Secret Security clearance with ability to obtain TS/SCI

We support and secure some of the most complex government, defense, and intelligence projects across the country. Our work depends on a CSfC Advocate Manager joining our team to support Department of State activities at Sterling, VA.
As a CDS Engineer supporting Department of State (DoS) Commercial Solutions for Classified (CSfC) deployment, you will be trusted to server the principal responsible for successful deployment, sustainment, use case development, and prepare systems engineering artifacts for DoS Cross Domain Solution (CDS) for CSfC services. Reporting to the Cybersecurity Operations Lead, you will be responsible for strengthening the defensive posture and cyber defense operational readiness of a CSfC deployment and collaborating with DoS cybersecurity operations to assure the program defends and protects Government assets from external Cybersecurity attacks and Insider Threats that can potentially cause or create data, systems, networks, and personnel vulnerabilities.

• Principal responsible for successful deployment and sustainment of Cross Domain Solution (CDS)
• System Engineer primary duties will be to design, update, and manage a Cross Domain Solution (CDS) to support multiple Commercial Solutions for Classified (CSfC) connections and classification to support mission efforts and goals
• Provide use case development support to junior systems engineering team members to enhance use case skills in the department.
• Successful candidate will perform use case development and prepare systems engineering artifacts
• Support the development and review of interface documents, system requirements, architectural documentation, system engineering estimates, and author and perform formal and informal engineering reviews.
• Demonstrate flexibility to support various tasking on short notice.
• Provide system/equipment/specialized training and technical guidance.
• Provide guidance and work leadership to less-experienced staff.
• Communicate effectively with customers and teammates clearly and concisely.
• Maintain current knowledge of relevant CSfC technology and willingness to contribute to other software deployment and management.
• Self-starter utilizing Linux and scripting expertise to support and field critical customer driven requirements, enabling secure data transfer
• Utilize interpersonal skills to engage directly with the customer to provide advanced design, analysis and implementation of our software
• Demonstrate competency working hands-on in Linux based environments, troubleshooting on-site technical issues, using and configuring the Forcepoint CDS solutions to deliver critical customer driver requirements
• Leverage standard networking concepts to support the design and implementation of the CDS systems to include failover, COOP, and load balancing as well as interoperability with other components within the enterprise.
• Work with the Assessment and Authorization (A&A) team to ensure the CDS maintains the Authority to Operate (ATO) and meets all FISMA obligations.

• Degree in a Computer Science, Engineering or Information Technology related field is desired but not required. Bachelor’s degree in Information Technology/Systems or experience.
• 5 years of experience in information technology
• 1+ years of ForcePoint design and administration
• Demonstrate proven experience (with tangible outcomes and results), a can-do attitude, an ability to influence internal and external customers, and a leadership and communication style required to foster agreement and productive outcomes
• Strong experience in Linux and scripting
• Interest or experience in cyber security to include practices/methodologies, associated technologies, application design and development and/or experience in an operational environment
• Working knowledge of networking concepts (e.g. TCP/IP, firewalls, routers, etc.)
• Working knowledge of programming logic and methodologies (e.g., regular expressions)
• Experience with security design and architecture of Cross Domain solutions (CDS)
• Knowledge of Virtual Desktop Infrastructure (VDI)
• Working knowledge of virtualized, networked environments, specifically VMWare and HyperV based systems
• Experience with security COTS product integration (e.g., firewall, web gateways, Data Loss Prevention)
• Experience in collaborating with multiple technical teams to drive solutions that requirement driven including technical subject matter experts, including hardware and software designers, operations personnel, and test engineers and communicate potential security risks and mitigations
• Experience using Microsoft Office including MS Visio, MS Word, MS Excel and other appropriate tools.
• Strong English communication skills with ability to lead working groups, communicating clearly and succinctly in written and oral presentations
  • Ability to clearly present technical approaches and findings
  • Able to write and implement engineering plans within a project
• Must also be able to obtain and maintain a TS/SCI Security Clearance
• Must have the ability to be flexible to support various tasking on short notice
• Possess an understanding of systems engineering process and principles
• Proven track record of successfully applying system engineering principles to develop product solutions
• Experience developing system engineering artifacts (e.g. specifications, Interface Control Documents, Use Cases, System Architecture Descriptions, Trade Studies, etc.)
• Experience working in an integrated team environment with other systems, software and specialty engineers to develop solutions
• Candidate needs to have extensive knowledge in the System Engineering process and advanced knowledge of ports, protocols and interfaces

• Security Clearance of TS/SCI.
• Formal training in ForcePoint
• DODI 8570.1-M Compliance at IAT Level II or III; SANS GSEC, CISSP preferred
• Technical knowledge of any of; Cisco ICE/UCS, ForcePoint (High Speed Guard), Splunk, InfoBlox, MetricStream, Radiant Logic, Tenable Security Center, Sciencelogic, SonarSource, Appscan HCL
• Prepare documentation to support Assessment and Authorization (A&A) activities
• Apply knowledge of current Information Assurance (IA) policies as a contributor to the architecture and design of secure solutions to customer needs and requirements
• Department of State employee or contractor experience

Secret or above

Sterling. VA

• Support enterprise-class Storage solution
• Design Storage architecture elements with emerging technologies
• Extensive knowledge of security for storage
• Plan, research, and design architectures for a SAN deployment
• Develop solutions that balance business requirements with innovation and security
• Identify design gaps in proposed storage architectures and recommend changes
• Ensure organizational security policies and procedures are followed
• Regularly communicate with leadership

• Knowledge of NetApp, EMC, or Pure Storage
• Team-oriented; skilled in working within a collaborative environment
• Outstanding written and verbal communication skills
• Highly self-motivated and directed
• Proven analytical and problem-solving abilities
• Familiar with Agile Framework for project management
• Not afraid to get hands dirty.
• Ability to learn on the fly

• 7+ years professional experience in a storage administration role
• 3+ years of storage architecture experience
• Master’s degree in the field of computer science and/or equivalent work experience
• Industry certification (EMC, NetAPP, Pure, etc.)

DoD Secret Clearance Required

Rosslyn, VA

Provides Penetration testing and Vulnerability Analysis support to a abinet level federal agency. Contributes to a team of information assurance professionals working to improve technical security posture. Duties include writing reports, briefing event details to leadership, and coordinating remediation with personnel throughout the globe.

Must possess six (6) years of substantive IT knowledge and demonstrate hands-on expertise and/or training in areas of emerging technologies. The candidate must have hands-on experience and expertise with ethical hacking, firewall and intrusion detection/prevention technologies, secure coding practices and threat modeling. Be a self-starter with, keen analytical skills, curiosity, agility, and adaptability. The ability to work quickly, willingness to work on ad hoc assignments, work independently as needed, strong written and verbal communication skills, and recognizing the importance of being a team player. In addition, the candidate must possess the following skill set:

• Able to conduct Penetration Tests and Vulnerability Analysis using Automated and Manual TTPs.
• Have an understanding of common Web Application vulnerabilities like SQLi, XSS, CSRF, and HTTP Flooding.
• Must be able to use at least two of the following proficiently and instruct others on them: Nessus, Burp, Metasploit Framework/Pro, and the Social Engineering Toolkit.
• Must have solid working experience and knowledge of Windows and Unix/Linux operating system
• Firm understanding of network and system architecture and analysis. Fundamentals of network routing & switching, assessing network device configurations, and operating systems (Windows/nix)
• Scripting (Windows/nix), Bash, Python, Perl or Ruby, Systems Programming
• Strong familiarity with at least one of the following: OWASP top 10, PTES and NSA Vulnerability and Penetration Testing Standards.
• Must be able to work alone or in a small group.

• Performs Penetration Tests and Vulnerability Analysis on web and other applications, network infrastructure and operating system infrastructures.
• Briefs executive summary and findings to stakeholders to include Sr. Leadership
• Have an understanding of how to create unique exploit code, bypass AV and mimic adversarial threats.
• Assesses the current state of the customer’s system security by identifying all vulnerabilities and security measures.
• Helps customer perform analysis and mitigation of security vulnerabilities.
• Researches and maintains proficiency in tools, techniques, countermeasures, and trends in computer network vulnerabilities, data hiding and network security and encryption.
• Provide support to incident response teams through capability enhancement and reporting.

Mentor Jr and Mid staff members by creating and teaching latest techniques in ethical hacking and vulnerability analysis.

• OSCP, GIAC GPEN, GWAPT or other Penetration Testing certifications
• CISSP
• Certified Ethical Hacker

• Manage IT virtualization platform and enterprises services.
• Provide operation and maintenance for infrastructure.
• Serve as an escalation point for troubleshooting complex and challenging IT and virtualization issues.
• Provide operational practices for virtual environment from a CSP perspective.
• Assist the ISSM/ISSO in developing processes and procedures for auditing and regulatory requirements.
• Collaborate with Security, Engineering, Product teams to test new products and features.
• Communicate technical matters with leadership, both orally and in writing.

• Minimum Security Clearance: Secret
• 5+ years professional experience in a technical or IT related role
• Bachelor’s degree in the field of computer science and/or equivalent work experience
• Outstanding written and verbal communication skills
• Team-oriented; skilled in working within a collaborative environment
• Advanced experience with virtual platforms
• Experience with NetApp, VMWare or EMC storage solutions
• Excellent understanding of SOC, Cloud operations, security, automation, and orchestration
• Experience with Linux, Windows servers, MS SQL, Oracle, MySQL, MongoDB
• Experience with DevOps/DevSecOps
• Excellent scripting skills in Python, PowerShell, and BASH
• Proven analytical and problem-solving abilities.
• Familiar with Agile Framework for project management in a cloud environment

Sterling. VA

Secret or above

• Support enterprise‐class private cloud solution
• Design IT architecture elements in emerging technologies
• Extensive knowledge of security, cloud, and IT services
• Plan, research, and design architectures for a private cloud
• Develop solutions that balance business requirements with innovation and security
• Identify design gaps in proposed architectures and recommend changes
• Ensure organizational security policies and procedures are followed
• Regularly communicate with leadership

• Knowledge of security operations, cloud services, vulnerability management, security governance, and risk management
• Knowledge of NetApp VMWare or EMC Storage
• Team‐oriented; skilled in working within a collaborative environment
• Outstanding written and verbal communication skills
• Highly self‐motivated and directed
• Proven analytical and problem‐solving abilities
• Familiar with Agile Framework for project management
• Not afraid to get hands dirty.
• Ability to learn on the fly

• 12+ years professional experience in a technical or IT related role
• 5+ years of architecture experience
• Master’s degree in the field of computer science and/or equivalent work experience
• Industry certification (VMware, Microsoft, NetAPP, etc.)

The Cyber Threat Analyst will support the customer’s overall cyber threat analysis efforts. The analyst must have the political acumen and the confidence to reach out and work with other agencies and industry stakeholders, to share threat information and work together to advance one another’s capabilities. Ensures that relevant threat indicators are infused in all aspects of program operations.

As a senior analyst, they must have significant background in cyber threat analysis, intelligence analysis and reporting, intrusion detection/response, firewall architecture, and emerging technologies. They must also understand security vulnerabilities and malicious actor tactics, techniques, and procedures (TTPs) to assess known and emerging cyber threats and better evaluate the effectiveness of layered defenses and to provide strategic recommendations on new technical and non-technical protections. The ideal candidate will have a solid understanding of cyber threats across multiple cyber threat groups/actors, targeted intrusion techniques, and different categories of indicators of compromise. Additionally, the candidate would have an understanding of intrusion detection systems, intrusion analysis, data integration platforms, endpoint detection, data analytics, and cyber defense architectures.

Candidate should have proven expert written and oral communication skills to include experience with executive-level presentations. Candidate should have knowledge related to the current state of cyber international relations, adversary tactics, and trends. Candidate will possess the ability to work quickly, and a willingness to complete ad hoc, time sensitive assignments.

Education

• A Bachelor’s Degree in Computer Science, Information Systems, Intelligence Studies, English, Communications, History, International Affairs or Studies, or other related technical or liberal art discipline is desired. Four (4) additional years of general experience (as defined below) may be substituted for the degree.

CISSP, SANS GCTI, CCSP

5 years of experience in intelligence or technical analysis with
increasing responsibilities. Demonstrated oral and written communications skills.

• Good working knowledge of cyber threat intelligence analysis
• Prior military or intelligence community experience and/or formal analytic training/certification
• Strong analytical skills and the ability to effectively research, write, communicate and brief to varying levels of audiences to include at the executive level
• Previous experience managing cross functional and interdisciplinary project teams to achieve tactical and strategic objectives.

• Three to five years of experience in intelligence or technical analysis with a focus on cyber threat analysis and threat modeling, to include preparing and presenting results.
• Three to five years of experience with assessing cyber threat groups, attack methodologies, forensics analysis techniques, malware analysis, attack surface comprehension, spear phishing, research/validation of new cyber threat TTPs.
• Understanding and experience with the MITRE ATT&CK Framework
• Ability to work with across a large cyber program to improve an organization’s detection capabilities, as well as develop mitigations, signature development, and assisting incident response procedures.
• Demonstrated expertise in deploying and maintaining tools to facilitate the flow of intelligence analysis and reports.
• Experience writing contract deliverables and short suspense products to stakeholders.

Candidates MUST possess an active secret clearance and be eligible to obtain a Top Secret

Rosslyn, VA

The Cyber Threat and Intelligence Analyst will support the customer’s overall cyber threat analysis efforts. Candidate should possess experience with and knowledge of cyber threat and/or intelligence analysis. Candidate should have proven expert written and oral communication skills to include experience with executive-level presentations. Candidate should have knowledge related to the current state of cyber international relations, adversary tactics, and trends. Candidate will possess the ability to work quickly, and a willingness to complete ad hoc, time sensitive assignments.

Researches, analyzes, and writes documents such as cybersecurity intelligence bulletins, alerts, and briefings. Ensures documentation is accurate, complete, meets editorial and government specifications, and adheres to standards for quality, graphics, coverage, format, and style. Ensures content is developed in an appropriate style for the intended audience to include presentations, bulletins, white papers, memos, policies, briefings, and other products. Acquires subject knowledge by collaborating with analysts and engineers. Assists in coordinating projects from the planning stage, provides additional or missing materials, and edits for content format, flow, and integrity. Researches topics and collaborate stakeholders to understand communication product requirements; analyzes business problems and helps prescribe communication solutions.

• 5+ years of experience in intelligence or technical analysis with increasing responsibilities.
• Demonstrated oral and written communications skills.
• Good working knowledge of cyber threat intelligence analysis
• Strong analytical skills and the ability to effectively research, write, communicate and brief to varying levels of audiences to include at the executive level

• Three years’ of experience in intelligence or technical analysis with a focus on cyber threat analysis.
• Knowledge of geopolitical issues and events and the use of cyber tools & techniques to influence them
• One or more geographic area of expertise, e.g. East Asia and Pacific, South and Central Asia, Near Eastern, European and Eurasian, South American or African areas.
• Demonstrated expertise in deploying and maintaining tools to facilitate the flow of intelligence analysis and reports.
• Experience with All Source production and knowledge of cyber/technical intelligence
• Experience writing contract deliverables such as Event Bulletins, Cyber Digests, and Quarterly Summary Report

A Bachelor’s Degree or Four (4) additional years of general experience may be substituted for the degree required. Master’s degree desired but not required.

• CISSP, CISM, Security+
• Prior military or intelligence community experience and/or formal analytic training/certification

Candidates MUST possess an active secret clearance and be eligible to obtain a Top Secret

Rosslyn, VA

The Cyber Threat Hunter and Researcher will support the customer’s overall cyber threat analysis efforts. Performs advanced analysis of adversary tradecraft, malicious code, and Advance Persistent Threat capabilities. Analyzes computer, communication, network security events and exploits to determine security vulnerabilities and recommend remedial actions. Conducts forensic, malicious code, and packet-level analyses to develop comprehensive technical reports stepping through complete reverse engineering of incidents. Recommends countermeasures based on the identified techniques, tactics, procedures, and behavior patterns used by adversaries. This role is also responsible for developing alert criteria to improve incident response capabilities; as well as, contributes to development, writing, and reviewing of SOPs.

Candidate should possess experience with and knowledge of cyber threat and/or intelligence analysis. Candidate should have proven expert written and oral communication skills to include experience with executive-level presentations. Candidate should have knowledge related to the current state of cyber international relations, adversary tactics, and trends. Candidate will possess the ability to work quickly, and a willingness to complete ad hoc, time sensitive assignments.

Education

• A Bachelor’s Degree in Computer Science, Information Systems, Engineering, Telecommunications, or other related scientific or technical discipline is desired. Four (4) additional years of general experience (as defined below) may be substituted for the degree.

Certifications Desired

• GIAC Certified Incident Handler (GCIH), GIAC Certified Forensics Analyst (GCFA), Certified Ethical Hacker (CEH), Encase Certified Examiner (ENCE)

General Experience

• 5-7 years of experience advanced technical analysis with increasing responsibilities. Demonstrated oral and written communications skills.

• Good working knowledge of cyber threat analytics
• Previous experience working in cross functional and interdisciplinary project teams to achieve tactical and strategic objectives
• Proven ability to document and teach team members how to apply advanced analytic techniques to solve complex problems Cyber Threat Hunter & Researcher
• Solid understanding of enterprise IT cybersecurity operational environments

• Five years’ of experience in network security with a focus on computer forensics, static code reverse engineering, and advanced (packet) network analysis. Static code reverse engineering experience can be substituted by experience in similar skill in computer forensics, network analysis, mobile device forensics related to malicious code, network flow analysis, or other similar skill
• Three years’ of experience in intelligence or technical analysis with a focus on cyber threat analysis.
• Experience analyzing emerging technologies for potential attack vectors and developing mitigation strategies
• Ability to evaluate offensive and intelligence-based threat actors based on motivation and common TTPs
• Experience with gathering open-source and controlled intelligence to develop predictive understanding of adversarial strategies, priorities, and overlapping interests
• Demonstrated expertise in deploying and maintaining open source network security monitoring and assessment tools Experience writing contract deliverables such as Event Bulletins, Cyber Digests, and Quarterly Summary Reports

Secret Clearance

The Threat Lead’s overall goal is to maintain awareness of, curate, and triage current threats the CIRT should proactively monitor for and respond to. Sources for information would be open source, classified, and via liaison with internal threat intel teams.

• Continuously internally evangelize and promote how and why threat information should be and is important in driving CIRT actions
• An excellent verbal communication, reporting and presentation skills is a must. Create short situation reports as required.
• Maintain and regularly update an MS Teams channel dedicated to CIRT/Department of State related Threat intelligence.
• Assist with developing training opportunities for junior analysts.
• Identifies and creates training requirements/opportunities for Tier 1 and 2 members.
• Mentor Jr and Mid staff members by creating and teaching latest techniques
• Supporting / Mentor analysts on new techniques and information sources.
• Although the position does not currently have any direct reports, the Threat Lead will be part of the CIRT upper Management team. As such, the position should have a good understanding of how a CIRT functions, and the technologies involved so that they can be leaned on to help move the CIRT forward.

• Minimum Five (5) years of experience in years of experience in information security, information technology, Cyber Security, or related field;
• A working-level proficiency in Splunk, Fireeye, or other enterprise-level data aggregation tools (the ability to execute basic queries, create reports and dashboards);
• A working-level proficiency in IDS (Intrusion Detection Software)
• Experience managing or mentoring a team
• Hands on experience with cyber threat
• Hands on experience in a leadership role
• Active Secret Clearance
• Bachelor’s Degree or equivalent years of experience in a relevant field (e.g. Cybersecurity, Information Technology, or Computer Science);

•  CISSP
•  SANS GREM
•  SANS GCIH and/or GCIA
•  Certified Ethical Hacker
•  Basic knowledge of Java, C, and/or C++

Secret Clearance

Beltsville, MD

The CIRT Mid Cloud Analyst supports the Department of State’s (DoS) Computer Incident Response Team leveraging deep knowledge of monitoring / incident response techniques with a focus on hybrid, cloud and legacy infrastructure supporting the Cloud Monitoring Team’s efforts
to develop methodologies and processes to support the Department’s migration and integration of cloud based services. Serves as the primary day-to-day monitoring and incident response utilizing both enterprise and native log/ analysis tools for the Department’s emerging cloud presence.

• Knowledge of cloud computing technologies to include Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS)
• Knowledge of networking architecture, design and security
• Knowledge of traditional computing technologies architecture, design and security
• Demonstrated ability to interact with key stakeholders and provide both technical and information briefing materials to a range of audiences
• Demonstrated knowledge utilizing native security and logging tools (Log Analytics, Defender ATP, O365 ATP, Cloud trails) .
• Demonstrated knowledge of the Incident Response Lifecycle and ability to apply to both cloud, legacy and hybrid environments
• Expertise with static and dynamic malware analysis tools and techniques
• Ability to identify and communicate remediation steps for cybersecurity events

Currently possess or demonstrate knowledge commensurate with one of more (but not limited to) of the following certifications CCSP, CCSK, AWS certified security specialty, Microsoft Azure Security Engineer, GCIH, GCIA, GCFE, GREM, GCFA, GSEC, CEH, CISSP, CCNA (Security) or equivalent.

4+ Years of incident response and monitoring with an emphasis of enterprise environments to include hybrid and cloud only environments. Bachelors required but education may be substituted for years of related experience.