Cybersecurity System Administration IA SME

Cybersecurity System Administration IA SME

SAIC

Kaiserslautern, Germany

Description

SAIC is seeking a Cybersecurity Sys Admin/IA SME to support the US Air Force Agency for Modeling and Simulation (AFAMS) program out of Kaiserslautern, Germany.

Cybersecurity System Administration IA SME will:

• Support the sustainment of the accredited cybersecurity posture of the WPC’s domain enclaves by actively tracking and maintaining each network’s cyber-vulnerability level and system compliance to applicable DISA Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs);
• Oversee the operation and maintenance for WPC’s Assured Compliance Assessment Solution (ACAS) systems and scan/report production processes;
• Provide technical inputs for Cyber Vulnerability Management (CVM) and Risk Management Framework (RMF) Plans of Action and Milestones (POA&Ms) regarding remediation timelines or vulnerability mitigation;
• Assist in providing monthly (or after a major network reconfiguration) network scan reports for reporting/submission to the appropriate CVM repository;
• Troubleshoot and research problems with systems that do not provide a complete or fully credentialed scan result;
• Accomplish vulnerability remediation (e.g., patches & updates) as well as STIG/SRG configuration compliance actions on domain core services systems and workstations in coordination with and support of WPC Comm;
• Maintain lists of active hosts on the networks and corresponding basic inventory listings of software used to determine STIGs/SRGs that need to be applied;
• Assist in researching proposed configuration updates/changes and apply a “patch-and-test” approach as appropriate to determine if a particular configuration update/change will have a detrimental effect on WPC processes and mission to determine application in the operational environment;
• Accomplish STIG/SRG checklist updates and reporting quarterly (tracking both automated compliance scans and manual STIG checklists as applicable);
• Track/report compliance of configuration changes based on CYBERCOM-driven tasking orders or other DoD short-notice threat response notifications;
• Provide guidance of DoD and AF policies, instructions related to the A&A processes, AF Security, Interoperability, Supportability, Sustainability and Interoperability (SISSU) activities, DoD Enterprise Mission Assurance Support Service (eMASS) web-based tool used to implement the DoD Information Assurance A&A Process, and DoD’s Risk Management Framework (RMF);
• Provide security engineering to implement security controls and ensure these controls do not degrade performance and availability requirements needed to execute and sustain M&S/LVC exercises/events;
• Report security findings and issues associated with the RMF process to the appropriate Cybersecurity POCs;
• Provide M&S/LVC cybersecurity to include the following:
  • Collaborate with Cybersecurity POCs to address A&A;
  • Attend technical exchange meetings;
  • Review system architecture for RMF as well as their respective A&A documentation;
  • Document problem areas and provide recommendations for a resolution;
  • Follow-up on issues and resolutions;
  • Document recommendations for process improvements.
• Conduct facility visits to observe processes related to each IA control (technical, personnel, operational, or management in nature);
• Utilize tools such as Nessus scanners, DISA System Readiness Review (SRR);
• Validate IA control implementation in M&S/LVC;
• The contractor shall; base assessment primarily on the validation procedures of the RMF Knowledge Service and DISA STIGs;
• Participate in meetings with system Information Assurance Security Officers (IASOs), program managers, IA managers, and A&A authorities and their representatives, present overviews of issues and recommendations, and provide meeting reports that outline the discuss topics and note action items.

Qualifications

• Bachelor's and 9 years or more of experience; Masters and 7 yrs, PhD/JD and 4yrs or relevant years of experience in lieu of degree;
• DOD 8570.1 IAT Level II Certification;
• Understanding of DoD policies and procedures, including FIPS 199, FIPS 200, NIST 800-53, DHS 4300A SSH and other applicable policies;
• Comprehensive knowledge of Physical Security principles, methods, and techniques;
• Experience with ACAS, HBSS or Tenable Nessus vulnerability scanners;
• Active Secret Clearance.

Desired Experience/Qualifications:

• Operating system certification (i.e., Microsoft Certified Solutions Expert and/or Red Hat Certified System Administrator);
• Microsoft Windows environment, UNIX, Linux, Hyper convergence technology, VMWare, VDI zero client architecture.

Apply Now

More Job Searches

Germany      Hardware and Telecoms      Linux and Unix      System Administrator and DevOps      SAIC