Network Server Administrator

Cybersecurity Engineer/Network Server Administrator

We are currently seeking a Cybersecurity operations-focused Engineer with MS SENTINEL expertise and networking background to join our team serving the United States Military Academy (USMA) at West Point, NY. The role is onsite at USMA, however a hybrid/remote work schedule may be accommodated, subject to contract requirements and business needs.

The individual assigned to support the USMA Cybersecurity Branch's mission and strategic direction will provide knowledge, techniques, and expertise in the configuration, monitoring and securing of network and network services both on premises and in the Azure cloud.

This position is located at The U.S. Military Academy at West Point in West Point, NY and reports to the Director of Government Programs.

Duties and Responsibilities:

•  Assessing network (switches, APs, firewalls and network services Cisco ISE, Prime) cybersecurity vulnerabilities and risks and providing specific, prioritized, mitigation recommendations to the customer.

• · Advising the customer on design and implementation options for desired capabilities relating to cyberoperations.

• · Documentation and testing of security controls as relating to the ATO package process including reviewing and creating network diagrams, data flows and SOPs.

• · Continuous assessment and auditing of vulnerability remediation, configuration, and operation, to ensure compliance of the customer network using the eMASS and NIST controls for RMF. Active participation in activities related to security RMF life cycle.

• Configure, plan and design incident, correlation and playbooks to assist the Cyber-Ops in addressing threat response using MS SENTINEL SIEM.

• Make recommendations to CIO/G6 Cyber and CIO/G6 CTO on changing of baselines to enhance security without compromising mission functionality, provide mission impact and risk analysis for any recommendations. · Assist the customer in defining best practices and technical approaches in a MS Azure (Microsoft Secure Score, Defender ATP Portal, Azure Secure Score) commercial cloud environment.

• · Track and perform annual re-evaluation of Cyber regulations, policies, guidelines, standards, and procedures, and perform updates as needed.

• · The individual will function as the organizational ambassador for network cyber operations and apply their expertise to support the organization's vision and strategic direction.

• Additional duties include the following:

• · Demonstrate proficiency in understanding, articulating, and implementing best practices as it relates to complex IT projects.

•  .

• · Cultivate and maintain effective working relationships with customer team members, network admins, project managers, department computer officers (DCOs), and representatives of the Military Academy Directorates (MADs). Participation in multiple workgroups.

• · Articulate dissemination of information across all levels of the organization and to diverse stakeholders.

• · Translate subject matter technical terminology into business terms and recommend alternatives to both senior management and security practitioners.

• The above cited duties describe the general nature, and level of work performed. It is not intended as an exhaustive list of all the duties an incumbent may be expected to perform.

• Firewall: Monitor firewalls and Intrusion Prevention & Detection Systems events to determine if threats are being tracked correctly in SENTINEL and modify/create playbooks to address deficiencies in response. Provide configuration recommendations to Cyber and Implementation teams on ways to improve security without impacting mission requirements to include industry best practices. Makes recommendations as to deployment of additional IDS/IPS systems and configurations to protect the WREN enclave.

• Security Information and Event Management (SIEM): Will monitor CIO/G6 MS SENTINEL SIEM and determine operational playbooks to be updated and created for events resulting from logs ingested from different sources including and not limited to MS Defender for Azure, Defender for Endpoints, Defender for Applications, DarkTrace, StealthWatch and other syslog devices.,. Will advise on policy tuning and baseline configuration tuning to reduce false alerts while ensuring true alerts are captured and addressed through playbooks. Will recommend implementation procedures for automatic remediation processes and ways to streamline alert remediation process based on alert types, frequency, impact, severity, and other alert criteria as defined by G6 Cyber.

• c) Network and Infrastructure: Review findings in monthly STIG checks and create tickets and POA&Ms in working with the Cyber-Ops team. Review and create networking diagrams as necessary for the RMF documentation. Evaluate security posture against the compliance requirements and mange vulnerability tracking and remediation to enhance the overall RMF package assessment and authorization process. Assist with implementation and design as required for the network as a whole and for individual assets, in the core and edge, of on premises infrastructure and advise in the Azure network security design. Make recommendations to CIO/G6 Cyber and CIO/G6 CTO on changing of baselines to enhance security without compromising mission functionality, provide mission impact and risk analysis for any recommendations. Assists Cyber team with research into different settings and tools. Evaluates recommended changes for system impact, ability to implement, and security enhancement.

Minimum Qualifications:

• · Intermediate Network Administrator, Vulnerability Assessor, or Security Control Assessor certification (Security+, CCNA, GSEC, etc.).

• 3 Years experience in Cyber Security· 

• Intermediate to advanced level of experience with MS SENTINEL SIEM, specifically around playbooks and automation of threat response.

• · Knowledge of configuration management and quality assurance concepts and guidelines such as AGILE, Information Technology Infrastructure Library (ITIL), Institute of Electrical, and Electronic Engineers (IEEE), National Institute of Standards and Technology (NIST), Software Engineering Institute (SEI), Capability Maturity Model Integration (CMMI), and Project Management Body of Knowledge (PMBOK).

• · Knowledge of NIST Special Publication 800-53.

• · Knowledge of DoD Risk Management Framework (e.g., DoD Instruction 8510.01)

• · Familiarity of IT Ticketing systems.

• · Must possess technical knowledge, both of current technology and emerging trends.

• · Strong communication (written and verbal) skills.

• · Ability to build relationships across a diverse stakeholder environment.

• · Highly organized and detail oriented.

• · Ability to manage competing priorities in a fast-paced environment.

• Preferred Qualifications:

• · Bachelor's Degree in related technical discipline; or an Associate's Degree with 3+ years of experience.

• · Knowledge of Army's Enterprise Mission Assurance Support Service (eMASS).

• · Experience with Assured Compliance Assessment Solution (ACAS) findings and resolution.