Network Security Architect/Engineer

JOB DESCRIPTION

August Schell has a current job opportunity for a Network Security Architect/Engineer at Ft. Meade, MD. The candidate will be a member of the Cyber Security Service Provider (CSSP) Team on the DISA GSM-O program in support of DISA Task Order 29. Perform network architecture reviews, and provide recommendations on network security strategy, and network instrumentation to support defensive cyber operations. The employee might travel 10% of the time.

PRIMARY RESPONSIBILITIES

•Conduct interviews with customers to identify and make recommendations for security tools and capabilities to meet customer security requirements.
•Research and Develop Defensive Cyber Operations (DCO) security data strategies to include boundary and endpoint specific to CSSP service portfolio.
•Manage the process to request, track, and validate CSSP data requirements across multiple Areas of Responsibility (AOR).
•Engineer and provide the customer, vendor and Mission owner-specific cloud and endpoint security data acquisition strategies.
•Act as primary CSSP-driven liaison between the program and Data Brokering, concerning the continual refinement of cloud and endpoint data ingest.
•Continually adjust CSSP cloud and endpoint data defined in DCO Data Action Plan, based on measurement of effectiveness.
•Conduct network security architecture reviews to determine the size, and placement of intrusion monitoring equipment during the customer onboarding process.
•Conduct periodic architectural reviews of installed sensors to assess effectiveness and propose optimal installation alternatives as required.
•Conduct periodic reviews of sensor metric reports to evaluate and prioritize sensors for review and assessment
•Engage with customers and the DISA team of stakeholders to continually assess and verify sensor service issues.
•Function as network security design and architecture Subject Matter Expert (SME) in support of DISA Task Order 29.
•Conduct and deliver weekly status updates to customer.

BASIC QUALIFICATIONS

•Bachelor’s Degree with 8+ years of experience;additional work experience may be used in lieu of a degree.
•Must have DoD 8570 IAT Level 2 certification (Security+, CCNA Security, or equivalent).
•Experience with designing and securing enterprise network environments (traditional and virtual).
•Experience with designing and securing internal and public/private cloud-based environments
•In-depth understanding of network security best practices and methodologies.
•Experience in DCO utilizing Sysmon and Windows Event Collection/Forwarding
•Must have Top Secret clearance w/ SCI Eligibility.

PREFERRED QUALIFICATIONS

•Active TS/SCI clearance.
•Experience w/ DoD and DISA Networks.
•Experience with IDS/IPS, FirePOWER, SourceFire, NGIPSv, SNORT, Suricata, Splunk, Palo Alto NGFW, SPAN and TAP.
•Experience w/ cloud security strategy.
•Knowledge of DoD Cloud Computing Security Requirements Guide (CC SRG).
•Knowledge of Federal Risk and Management Program (FedRAMP).
•Experience in DCO using Sysmon and Windows Event Collection/Forwarding.
•Experience with Endpoint Detection and Response Solutions, Carbon Black, Tanium, Cisco AMP.
•Experience w/ MPLS, VRF, technologies including VPC, VDC.
•CISSP/CCSP/CCSK/CCNA/CCNP Certification.

ADDITIONAL INFORMATION

  • Must be a US Citizen or maintain permanent residence

Corporate Mission

  • We seek out emerging technologies
  • Align ourselves with progressive technology partners
  • Provide our employees with challenging opportunities to unite the two.

The Benefits

  • Comprehensive Medical Insurance
  • Comprehensive Dental Insurance
  • 401K Plan
  • Tuition Reimbursement Plan
  • Referral Bonus Program