Cyber Security Engineer/Firewall SME

Company Overview

By Light Professional IT Services LLC readies warfighters and federal agencies with technology and systems engineered to connect, protect, and prepare individuals and teams for whatever comes next. Headquartered in McLean, VA, By Light supports defense, civilian, and commercial IT customers worldwide. 

Cole Engineering Services (CESI), a By Light company, is recognized as a premier provider of modeling and simulation (M&S) training solutions to the Federal Government and industry. Since 2004, CESI has been at the forefront of developing, maintaining, and integrating simulation-based training, serious gaming, technical services, training and other support in live, virtual, constructive, and gaming (LVCG) domains. 

Position Overview

The Cybersecurity Engineer/Firewall SME will provide support at Marine Corps Base Camp Lejeune, NC. This position will to support the ongoing operation, maintenance, and administration of Industrial Control Systems (ICS) and Operational Technology (OT) solutions at the FRCS Cyber Operations Group. This position focuses on ensuring network security, configuring firewalls, and maintaining compliance with Risk Management Framework (RMF) requirements within a mission-critical environment.

Responsibilities

• Manage and maintain ICS/OT systems, including BAS, W&WW, HVSCADA, Metering, Lighting, and other systems as specified by CLNC PWD and FRCS Cyber Operations Group
• Conduct inspections of new and existing sites (e.g., buildings and other physical locations) to evaluate the deployment of ICS/OT Supervisory Controllers
• Provide survey results to CLNC PWD to facilitate the integration of new systems into existing infrastructure
• Assess Supervisory Controllers to ensure proper installation and configuration in accordance with DoD, DoN, and USMC cybersecurity standards
• Establish and maintain a representative Testbed model of correct Supervisory Controller installations
• Configure firewalls in compliance with RMF "Type" ATO/ATC standards
• Design, deploy, and maintain firewall rules and configurations to secure ICS/OT traffic
• Assist in the architecture and administration of Nutanix Hyperconverged Virtual environments
• Support the administration of ICS/OT-related servers and applications in Testbed, Preproduction, and Production environments
• Perform other duties as assigned

Required Experience/Qualifications

• Knowledgeable in securing multiple operating systems and other networked devices using appropriate DISA STIG’s and SRG’s
• Experience with creating and maintaining PKI (Public Key Infrastructure) to be used for secure IPsec VPN connections
• Experience with Palo Alto firewalls in an ICS/OT environment
• Expert in Raspberry PI security and configuration or equivalent device
• Knowledgeable of FIPS 140-2 IPSec configurations including encryption types, key generation/storage, and configuring tunnels in a Hub-and-Spoke architecture
• Experience with building, securing, and accrediting Linux servers and devices
• Expert in writing policies and procedures for the secure configuration, installation, and management of firewalls and Encrypt/Decrypt devices on the MCEN in support of the ICS/OT “Type” ATO/ATC
• Professional Certifications (Required)

Preferred Experience/Qualifications

• Professional Certifications (Desired):
• ITILv4 Foundations
• ICS-VLP Certificate 210W-01 – 10
• RMF Training (USMC specific)

Special Requirements/Security Clearance

DoD Secret Security Clearance Required