The Senior Cyber Security Engineer and Liaison works with a small team to provide technical expertise to a wide array of IT projects. The individual selected will serve as a liaison between a cyber security center and major IT programs to ensure that new technologies and capabilities are implemented effectively. The senior engineer will work to evaluate new technologies (e.g. social media) to ensure that they are architected to meet security objectives. Frequently, the senior cybersecurity engineer and liaison will provided detailed evaluation of how to securely incorporate new technologies into the customer’s IT capabilities. These recommendations are provided both verbally and in written forms to senior managers so that they can make informed risk-based decisions.

The senior cybersecurity engineer and liaison will also support the continuous evaluation of proposed changes to the customer’s IT infrastructure and capabilities. The senior cybersecurity engineer and liaison will focus on representing the cybersecurity program by providing specialized security expertise to specific programs.

The ideal candidate will have exceptional verbal and written communication skills and a solid understanding of cybersecurity trends and security risks. They also must have a firm understanding of large scale enterprise IT operations. They will also have experience with cybersecurity in the domains of vulnerability management, malware TTP’s, networking protocols, and cyber incident management.

• Represents Company to external and/or internal customers where issue analysis of situations or data requires an in-depth knowledge of organizational objectives.
• Develops solutions to problems of unusual complexity which require a high degree of ingenuity, creativity, and innovativeness. Exercises independent judgment in determining the methods, techniques, and evaluation criteria used in obtaining results. Challenges are frequently unique and solutions may serve as precedent for future decisions.
• Effects of decisions are long-lasting and heavily influence the future course of the organization. Errors in judgment or failure to achieve results would result in the expenditure of large amounts of company resources.
• Work is performed without appreciable direction. Exercises considerable latitude in determining objectives and approaches to assignment.
• Serves as consultant to management and special external spokesperson for the organization on major matters pertaining to its policies, plans, and objectives.
• Provides technical expertise and professional recommendations, working independently and subject matter experts, to ensure the maximum protection by cybersecurity defenses.
• Prepare and provide written and verbal recommendations for mitigating cyber risks across a wide array of technologies.
• Supports numerous cybersecurity technical capabilities and infrastructure onsite and at several remote locations. Assist in new security tools deployment.
• Document the standard operating procedures for supporting each capability as well as recovering from any system degradation.
• Provide the requisite training on new capabilities and operational practices to other operations team members.
• Provide oral and written recommendations, in sufficient detail, to permit the sponsor to make an informed, independent decision on cyber security and threat related issues.
• Assist the sponsor in clarifying cyber security related policies and procedures, and determining technical solutions for cyber security issues.
• Promote awareness of cyber security related issues among key decision makers and ensure sound security principles are reflected in sponsors visions and goals.
• Provide weekly, or more often as required, updates to Cybersecurity Office management on cyber security related issues impacting sponsor and decisions reached.
• Provide general information security (INFOSEC) support.
• Conduct research pertaining to the latest cyber security threat vectors and technological advances.
• Complete technical and security reviews documenting the vulnerabilities and exposures of varying technologies, and potential mitigating techniques and configurations.
• Assist in the development of and response to Information Technology (IT) security policy.

• Use active vulnerability scanners to perform high-speed discovery, configuration auditing, asset profiling, sensitive data discovery, and vulnerability analysis of the enterprise security posture. Support full life-cycle vulnerability and configuration management. Communicate recommendations to the responsible parties, track remediation’s and verify security patches and required configurations. Scan the entire enterprise, to include DMZs, and physically separate networks
• Develop and maintain policy and SOP updates
• Analyze available security information including results of configuration compliance verification, vulnerability assessment, security and system patch information, field reports, OIG reports, and intelligence information to assess the status of remote organization’s cyber security posture
• Operate, maintain and configure the configuration compliance verification tool; apply regular updates from the vendor; provide operation, troubleshooting, training and helpdesk support
• Operate, maintain and configure the vulnerability assessment tool suite; apply regular updates from the vendor; provide operation, troubleshooting, training and helpdesk support
• Operate, maintain and configure the web security assessment tool suite; apply regular updates from the vendor; provide operation, troubleshooting, training and helpdesk support
• Maintain and operate all hardware supporting the configuration compliance verification and vulnerability assessment activities including system administration, configuration management, technical troubleshooting, backup/recovery, training and user support
• Develop configuration benchmarks and vulnerability checks based on established configuration standards and CVEs (Common Vulnerabilities and Exposures) using the Security Content Automation Protocol (SCAP)
• Perform liaison activities with other bureaus and offices
• Support incident response, threat analysis, forensics and penetration testing teams by performing on-demand and targeted vulnerability scans

Working knowledge of and experience in information systems methodology, policy, and standards environment of information security, especially in government is desirable. Excellent written and oral communications skills desired. Ability to work collaboratively with a broad range of constituencies essential. A demonstrated ability to work with diverse groups of people is required.

• Active Secret clearance required
• Technical knowledge of information technology and cyber security standards and issues is required for this position
• The CVE (Common Vulnerabilities and Exposures) standard
• Effective written and verbal communication skills
• Persistent and polite follow-up with clients in order to maintain project schedule
• Problem solving and attention to detail

• · Experience with current tools (McAfee ePolicy Orchestrator, Policy Auditor, Tanium, and Rapid 7 Nexpose vulnerability Scanner and App Spider – Web URL)
• Three years of experience in information security, information technology, or related field
• Experience performing vulnerability and/or compliance scanning in an enterprise network environment

• Strong analytical skills.
• Strong oral and written communication skills
• Extremely detail oriented

One or more of the following tools desired:

• Remedy ticketing system or similar ticketing system
• Splunk
• Cyber Security background
• Basic understanding of Network protocols and packet analysis tools.
• Previous exposure to SOC incident handling and response activity.

One or more certifications, including but not limited to: CEH, Security + or equivalent.

Junior: 6 mos-1+ years of SOC experience

Arlington, VA (Rosslyn)

Secret /Top Secret preferred

1-3

Project Overview:
Seeking an Executive Administrator to support the Department of State’s Office of Cyber Monitoring and Operations. This position primarily supports the Office Director.

Duties:
Provides general administrative support. Maintains and files reports and other information. Schedules and coordinates logistical support for conference calls and meetings. Makes travel arrangements. Provides word processing and other document preparation services. Locates and retrieves information in support of management and technical staff.

Daily Responsibilities:

• Manage calendar and scheduling for Office Director
• Monitors various documents to ensure the format is correct and appropriate policies and procedures are correctly carried out
• Log and track status of official Office and Division level communications and clearance status
• Coordinates status of documents and reports. Updates and prepares listing of weekly or monthly status reports
• Maintains meeting minutes and coordinates action items to ensure completion. Maintains files/filing system
• Performs data entry for timesheets and travel forms
• Provides event support, to include all administrative details, coordinating facility availability and providing VTC and communications assistance
• Performs data entry for expense reports, check requests and other financial requests, as needed
• Types reports, correspondence, forms, charts, and drafts in which format and terms are complex and do not follow a standard pattern
• Proofreads records, forms, letters, and other communication for typographical and other mistakes
• Compiles, catalogs, and maintains information on materials and documents. Interfaces with requesters and directs them to location of specific items
• Arranges travel schedules and makes appropriate reservations. Maintains schedules and calendars; assists in tasks such as tracking leave and department expenditures. Schedules and maintains calendars for conference rooms and/or coordinates meetings
• Provides coverage for the Cyber and Technology Security Directorate Front Office as needed
• Provide staffing updates and complete inbound and outbound checklists • Answer, transfer, and cover multiple phone lines
• Orders supplies, assists with escort duties, delivers mail, receives shipments

• BS in journalism, English, business or communications and knowledge in a similar specialization
• 2-3 years of experience in technical requirements writing in an IT infrastructure environment
• Secret Clearance required (Interim Secret acceptable to start)
• Strong planning and organizational skills
• Ability to facilitate meetings with cross-functional stakeholders
• Ability to manage, prioritize, and coordinate multiple tasks
• Work experience in tech environments performing technical writing and editing functions
• Expert-level experience in word processing, presentation and spreadsheet software, such as Microsoft Office, Excel and PowerPoint, etc.
• Impeccable written English skills
• Strong team player with outstanding communication, organization, and interpersonal skills
• Strong customer advocate mentality
• Ability to learn new technologies quickly
• Exceptional communication skills with an emphasis on interpretation and documentation
• Ability to write, document, and maintain Policies, Processes, and Procedures as related to account responsibilities

This position combines all aspects of monitoring and incident response on the same team. Team members will interact with the malware analysis team, and all aspects of the incident analysis process.

• Monitor ticketing system
• Ensure data flows are maintained between internal tools and enterprise wide reporting dashboard.
• Work closely with other groups and build working relationships to effectively complete our mission while respecting stakeholder needs and requirements.

• Experience in Information Security, Information Technology or related field
• Technical knowledge of Information Technology and Cyber Security standards and issues
• Understanding of Unix and Linux command line
• Knowledge of various monitoring tools used to identify alerting actions and sessions to identify net flow
• Effective written and verbal communications skills
• Strong customer service skills to follow-up with clients in order to maintain project schedule
• Problem solving and attention to detail
• Must be familiar with security-related technologies including: Active Directory, Host-based firewalls, Host and Network based intrusion detection systems, Application white listing, Server configuration controls, Logging and monitoring tools, Antivirus tools, and Network monitoring.

Security+, SANS GCIH and/or GCIA

• Research, recommend, develop, maintain, and update domestic and overseas cybersecurity policies, to include use of new and emerging technology (e.g. WiFi, cloud, mobile devices), software, hardware, and other IT-related systems (e.g. VoIP, Building Automation Systems).
• Lead efforts for updating DOS and Overseas Security Policy Board (OSPB) cybersecurity policies to address cloud technology adoption
• Examine incoming requests for exceptions to policy and draft recommended decision memorandum to include requisite mitigation strategies
• Coordinate clearances of all draft cybersecurity policies and memorandum with DoS stakeholders
• Participate in intra-agency policy working groups (e.g. WiFi) and provide cybersecurity policy subject matter expertise
• Provide support for the review and coordination for National level classified and unclassified cyber and communications security policies and guidelines
• Respond to cables, memos, emails and phone inquiries regarding security policies and standards
• Help maintain the contents of the Frequently Asked Questions (FAQ) web page and web portal website
• Maintain databases for tracking incoming and outgoing policy documents, policy inquiries, exception requests
• Provide status reports as required. Prepare contract deliverables to include Trend Analysis reports, Quarterly Status Reports, etc.ea

• Bachelor’s degree in IT or related field with 5+ years of work experience or MA in the same fields combined with 3+ years of work experience
• Experience in researching, developing, writing, and editing cybersecurity policies, best practices, standards, processes and procedures
• Experience in research and analysis of information system issues and trends, and research and development in a technical discipline/field
• Knowledge of, and experience drafting policy for, new technology, specifically cloud computing environments, cloud adoption, data classification,
• Excellent written and verbal communication skills; strong organizational skills; research, analysis, and writing skills
• Strong customer service and interpersonal skills to effectively relate to agency and customer needs; ability to build working relationships with leaders and key stakeholders
• Proficiency with Microsoft Office
• Some experience with the creation of IT security requirements, technical security safeguards, countermeasures, risk management, contingency planning, and data communications networking
• Ability to work independently and as part of a team; ability to take initiative with minimal direction and to solve problems
• Knowledge of, and experience with, current Federal security standards (e.g., FISMA/NIST, DOD, and CNSS) and cloud security standards
• Familiarity with the Department of State’s mission is preferred and work with global policies is preferred

Bachelor’s degree in Computer Science, a related field or equivalent experience is required plus a minimum of 5 years of relevant experience; or Master’s degree plus 3 years of relevant experience.

Due to the nature of work performed within our facilities, U.S. citizenship is required.

As a seasoned leader, you’ll be involved with our client’s decision-making process by serving as a front-line interface to users with technical issues and conducting systems analysis and development to keep systems current with changing technologies. Your duties may include installing new software, troubleshooting, granting permissions to applications and training users. You’ll also be responsible for the day-to-day support of server services by performing server administration for physical and virtual server operating systems and configuring, maintaining, and troubleshooting of physical and virtual hardware and network related interfaces on servers. We’ll rely on you to perform, maintain, troubleshoot, and conduct a complete analysis of alerts; create scripts to automate repetitive processes; and work with customers to identify, isolate, and resolve problems with servers that are affecting other services.

• A Bachelor’s degree in Computer Science, a related field or equivalent experience plus a minimum of 5 years of relevant experience; or Master’s degree plus 3 years of relevant experience
• Strong background with deploying and maintaining virtual machine with VMware vSphere and related technologies
• Experience with deploying and maintaining Windows Client/Server environments
• Experience managing RedHat Linux Server environments
• Enhanced troubleshooting skills within the server OS as well as storage technologies
• Familiarity with compliance controls: STIGs (Security Technical Implementation Guides), RMF (Risk Management Framework),
• Knowledge of TCP/IP, Internet Routing Protocols, private and public networks, VLANs, Firewalls, Load Balancers, addressing schemes, subnet creation and subnet masking
• Experience with patching of Windows platforms Client 10 and Server 2012/2016 or newer
• Experience with patching of RedHat Linux systems
• Experience installing, configuring, and writing ansible playbooks for automation supporting infrastructure production and development environments
• Advanced understanding of server based operating systems
• Subject matter expert (SME) with the ability to mentor others on administrating the server environment
• Hands-on experience developing, deploying, and supporting large-scale enterprise server solutions

• Team player who thrives in collaborative environments and revels in team success
• Broad understanding of the interrelationships within the IT environment with focus on server and services
• Senior level knowledge of physical and virtual server support
• Senior level knowledge of access, permissions and security that gives the clients the access to the data they need to perform their daily activities

• Inquisitive by nature; you know where to look on the web to find answers and it is your go-to when confronted with a problem.
• Good trouble shooter for diagnosing outages
• You enjoy collaboration and sharing information with other highly technical people.

Environment you will work in

• The intersection of cybersecurity and data. No better place to be.
• Highly technical environment. Your inner geek will be at home here.
• Job site is in Beltsville, MD
• 24 x 7 x 365 Operations environment
• No remote work / no travel

DoD Secret Clearance Required

The Cybersecurity Operations Shift Lead will be the lead operations engineer for a designated shift of 24×7 network and security
operations. As the shift lead, you will provide technical expertise working independently and with other engineers as part of a team
focused on providing 24×7 technical support and monitoring to the customers unclassified and classified operating environments.
The primary area of responsibility will be supporting numerous cybersecurity technical capabilities and infrastructure onsite and at
several remote locations. You will be the lead engineer responsible for training employees on operational process, procedures, and
tools. You will also be responsible for setting shift coverage schedules, reviewing shift outputs (e.g. Shift Change Reports}, and
coordinating assignments for the assigned shift.

The Operations Shift Lead will assist in new security tools deployment. The Operations Shift Lead will be responsible for working with
the Project Management and Engineering team on evaluating and accepting new technologies and capabilities. They will support efforts
to develop and maintain documentation for supporting system operations and maintenance. As the Cybersecurity Operations Shift
Lead, they will also assist in the development of training on new tools and operational practices to other operations team members.
The ideal candidate will have a solid understanding of large scale enterprise IT operations and processes in a 24×7 environment. They
will also have experience with cyber security in the domains of security vulnerabilities, malware TTP’s, networking protocols, application
development, information exchange models, interface and GUI design and development.
This effort will require a skilled cyber security operations engineer to enable standardized and consistent processes, user training, and
implementation of innovative industry approaches and provide significant improvement to current capabilities.

This shift is from 10 pm- 6 am.

• Bachelor’s Degree or equivalent years of experience in relevant field
• Minimum four (4) years of experience in enterprise systems lifecycle management, structured system development methodologies (preferably Information Engineering), structured analysis, and/or information systems development or a relevant technical discipline
• Strong logical/critical thinking abilities, especially analyzing existing database layouts, application architectures, schemas and developing a good understanding of the application model.
• Strong knowledge of networking fundamentals such as TCP/IP and basic packet analysis
• Hands-on Linix/Unix experience
• Knowledge of Windows Operating Systems, Windows Management Interface (WMI} development, and shell scripting
• Experience developing and documenting detailed, technical user guides and hands on training.
• Strong understanding of networking fundamentals
• Demonstrated experience with direct and remote desktop support
• Experience developing Standard Operating Procedures (SOPs), job aids, and hands-on training materials.

• Desired Certifications: CCNA, RHCE, Linux+, VMWare Certified Associate, CEH
• Proficiency in process automation using multiple scripting and development tools including, but not limited to: Shell scripting, PowerShell, VBScript Perl, Ruby, or Python
• Proficiency with Linux, Unix
• Proficiency in deploying and maintaining open source network security monitoring and assessment tools.
• Experience in developing test cases for technical certification

• Experience with email routing and troubleshooting
• Network load balancing

The primary area of responsibility for the analyst is to examine and analyze data, prioritize significant events for further investigation, correlate information with other information sources to establish context, and to compile noteworthy information into analytic reports for working groups and senior management. 

Additionally, reviewing sensitive electronic and hard copy investigative and intelligence community reporting, collaborating with internal and external entities via working groups, conferences, or task forces, and preparing summary documents, briefings, assessments, graphical representations of data, and other written products is highly encouraged.

Investigative Analyst Role:

The investigative analyst will perform user activity monitoring, analysis, and reporting, employing technical and non-technical disciplines to transform data into actionable information. The individual will be responsible for conducting in-depth analysis of user activity data and performing data acquisitions from live hosts located worldwide using various Windows and forensics tools, and ensuring chain of custody and control procedures. Detailed documentation of tasks performed is required to support active law enforcement investigations.

• Responsible for the analysis and reporting of technical and intelligence information to provide indications, analysis, and trends identified through behavioral analysis of data 
• Perform assessments of malicious or suspicious activities to determine potential security risks
• Prepare comprehensive and detailed court-ready case documentation and written notes and reports regarding findings.
• Assist in the development of OTA program policies, processes, and procedures, provide user support, conduct group training sessions, and provide one-on-one tool training services to case agents and supporting personnel.
• Core work hours are 9:00am – 3:00pm (8.5 work day)
• Work location: Rosslyn, VA (full-time, on site)

• 4+ Experience in behavioral, audit, security, and/or policy compliance analysis
• Ability to work well with and accept challenges in a fast paced, dynamic, team-based environment
• Ability to write and execute SQL queries
• Experience with Splunk, EnCase, IBM SPSS platform using the Modeler module
• Proficiency in process automation using multiple scripting and development tools including, but not limited to: Shell scripting, PowerShell, Perl, Ruby, or Python
• Enterprise administrative support and deployment of multiple operating systems (e.g. Windows 2008, 2012, Linux)
• Experience in configuring and troubleshooting Windows servers
• Understand and utilize Active Directory Domain Services, DHCP, DNS, WINS, TCP/UDP Ports and Protocols
• Experience working in a virtualized environment (e.g. VMWare)
• Possesses an understanding of networking fundamentals
• Possesses working knowledge of firewall administration
• Strong quantitative and analytic abilities to analyze and validate data
• Ability to demonstrate effective organizational and technical skills
• Detail-oriented and have a strong delivery performance (ability to meet deadlines and requests efficiently, multi-task and establish priorities)
• Ability to quickly learn and understand various company systems
• Proficiency with MS Office Suite products (Excel, Word, Outlook, Visio, PowerPoint, etc.) and Server

• Knowledgeable of Database systems (Oracle and MS SQL)
• Experience with Direct Attached Storage/SAN and RAID.
• Experience with hardware and input/output evaluation and optimization
• Experience with Dell hardware
• Working knowledge of information security and IT standards like ISO27002, NIST, ITIL, etc.
• Experience with designing and implementing data models to drive threat analysis
• Knowledge of cyber threat indicators
• Ability to prepare and present briefings
• Technical knowledge of Microsoft Operating Systems