Common Access Card (CAC)/Public Key Infrastructure (PKI) Systems Engineer - Senior

Overview

Empower AI is AI for government. Empower AI gives federal agency leaders the tools to elevate the potential of their workforce with a direct path for meaningful transformation. Headquartered in Reston, Va., Empower AI leverages three decades of experience solving complex challenges in Health, Defense, and Civilian missions. Our proven Empower AI Platform® provides a practical, sustainable path for clients to achieve transformation that is true to who they are, what they do, how they work, with the resources they have. The result is a government workforce that is exponentially more creative and productive. For more information, visit www.Empower.ai.

Empower AI is proud to be recognized as a 2024 Military Friendly Employer by Viqtory, the publisher of G.I. Jobs. This designation reflects the company’s commitment to hiring and supporting active-duty and veteran employees.

Responsibilities

Empower AI: As a Common Access Card (CAC)/Public Key Infrastructure (PKI) Systems Engineer, you will provide services in support of the Army Network Enterprise Technology Command (NETCOM) on the Army Department of Defense Information Network (DoDIN-A) Cybersecurity and Network Operations Mission Support (ADCNOMS) contract. You will be responsible for the mandated DoD enterprise capabilities supporting certificate issuance, revocation, and validation, as well as secure key storage and management for Army and DoD networks and components. You will work with a suite of tools which provide certificate issuance to hardware devices authorized to receive Army certificates, certificate validation infrastructure, and secure key storage and management for all devices on the DoDIN-A network and systems.

Highlights of Responsibilities:

• Draft and maintain enterprise system documentation.
• Conduct Change, Configuration, Release Management (CCRM) activities on a recurring basis.
• Draft emerging technology or new capability fielding documentation.
• Complete and upload into eMASS vulnerability scans using ACAS, and compliance scans (SCAP) to support RMF.
• Develop artifacts including items such as documentation of system functionality, connectivity, data flows, PPSs, management concepts, security plan, and hardware/software configurations in support of system ATOs.
• Update the eMASS POA&M for each capability.
• Manage applicable system changes using both approved NETCOM document templates and the Configuration Management Data Base (CMDB).
• Maintain standard baseline configuration within the ITEF.
• Participate in technical information exchanges in various technical forums
• Provide enterprise compliance analysis.
• Provide and support data mining and data visualizations, including items such as dashboards, business intelligence, workflow diagrams, SharePoint Services sites, and customized queries and reports.
• Test and identify system limitations and make recommended system improvements to optimize and enhance system functionality and performance
• Support automated software delivery and configuration management of the computing environment.
• Develop and release Cyber Tasking Order (CTO) POA&M mitigations that delineate the defense in depth measures taken to reduce the risk to the DoDIN-A infrastructure, data, and customers.
• Develop system-specific technical key performance indicators (KPI) and analysis reports.
• Draft enterprise system architectural diagrams.
• Develop and maintain system diagrams, to include High Level Operational Concept Graphic (OV-1), Operational Resource Flow Description (OV-2), System Interface Description (SV-1), Systems Resource Flow Description (SV-2), or other required system interface diagrams.
• As required support fielding activities.
• Monitor capability incident queues, respond to > 95% of new incidents in accordance with minimum response times.
• Generate monthly standardized reports of incident and problem management KPIs by capability.
• Provide weekly in-depth discussions by capability on incident management performance utilizing Government provided dashboards
• Provide Tier III support (break/fix) during normal duty hours and during call-back hours.
• Coordinate and interface with the Global Cyber Center (GCC), Regional Cyber Centers (RCCs), Network Enterprise Centers (NECs), all echelons of the DoDIN-A and the Joint NetOps community, and product specialists to resolve incidents and problems.
• Document all known errors, problems, and solutions discovered in the process of executing Tier-III break/fix operations.
• Request and receive Government approval before escalating Tier-III incidents or problems to Tier-IV vendor support.
• Draft technical guidance outlining step-by-step remediation procedures, targeted to a Tier-I/Tier-II user audience.

Qualifications

Minimum Requirements:

• Secret Security Clearance
• Security+
• Bachelor’s degree
• 7 – 12 years of experience
• Advanced Sustaining engineering in applications and technologies comprising Public Key Infrastructure.
• Intermediate operational experience in Active Directory, ActivClient, Hardware Security Module, OCSP, and Certificate Authority and smart card enablement.
• Intermediate experience in Microsoft Internet Information Services (IIS), Apache HTTP servers.
• Intermediate experience with the DoD CAC PIN reset program and workstations.
• Intermediate operational experience of CAC/PKI technologies, CAC-enabled Active Directory domains, and virtualization technology.
• Basic operational knowledge of Army PKI and Joint Informational Environment PKI efforts.
• Advanced expertise in Microsoft OCSP; Axway Validation Suite; and CoreStreet Validation Suite.
• Intermediate experience in applications comprising the public key infrastructure and key management infrastructure.
• Extensive experience in applications comprising the public key infrastructure as outlined in CNSSI No. 1300 and current RPS/CPS guidance documentation.
• Basic knowledge of networking concepts, including common infrastructure, technologies, security, troubleshooting, and tools.
• Basic knowledge of common operating systems, including Windows Desktop, Windows Server, or RedHat Linux.
• Basic knowledge of virtualization technologies and software, such as VMWare or Hyper-V.
• Basic knowledge of cloud technologies, such as Intune, Azure, and Amazon Cloud Services.
• Intermediate knowledge in Microsoft Office tools, including Word, Excel, Outlook, Teams, and PowerPoint.
• Intermediate knowledge in latest version of ITIL processes, with particular emphasis on Change, Release, and Configuration Management for enterprise systems.
• Intermediate knowledge in latest version of ITIL processes, with particular emphasis on Incident and Problem Management for enterprise systems.
• Intermediate experience providing direct technical support and troubleshooting to customers for complex IT-related issues.

Preferred Qualifications:

• GIAC certified Windows Security Administrator (GCWN) certification
• Microsoft Certified: Identity and Access Administrator Associate certification
• DoD Cyber Workforce Framework (DCWF 632) Systems Developer Advanced qualified (FITSP-D or GCSA or GISF or SSCP) or equivalent certification
• ITIL v4 Foundations certification

Physical Requirements:

• Sitting for long periods
• Standing for long periods
• Ambulate throughout an office
• Ambulate between several buildings
• Stoop, kneel, crouch, or crawl as required
• Travel by land or air transportation 10% or less

About Empower AI

All hiring and promotion decisions at Empower AI are based on merit to bring the best talent available to contribute to our firm’s overall success. It is the policy of Empower AI not to discriminate against any applicant for employment, or employee because of age, color, sex, disability, national origin, race, religion, or veteran status. Empower AI is a VEVRAA Federal Contractor.