Choisys is a proud Service-Disabled Veteran-Owned Small Business (SDVOSB) and a SBA certified 8(a) Business Development Program participant. We deliver Higher Value through customer-centric solutions that drive innovation and adapt to evolving mission requirements – with well documented success on numerous programs within the Civilian, Defense, and Intelligence communities. We are experts in IT Service Delivery processes and industry best practices, continuously integrating the framework of our ISO 9001, 20000, and 27001 certifications to achieve service excellence. Choisys combines empirical methodologies and lessons learned with leading-edge solutions to solve complex problems, provide ongoing support, and deliver quantifiable benefits. Our mission focus areas include, but are not limited to, PMO Support, Health IT, Education + Learning, Infrastructure Management, and Cyber Security.
We are seeking a Senior Cyber Security Engineer to join a team of IT professionals supporting the US Army Cyber Center of Excellence in Fort Gordon, Georgia.
- Minimum of seven (7) years of work experience in the area of Information Assurance, Cyber/Information Security
- At start date and through the life of the contract, Contractor must have a final Top Secret security clearance with Sensitive Compartmented Information (TS/SCI) eligibility as well as meet position requirements.
Technical Skills Required:
- Minimum of 1 year of experience performing high-volume analysis of logs, network and system data in one or more of the following tools: (preferred tool Assured Compliance Assessment Solution (ACAS) but also familiarity with other similar tools)
- Ability to use and recommend implementation of infrastructure and security monitoring technologies (ex. Security Onion, Splunk, SolarWinds, ACAS)
- Endpoint Protection: (ex. McAfee EPO/ Host based security system (HBSS)
- Awareness of the latest network and application hacking techniques and countermeasures (emerging trends).
- At least one (1) year of Certification and Accreditation & Cyber Risk Management experience: DoD RMF (DoD 8500, DoD 8510, NIST 800-37/-53), and DCID 6/3 and ICD 503 processes and implementing frameworks by performing risk assessments, system certification and accreditation at all classification levels (NIPRNET, SIPRNET and JWICS)
- At least three (3) years of experience in Security Engineering of DOD Network Infrastructure, Wireless Technologies (Mobile IoTs, Endpoint Security, Network protocols and Cryptography
- Demonstrated knowledge of network threats, attacks, and other methods of exploitation, and the ability to develop Tactics, Techniques, Procedures (TTPs) to mitigate, deter, and respond.
- Knowledge of Cyber Security practices for cloud and virtual environments (ex. Amazon Web Services (AWS), Microsoft Azure, VMWare and OpenStack)
- Strong Knowledge of security incident handling/incident response process, methods and coordination with Regional Cyber Center-CONUS (RCC-C), Regional Network Enterprise Center (RNEC), NEC, etc.
- Strong knowledge and understanding of DoD and Intelligence Community (IC) engineering efforts, as it relates to security engineering (MILCON/MCA projects)
- Strong knowledge of the development of CCOE Policy (Policies, SOPs, TTPs, etc) and the conduct of the associated inspections for user adherence to the CCOE policy developed.
The following are required at the start date and must be maintained throughout the life of the contract:
- Baseline certifications. Note: Either CASP or CISSP (or associate) will satisfy baseline certifications for both IASAE II and IAM II.
- IASAE II: CASP, CISSP (or associate), or CSSLP and
- CSSP Auditor: CEH (red), CySA+ (blue), CISA, or GSNA and
- IAM II: CAP, CASP, CISM, CISSP (or associate), or GSLC
- Computing Environment (CE) certifications: N/A - only required for IAT IAWF positions.
- Be monitored in the Army Training and Certification Tracking System (ATCTS).
- Successfully complete Information Assurance Fundamentals on line course and exam at https://ia.signal.army.mil/IAF/default.asp.
- Complete Privileged Level Access Agreement (PLAA) annually.
- This Personnel Security Standard for this position is IT-I (Personnel in IA positions with privileged-level access to control, manage, or configure IA tools or devices, individual and networked IS and devices, and enclaves).