Are you interested in Information Assurance and Computer Network Defense (IA/CND) or have you ever worked in or had aspirations to oversee Cyber Defense operations that includes Firewall, Virtual Private Network and Network Access Control Management? AECOM is looking for someone to employ Defense-in-Depth security strategies across an Enterprise-wide network.
The Information Assurance Engineer is responsible for maintaining the security, integrity and robustness of a portion of the DoD Global Information Grid (GIG). This includes the infrastructure associated with the GIG (routers and switches), the boundary protection devices (firewalls and proxy servers), intrusion detection devices, software antivirus and anti-spam services and core services within a Network Operations Security Center (NOSC).
Information Assurance Engineer will be part of a Network Operations Security (NOSC) team working with Vulnerability Assessment and Security Incident Response personnel with providing Information Assurance (IA) and Computer Network Defense (CND) security capabilities and direction. Performs management functions on devices such as Firewalls, Routers, Switches, VPN and NAC solutions to include network based Intrusion Detection, Intrusion Prevention Systems and Host base Intrusion Prevention Systems. Assists in the assessments of systems and networks within the network environment or enclave and identify where those systems/networks deviate from acceptable configurations, enclave policy, or local policy. On occasion, works with the IT work centers to develop risk response recommendations for the government client organization including avoidance, transference, acceptance or mitigation of security risks and vulnerabilities. The candidate should have experience in managing, configuring and sustaining an enterprise network environment of boundary and infrastructure equipment/capabilities. In addition, candidate must be able to perform network server builds, test their configuration and remotely manage their capabilities.
Candidate may be asked to manage and monitor the following capabilities:
Wireless Local Area Network
Remote Access Controls
Malicious Codes Control (Anti-Virus/Anti-Malware systems)
Intrusion Detection and Prevention
Media Control Practices
Physical and Environmental Security
Data Leakage Protection
Network Penetration Assessment Tools (e.g. CoreImpact)
Host Based Intrusion Prevents Systems
Forensic Application Suites (e.g. EnCase)
Candidate may be asked to produce, although not all inclusive, the following information as part of an assessment:
Both Executive and Technical summaries containing the findings and recommendations on how to improve technical deficiencies and potential DISA STIG or IAVA oversights
All work papers including network vulnerability scan results of locations
A network inventory summary listing all computing devices examined (Computing device configurations and installed software details)
A topology detailing WAN/LAN connectivity and critical networking components
Candidate may be responsible for, among other tasks, reviewing and coordinating the implementation of DoD policies and procedures concerning Information Assurance. Candidate will be actively involved in staying abreast of and informing the client of the current government directives, instructions, guidance or policies regarding or impacting Information Assurance.
Excellent communication and presentation skills required.
Active Secret security clearance (or ability to be granted an interim Secret clearance)
Achievement of ITILv3 certification
2+ Years IT or Computer Network Defense (CND) enterprise network experience
Experience with Checkpoint, Sidewinder, PIX or similar firewalls
Experience with BlueCoat Proxy or Websense or internet access management system
Experience with Virtual Private Network solutions (Juniper)
Experience with Network Access Control (NAC)
Experience with Intrusion Prevention, Intrusion Detection, or Host Intrusion Prevention/Detection systems
Shift flexibility mandatory
CCNA, MCSE, MCITP or Certified Ethical Hacker (CEH) certification Experience with MS System Center Configuration Manager (SCCM) Familiarity with Vulnerability Life-Cycle Management (VLMS)
Host Based Security System (HBSS)
Scanning tools such as eEye Retina, Nessus, Accunetix
Forensic tool such as EnCase
Experience with ePolicy Orchestrator (HBSS)
Experience with Remedy Trouble Ticketing System for Incident tracking
Experience with Anti-Virus/Anti-Malware systems
Current TS/SCI security clearance
Please Apply to link below: