Job Openings

The Cybersecurity Engineer – Splunk Administrator  – Mid Level will be responsible for administering, maintaining, and engineering the multi-enclave enterprise On-Premises and Splunk Cloud environment for the DCSA.

• Support SOC personnel with Incident Response, Threat Hunting, Trends Analysis, and other Cyerbersecurity objectives.
• Liaise with different stakeholders to coordinate ingestion of logs to Splunk
• Five (3-5) years of experience with multi-enclave enterprise On-Premises Splunk/Splunk Cloud Engineering
• Ability to provide support to Incident Responders and other SOC Members for developing queries, alerts, dashboards, etc. via Splunk
• Ability to manage and implement various Splunk Apps such: Enterprise Security, ITSI, etc.
• Maintaining health of Splunk environment
• Knowledge and experience with performing Linux Command Line actions to support Splunk Servers
• Desire to coordinate efforts with different technology groups to implement log ingestion to On-Premises Splunk and/or Splunk Cloud
• Experience supporting Security Operations Center objectives
• Proactively work with appropriate teams to implement and test new detection rules and procedures.
• Experience providing advanced analysis and correlation across cyber events, logs, and artifacts
• Familiarity with RMF accreditation processes
• Participating in red/blue testing to confirm/tune detection and alerting mechanisms via Splunk
• Experience in creating and maintaining SOP’s
• Knowledge of DISA Security Technical Information Guides, NIST SP 800-61, CJCSM 6510.01 B, United States Cyber Command guidelines, and other applicable DoD Cybersecurity and Computer Network Defense policies
• Experience developing and reporting metrics, preferably in a near-real time dashboard or common operating picture.
• Develop, maintain, and provide a daily and weekly brief that captures all the cyber events including

The PKI Analyst will be responsible for executing, maintaining, and providing support for Registration Authority (RA) duties. This position entails the implementation of the DoD PKI/PKE Program, including tasks such as token issuance, revocation, PIN resets, and support for the DoD PKI NEATS architecture solution.

As a PKI Analyst, they will also contribute to the support of the DoD enterprise authentication infrastructure, which encompasses digital certificate authentication for our 802.1x wireless and one-time password (OTP) services, NPE (Non-Person Entity) Certificates, and digital email certificates. Additionally, the PKI analyst will perform Identity Vetting.

Responsibilities:

• Registration Authority (RA) – An RA is an official recognized by the Certificate Authority to ensure that the subscribers appropriately present the necessary credentials for registration into the PKI. In the Department of Defense (DoD) PKI, RAs enroll devices into the PKI, revoke user certificates and authorize Local Registration Authorities (LRA) to enroll individual subscribers.
• Supporting revocation and suspension of a certificate on Unclassified and/or Classified networks.
• Supporting restoration of suspended certificates.
• Supporting registration and/or termination of Local Registration Authorities (LRAs).
• Adding, modifying and deleting directory entries as needed.
• Performing third party key recovery.
• Approving issuance of certificates to Network Process Engines (NPEs).
• Producing and delivering an Issuance report.
• Supporting retention of all associated documentation for a period of 10 years for DoD and 0 years 6 months for NSS documents. The retention can be in an electronic format, i. e. scanned image (pdf). If stored in digital format, the originals may be disposed of appropriately. All retention and disposal will be in accordance with CNSS Instruction No. 1300, December 2014.
• Supporting duties as assigned through National Security Service/Public Key Infrastructure Registration Practice Statement (NSS/PKI RPS) and Department of Defense/Public Key Infrastructure Certificate Practice Statement (DoD/PKI CPS).
• Providing support to LRAs, Trusted Agents (TAs), and Enhanced Trusted Agents (ETAs) in accordance with DoD PKI RA-LRA CPS and RPS to ensure RA Operations are aligned with DISA Audit requirements.
• Monitoring the RA Operations in accordance with DoD PKI RA-LRA CPS and RPS to ensure RA Operations are aligned with DISA Audit requirements.

DoD Intelligence Agency requires Cybersecurity Cloud support in order to maintain IT infrastructure, applications, and any new development projects in the cloud. As such, technical analysis, research, evaluation, and technical guidelines shall be performed in order to accomplish the needed support. The workload for the Cybersecurity Analyst will vary depending on the number of active development including FedRAMP and RMF governance tier level as well as other technical evaluations required by DoD Intelligence Agency.

•  Review, Audit, and validate compliance DoD Cloud SRG requirements for DOD cloud deployments.
• Support RMF activities for cloud-hosted systems such as eMASS Package (ex: RAR, SSP, POA&M, etc.
• Reviews Information System Agreement (ISA) / Memorandum of Agreement (MOA), Whitelisting, etc.
• Support of DCSA systems Secure Cloud Computing Architecture (SCCA) to ensure cloud systems connections to the BCAP and VDSS are implemented In Accordance with the cloud SRG including support for the internal implementation of the VDMS solutions internally.
• Work with the product manager and program offices to define a roadmap to FedRAMP certification. Worked with the solution engineers to identify best practices and methods required by the FedRAMP PMO to configure and operate within the NIST SP 800 series of controls.
• Provide support for the internal Information Security Continuous Monitoring Program for authorization to operate and ongoing authorization approvals for cloud-based IT systems.

The Cybersecurity Analyst will provide support for a program, an organization, system, or an enclave; provides support for proposing, coordinating, implementing, and enforcing information systems or enclave cybersecurity policies, standards, and methodologies; maintains operational security posture for an information system, program, or enclave to ensure cybersecurity standards, and procedures are established and followed; performs day-to-day security operations of the system or enclave; perform IT security control validations; provide configuration management (CM) for information system security software, hardware, and firmware; manage changes to system and assess the security impact of those changes; prepare and review documentation to include Systems Security Plans (SSPs) and Security Assessment & Authorization  (SA&A) packages in accordance with DoD Risk Management Framework (RMF) procedures.

Duties:

• Interface with Project/Program Managers and Information System Security Manager on Major Application / General Enclave issues and updates.
• Track and report on Plan of Action and Milestone (POA&M) items; RMF Status, A&A ATOs, and Continuous Monitoring actions.
• Prepare briefs and A&A documents for approval.
• Perform ISSO Type duties as defined in DoD 8510 & 8500.
• Provide risk mitigation strategies.
• Perform Quality checks on POA&Ms, assessments, and documentation.
• Conduct informal risk assessments to support policy development.
• Review existing documentation bi-annually for accuracy and relevance to current DoD and DSS mandates.
• Assist with Mission Assurance tasks and information to include policy and plan development related to IT
• Assist with research on cybersecurity items of interest.
• Perform other duties as related to risk management, communication, and assessments.

DOD Intelligence Agency requires Cyber Defense Incident Responder Log reports, forensics investigations, incident reports, and trend reports on classified data spills. Log reports are conducted daily, covering the Security Information and Event Manager (SEIM, Host Based Security System (HBSS), and vulnerability scanners. Log reports are produced daily covering 30-plus activities that are used to depict current network security and any anomalous activity. Review logs to include but not limited to servers, firewalls, web proxy, and infrastructure devices.

Job Responsibilities:

• Identify violations of internet access by reviewing web content filtering logs in accordance with DOD Intelligence Agency policy, DoD policy, and CND SOP
• Identify and report incidents that involve email including but not limited to phishing, malware, and spillage
• Develop and maintain SOPs for security monitoring
• Provide daily reports on key indicators of network security as provided by DSS net defender SOP
• Generate reports showing specific types of incidents
• Create SOPs and guides for response to specific categories and types of incidents.
• Perform trend analysis of incidents to identify potential problem areas
• Make recommendations for systemic, policy or procedural changes in order to mitigate specific risks
• Execute Incident Response Plan as required
• Support security incident reporting on all network computer security incidents and spillages
• Analyze Endpoint Security Solutions (ESS) log data to determine potential threats
• Analyze ESS log data to determine rogue systems
• Analyze ESS logs to determine infected systems
• Analyze ESS logs to identify systems that had unauthorized USBs connected to them
• Analyze ESS logs to determine unauthorized system changes
• Develop and maintain SOP for ESS Continuous Monitoring
• Develop and maintain a forensic SOP for conducting forensic investigations in accordance with DoD and DOD Intelligence Agency directives and legal requirements
• Conduct Forensic investigations with EnCase Forensic (or similar) tool using all legal and DOD Intelligence Agency Control Steps
• Acquire and preserve a forensic image of data from system hard disk drives, and volatile memory to include but not limited to documents, images, email, webmail, Internet artifacts, web history and cache, HTML page reconstruction, chat sessions, compressed files, backup files, encrypted files, RAIDs, system files, executables, scripts, on workstations, laptops, servers, VDIs, external mass storage, and smartphones and tablets
• Create a forensic exact binary duplicate of the original system or media utilizing EnCase Forensic (or similar) tool
• Daily, review or user activity discovered by CND network monitoring tools
• Analyze user activity data from CND tools to determine which indicators or triggers can be applied
• Determine thresholds for user activity that would require referral to DSS Insider Threat Working Group
• Analyze user activity data from CND tools to determine if thresholds for user activity have been met for that would require further investigation
• Make recommendations for systemic, policy or procedural changes in order to mitigate vulnerabilities found

Tasks include IDS/firewall placement and configuration support and network security monitoring: Responsible for traffic analysis, vulnerability scanning, Incident Response, wireless scanning, Host Based Security System (HBSS), Information Assurance Vulnerability Management program, Network Access control, insider threat support, web content filtering, data at rest and various cyber security application/tools installed on servers and workstations, may include maintenance and upkeep of the server or workstation.

Job Responsibilities:

• Analyze the impact of firewall configurations.
• Review logs to include but not limited to servers, firewalls, web proxy, and infrastructure devices.
• Identify violations of internet access by reviewing web content filtering logs in accordance with DCSA policy, DoD policy, and CND SOPs.
• Identify and report incidents that involve email including but not limited to phishing, malware, and spillage.
• Develop and maintain SOPs for security monitoring.
• Provide daily reports on key indicators of network security as provided by DCSA net defender SOP.
• Generate reports showing specific types of incidents.
• Make recommendations for systemic, policy or procedural changes in order to mitigate specific risks.
• Support security incident reporting on all network computer security incidents and spillages.
• Analyze Endpoint Security Solutions (ESS) log data to determine potential threats.
• Analyze ESS log data to determine rogue systems.
• Analyze ESS logs to determine infected systems.
• Analyze ESS logs to identify systems that had unauthorized USBs connected to them.
• Analyze ESS logs to determine unauthorized system changes.
• Develop and maintain SOP for ESS Continuous Monitoring.
• Daily, review or user activity discovered by CND network monitoring tools.
• Develop lists of indicators and triggers of insider threat Activity.
• Develop SOPs guides outlining the thresholds for referrals to DSS insider threat Working Group.
• Make recommendations for systemic, policy or procedural changes in order to mitigate vulnerabilities found.
• Must meet DoD 8570.01-M IAT Level II and be able to perform as an CSSP Analyst.
• Associates Degree in Information Technology, Information Systems Management, Cyber Security, or equivalent experience.
• At least 3 years hands-on technical cybersecurity experience and knowledge of Computer Network Defense concepts, DISA Security Technical Information Implementation Guides, DoD A&A Process, NIST SP 800-53, NIST SP 800-61, CJCSM 6510.01 B, United States Cyber Command guidelines, and other applicable DoD Cyber Security and Computer Network Defense policies.