CACI is seeking a Network Defense Engineer to support the Missile Defense Agency's Tier 2 Cybersecurity Service Provider within the MDA Computer Emergency Response Team (CERT) on the JRDC program at Schriever AFB, CO. This position requires a Network Defense Engineer to conduct Network Intrusion Detection (NID) surveillance and Incident Response on Subscriber networks and maintain Situational Awareness (SA) of MDA-wide network security monitoring. Analyze security event audit log information from network security devices (e.g., network and host-based security systems, firewalls, routers, switches, etc.) and mission critical servers for anomalies and known attack patterns. Will support development/dissemination of Computer Network Defense (CND) Alert and Notification messages. The candidate will also review data originating from or reflecting status of, ongoing intrusions or cyber security incidents and document the findings of apparent activities involved and any intrusive or damaging activity involving compromised hosts. Review/assess the cyber threat environment for MDA Subscriber network applicability, and disseminate guidance to improve network defensive posture. Respond to cybersecurity incidents by reporting all pertinent information in local incident reporting database, and Department of Defense incident management system. Support digital forensic investigations, as directed by MDA CERT leadership. The candidate must have excellent technical report writing skills to accomplish required forensic and incident reports. The candidate will support the development, establishment, review and update of CND Detect and Respond procedures, Standard Operating Procedures, Internal Operating Processes, manuals, and other MDA Computer Emergency Response Team (CERT) documentation. The candidate will be required to support investigations relating to Counterintelligence and Insider Threat as well as law enforcement and other organizations when directed by MDA CERT leadership. Duties and Responsibilities: Perform assessments of systems and networks within the networking environment or enclave and identify where those systems and networks deviate from acceptable configurations, enclave policy,or local policy. This is achieved through passive evaluations such as compliance audits and active evaluations such as vulnerability assessments. Establishes strict program control processes to ensure mitigation of risks and supports obtaining certification and accreditation of systems. Includes support of process, analysis, coordination, security certification test, security documentation, as well as investigations, software research, hardware introduction and releaae, emerging technology research inspections and periodic audits. Assist in the implementation of the required government policy (i.e., NISPOM, DCID 6-3), make recommendations on process tailoring, participate in and document process activities. Perform analyses to validate established security requirements and to recommend additional security requirements and safeguards. Support the formal Security Test and Evaluation (ST&E) required by each government accrediting authority through pre-test preparations, participation in the tests, analysis of the results and preparation of required reports. Document the results of Certification and Accreditation activities and technical or coordination activity and prepare the system Security Plans and update the Plan of Actions and Milestones POA&M. periodically conduct a complete review of each system's audits and monitor corrective actions until all actions are closed. Required Qualifications: Must have 7-9 years of IT related experience, to include 6 years of cyber security experience. Must have DoD 8570.01-M IAT Level III with Continuing Education (CE). Must be able to obtain and maintain a DoD 8570.01-M CNDSP Analyst or Incident Responder certification within 6 month of employment. Experience with security analysis and solutions in a WAN/LAN environment. Proven aptitude in oral and written communications. Experience with MS Office applications. Must be willing to work shifts in 24x7 operational environment, which may include extended hours at no notice, evenings, nights, holidays, and weekends. Must be willing to travel; travel is infrequent and often less than two weeks if needed. Candidate must have a DoD Secret security clearance to start; must have or be able to obtain a DoD Top Secret clearance. Desired Qualifications: Experience CERT/CND, network, and system security policies and procedures. Experience with correlating security events across a WAN using SIEM tools, ArcSight preferred. Experience with other CND tools/applications, such as Network Security Manager, Bluecoat, Barracuda. Current DoD Top Secret clearance. GCIA or GCIH certified preferred. Bachelor's degree in Information Technology or related discipline (additional years of experience in lieu of degree).
US-Colorado Springs-CO-COLORADO SPRINGS