LOCATION: Aberdeen Proving Ground, MD
Support, monitor, and provide analysis for all aspects of network security to include but not limited to Firewall, Intrusion Detection System (IDS)/Wireless Intrusion Detection System (WIDS)/Intrusion Prevention System (IPS), Web Proxy, Network Access Control (NAC), Security Information and Event Management (SIEM), and Host Based Security Analysis (HBSS). Recognize and respond to potential successful, and unsuccessful intrusion attempts and compromises through the monitoring and analyses of relevant reports, event logs, and alerts received from all network security related systems. Monitor threat intelligence feeds for the latest threat information. Respond to potential security incidents, identify false positives where applicable, open incident tickets, perform incident analysis, and close tickets upon completion. Serve as a POC to the Cybersecurity Service Provider (CSSP) and respond to all CSSP generated network security and compliance related incidents. Coordinate response efforts with the CSSP, generate required reporting, and verify incident closure. Monitor and respond to guidance, directives, and issuances from the USCYBERCOM, and tracks and reports on compliance with Communication Tasking Orders (CTOs), Task Order (TASKORD), Operational Orders (OPORD), Information Assurance Vulnerability Alerts (IAVAs), Vulnerability Disclosure Program (VDPs) and other security requirements. Initiate organizational incident response procedures, and notify the reporting chain, upon identifying a successful compromise to any Information System (IS). Communicate incident information and provide guidance to the impacted system owner. Identify suspicious or malicious traffic and escalate appropriately. Coordinate with network personnel for IP and other network blocks based on incidents and findings. Provide response and support for HBSS software and virus incidents, notify the affected customer, gather incident details, and coordinate corrective action to clean viruses and malicious software from affected systems. Perform network security analysis and design for designated unclassified and classified networks. Work autonomously to research and design security solutions to satisfy organizational requirements. Proactively identify network security weakness and develop solutions to improve security posture, including queries, dashboards, policies, and custom reports. Provide project lifecycle management for network security driven efforts. Ensure Cybersecurity leadership is provided weekly updates on all projects impacting IS within the security boundary. Review and monitor firewall policies in order to identify misconfigured, overlapping, or ineffective policies. Evaluate firewall change requests, assess associated risks, and provide recommendations. Track and maintain lists of open ports via the DoD Ports, Protocols, and Services Management registry. Review and ensure the security hardening of all network related devices IAW DISA STIG requirements, and industry security best practices for system hardening. Maintain knowledge of DoD/Army Traditional Security requirements as they relate to the protection of classified network equipment and classified IS. Coordinate with other teams to implement and maintain Traditional Security for all organizational classified processing areas. Verify HBSS compliance and health for every IS within the authorization boundary. Ensure the integrity and protection of networks, systems, and applications by technical enforcements and organizational security policies; and monitoring of vulnerability scanning software and devices. Continually monitor and configure NAC to confirm visibility of every asset within the authorization boundary. Proactively adapt to a changing environment, by creating and modifying NAC policies as required. Monitor and verify the security and compliance of all wireless systems including WIDS, Wireless Controllers, and Access Points. Conduct monthly war driving in order to baseline the wireless landscape, and identify rogue access points. Report significant findings and initiate incident response procedures as required. Perform vulnerability and risk analyses of computer systems and applications during all phases of the system development life cycle. Perform periodic and on-demand system audits and vulnerability assessments, including user accounts, application access, file system, and external web integrity scans to determine compliance. Analyze audit and security logs, to identify unauthorized processes or attempts gain unauthorized access. Review and monitor web content servers and systems, identify issues and deficiencies, collect and review information on malicious sites and update block lists, make corrections and advise Cybersecurity leadership of possible incidents, malicious activity, and inappropriate use. Provide response and support to address customer issues related to blocked web sites. Install and maintain required Cybersecurity tools and software. Provide packet capture analysis as needed, using various network protocol analyzers. Generate and review daily/weekly/monthly trend analysis reports, based on data gathered from various network security devices. Provide executive summaries to Cybersecurity leadership, highlight significant areas, and provide recommendations where applicable. Maintain existing SOPs and create new ones if required, in order to support the network security objective. Create, review, and update Cybersecurity policies, documentation, and diagrams specific to the organization. Participate in security assessments. Review change request information and participate in Change Management meeting giving recommendations based on DoD/Army policy and security best practices.
Years of Experience: 7+
IT Level I; IAM II; IAT II
TS (May require TS/SCI eligibility)/SSBI
Full benefits are offered.
Bravura is a rapidly growing Woman Owned Small Business (WOSB) that provides professional and engineering services, technology solutions and product offerings to DoD, Federal Civilian agencies. Bravura is an Equal Opportunity Employer. Bravura does not discriminate against employees or applicants for employment on any legally recognized basis (protected class) including, but not limited to: veteran status, uniform service member status, race, color, religion, sex, national origin, age, physical or mental disability, genetic information or any other protected class under federal, state, or local law. These are positions that require a U.S. Citizenship.