (ENS), Data Loss Prevention (DLP), and Policy Auditor (PA).
• Ensure endpoint compliance using ePolicy Orchestrator (ePO) for multiple enclaves.
• Maintain Trellix ESS server including Microsoft Operating System and SQL Database, using Government supplied hardware and software.
• Test, upgrade, and deploy Trellix software to the most recent software versions as they are approved and released by the DISA Patch Repository Program including testing as required.
• Plan/Develop endpoint security solutions for customer requirements.
• Continuously monitor the performance and integrity of the Trellix ESS server solutions.
• Create, tune, and maintain security policies to protect customer assets including Antivirus, Data Loss Prevention, Host Based Intrusion Prevention, and firewall policies.
• Establish and conduct scheduled STIG and patch compliance scans utilizing Trellix Policy Auditor and other government-supplied solutions.
• Ability to develop dashboards, queries, and reports that automate Cyber Scorecards, Incident Investigations, and applicable DoD/Intelligence Community-defined reporting standards.
• Microsoft SQL database maintenance and support for ePO as needed.
• Possesses understanding and experience with common cybersecurity toolsets and processes including STIGs, IAVA Management and Implementation, and Operation Orders.
• Ability to provide Joint Force Headquarters (JFHQ) – DODIN (OPORD)/Fragmentary Order (FRAGO) support.
• Ability to document and present data to management for compliance and security posture.
• General knowledge of endpoint operating systems, endpoint security, and networking.
• Proficiency in using Microsoft products (e.g., PowerPoint, Word, Excel).

Responsibilities:

• Platform Administration: Manage and administer the CrowdStrike Falcon platform, including user access, permissions, and configurations for 1,400 Nodes.
• Ensure the platform is properly configured to meet security and compliance requirements
• Endpoint Security Management: Deploy and manage endpoint security agents across the organization’s devices
• Monitor and analyze endpoint security data to identify potential threats and vulnerabilities
• Incident Response: Respond to security incidents detected by the CrowdStrike Falcon platform
• Investigate security alerts, analyze root causes, and take appropriate remediation actions
• Policy Management: Develop and enforce security policies within the CrowdStrike Falcon platform
• Configure and customize security policies based on organizational requirements and best practices
• Stay updated on the latest cyber threats and trends to enhance threat detection and response capabilities
• Troubleshooting and Support: Provide technical support and troubleshooting assistance to end-users regarding the CrowdStrike Falcon platform
• Collaborate with CrowdStrike support teams to resolve issues and optimize platform performance
• Security Awareness and Training: Conduct security awareness training sessions for end-users to educate them about endpoint security best practices
• Promote a culture of security awareness and vigilance within the organization
• Documentation and Reporting: Maintain detailed documentation of platform configurations, policies, and incident response procedures
• Generate regular reports on security metrics, incidents, and compliance status for stakeholders
• Continuous Improvement: Identify opportunities for process improvement and optimization within the CrowdStrike Falcon platform
• Stay informed about emerging technologies and industry trends to enhance security capabilities
• Compliance and Audit: Ensure that the CrowdStrike Falcon platform aligns with relevant regulatory requirements and industry standards
• Participate in security audits and assessments to validate compliance with security policies and controls

DCSA is seeking Information Systems Security Engineering (ISSE) support for the Zero Trust initiative to maintain IT infrastructure, applications, and any new development projects ensuring the security of networks. Technical analysis, research, evaluation, and technical guidelines are to be performed to provide support. The workload will vary depending on the number of active development projects and other technical assessments required.

Identify potential security vulnerabilities in ICAM/Zero Trust (ZT) implementation and recommend remediation.

• Support all phases of an Information Systems Security Engineering Program (ISSE) with ISSE-certified personnel to support the requirements of the DoD A&A Process. The ISSE Program will use the Information Assurance Technical Framework (IATF); DoD 5200.1-M; Common Criteria for IT Security Evaluation (International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) 15480; and DOD, federal, and DSS Cyber Security Policies as guides.
• Provide input to the DCSA A&A Process including Information Security planning, design, testing, and analysis.
• Provide research and analysis of Commercial-Off-The-Shelf (COTS) and Government-Off-The-Shelf (GOTS) and IA-enabled products as part of the security architecture and ensure that the products are National Security Telecommunications and Information Systems Security Policy Number 11 (NSTISSP-11) compliant and validated via the NIAP Common Criteria Evaluation and Validation Scheme or NIST Federal Information Processing Standards (FIPS) Cryptographic Module Validation Program (CMVP.)
• Information System Security Engineer (ISSE) Deliverables, at the discretion of the government, may include but are not limited to:
  • Service Acceptance Criteria and Service Level Requirements
  • Service Level Policies, Procedures, and Reports
  • Service Level Agreements and Operational Level Agreements
  • Availability Policy, Plans, Design Criteria, Risk -Analysis and Reports
  • Business and IT service continuity policy, strategy, plans, risks, business impact analysis, and reports
  • Technical Documents
  • Market Research Analysis and Results
  • Technical Guidelines and Framework
  • Technical and Product Evaluation Reports
  • Technical Studies
  • Cloud Design Diagram with security impacts (outlines systems to be deployed to a cloud infrastructure; outlines the ingress and egress points from the DSS network to the cloud infrastructure, locations of the CND Suite, and method of connecting to the DoD information network (DoDIN))
  • Cloud Suitability Questionnaire Template-(will be used to score an application’s suitability for deployment to the cloud with security impacts. The template should baseline a score to be used to determine suitability based on qualifying factors).
  • Technical Documents as defined by the Government
  • Courses of Action
  • Proofs of Concept

As a Cloud Security Analyst, you will play a crucial role in ensuring the security and compliance of the Programs under the Program Executive Office (PEO). You will be responsible for managing Risk Management Framework (RMF) support for Amazon Web Services (AWS) based cloud systems.