By Light is seeking a Cybersecurity Engineer to support the implementation and administration of information security policies, procedures, and technologies to ensure the protection of systems, applications, and data in support of the Compartmented Enterprise Services Office (CESO) program.
With the CESO program, the Defense Information System Agency (DISA) is looking to transform the existing Secure Web Services (SWS) environment, which provides secure information sharing to the community, into a more mature service offering to meet the DoD and intelligence communities. As part of this task order, Leidos will manage the commercial cloud migration and disestablishment of legacy systems, fully automate the continuous development & continuous integration environment, fourth estate consolidation, professionalize services – ITIL/DevSecOps based processes, improve the customer experience 1st call resolution, and achieve development of a service catalog for Defense Working Capital Fund (DWCF) Model.
This position is in either Alexandria, VA, or Arlington, VA with occasional/situational travel.
- Provide analysis of architectures, technologies, policies, information and analytic data
- Develop cybersecurity and risk assessment methodologies and procedures to support prevention, detection, and mitigation of anomalous activity, vulnerabilities and inefficiencies.
- Perform cyber situational awareness activities and provide analysis and recommendations.
- Prepare and perform briefings appropriate for senior leadership.
- Conduct micro and macro analysis of enterprise cybersecurity defensive strategies in order to enable operational effectives, defense, and command and control.
- Analyze policy, program management office managed systems, hardware, and software, cloud, network infrastructure in order to recommend methods and strategies that reduce and/or managed impacts.
- Support and collaborate with CESO and/or its designated third-parties in information assurance/security services (e.g., intrusion prevention and detection, antivirus protection) in accordance with CESO’s security requirements as set out in CESO policies, standards and operations procedures manuals, and leading security practices.
- Continuously improve monitoring capabilities and automation.
- Support, deliver, and sustain image customization and secured builds utilizing STIGS and other templates to ensure all applications, servers, and services are configured in accordance with the risk management framework and the JSIG Rev 4 and beyond.
- Ensure all system and services are properly STIGed and JSIG Rev 4 compliant prior to deployment into the production environment.
- Ensure all system logs, application logs, and event logs are sent to the security operations team and the insider threat team in real time.
- Provide network forensics monitoring service integration: The contractor’s network forensics service must integrate with the contractor’s monitoring solution in order to allow alarms to be created.
- BS degree and 8-12 years of prior relevant experience or Masters with 6 10 years of prior relevant experience.
- Maintain expert knowledge of endpoint and networking security controls; provide updates to security control guidance.
- Familiarity with all related aspects of cybersecurity operations and security architecture & engineering.
- In-depth knowledge of network and application protocols, cyber vulnerabilities and exploitation techniques and cyber threat/adversary methodologies (TTPs).
- IAT Level II Baseline Certification (e.g. CCNA Security, CySA , GICSP, GSEC, Security CE, CND, SSCP)Ability to translate highly technical matter to non-technical audience
- Excellent communication skills
- In-depth experience with security domains and industry best practices; business continuity and disaster recovery, emerging technology
- Proficient at data on-boarding activities including routing, parsing, and normalizing events to the Splunk Common Information Model (CIM)
- Specific experience using Splunk add-ons for Windows, Linux, and common third-party devices and applications
- Specific experience onboarding data into Splunk via forwarder, scripted inputs, and modular inputs from a variety of sources
- Expertise performing Splunk systems administration, including performing installation, configuration, monitoring system performance and availability, upgrades, and troubleshooting
- Prior experience with one or more of the following tools:
- Splunk Administrator Certified / Splunk App Developer
- Prior experienced with DISA and DISA’s support to mission partners
- TS/SCI w/CI Poly Preferred
- Proficient in cloud hosted networks
- Master’s degree in IT, Cybersecurity, or related field.
Special Requirements/Security Clearance
- Candidate must possess an active DOD TS/SCI level security clearance, and be eligible to obtain and maintain a CI Poly
- By Light does not require COVID-19 vaccinations or boosters; vaccination requirements and testing are subject to the status of the federal contractor mandate and customer site requirements; testing is at the cost of the employee.