Cyber Analyst Mid-504126

Delaware Nation Industries (DNI) is a prime contractor providing manpower and support IT Operations and Maintenance to the Defense Contract Audit Agency (DCAA) to ensure every DCAA employee has reliable support and access to the DCAA’s network equipment, email systems, and shared drives and databases to successfully carry out their mission to the Department of Defense. We are currently interviewing for a Cybersecurity Analyst to support this initiative in an enterprise-level work environment.  

Responsibilities:        

• Provide diverse Cybersecurity services that enforce, comply with, and support the DOD cybersecurity directives, policies and procedures.
• Provide Cybersecurity services that may include, but are not limited to, policy development; security technical assessment; insider threat assessment; security architecture development; security engineering; certification and accreditation; security compliance, audit, assessment, and reporting services; inspection services in accordance with DOD Directives; vulnerability assessment and management; metrics consolidation and reporting; computer network defense (CND) operations, monitoring, and analysis; cybersecurity and IT systems and tools administration and maintenance; incident response, tracking, and resolution; cross-domain solutions support; inter-agency coordination; and PKI procedures and guidance. The two primary objectives of Cybersecurity are:
• Prioritized identification and protection of high value information and assets
• The timely detection of and rapid response to cyber incidents
• Risk Management Framework (RMF). Using the DOD RMF in conjunction with other DOD guidance and directives, the contractor is required to provide efficient and effective system Certification and Accreditation (C&A) support for IT systems and applications.
• Identify, analyze, define, develop, coordinate, implement and audit the security policies, procedures and processes for the DCAA systems and infrastructure
• Evaluate, document, and report IT systems security posture and configuration for DCAA systems risk analysis.
• Perform vulnerability management and reporting for DCAA systems and compliance with DOD Information Assurance Vulnerability Management (IAVM) policy.
• Provide guidance on remediation steps to close any identified vulnerabilities and minimize the agency’s attack footprint. DCAA currently uses Tenable Nessus and Security Center for system scanning and vulnerability detection.
• Conduct wireless assessments of DCAA facilities to identify and evaluate IEEE 802.11 Wireless Access Points (WAPs) that exist within DCAA’s physical office location(s) and work with POCs to determine if any rogue access points are in use.
• Perform Web Application Assessments to identify web application specific vulnerabilities and assess the security posture of selected web applications against NIST 800-53 standards and DISA’s Application Development STIG.
• Perform Operating System Security Assessments to assess the configuration of select host Operating Systems (OS’s) against standardized configuration baselines (DOD Secure Host Baseline (SHB). The results identify deviations from Government required baselines and recommended remediation steps to bring configurations into compliance.
• Conduct Database Assessments to determine the configuration of selected databases against configuration baselines in order to identify potential misconfigurations and/or database vulnerabilities. The assessments must identify and usernames and passwords, perform a limited User Rights Review (URR), identify patch-management issues, and review various other security vulnerabilities and configuration problems. The results identify deviations from baselines, if applicable, as well as insecure configurations that are applied on assessed databases. Recommended remediation actions must be provided.
• Ensure that DOD Security Technical Implementation Guides (STIG) are in use for all applicable areas within the DCAA infrastructure and applications. The results identify deviations from baselines, if applicable, as well as insecure configurations applied on assessed databases. Recommended remediation actions must be provided.
• Support Cybersecurity Operations, as required, to develop monitoring, response and handling procedures for intrusion and malicious code incidents. Tasks include conducting, supporting and coordinating network intrusion detection events and analysis.
• Monitor, respond to, and report computer security events for DCAA Host-Based Security System (HBSS). DCAA currently utilizes McAfee ePolicy Orchestrator and suite of host based products. The current security systems and tools may change as the trends in technology change and/or Government need/mandates are required.
• Perform resolution of HBSS client issues for DCAA systems. Resolution will include identifying and correcting client deficiencies, addressing all errors and inadequacies, identifying client trends, and providing solutions for improvement
• Deploy, configure, maintain, and update Anti-Virus Software for DCAA systems. DCAA currently uses McAfee Anti-Virus Enterprise, managed via the ePolicy Orchestrator console; however, platform could change in the future.
• Actions must be taken to investigate, categorizes, respond to, and mitigate events/incidents in accordance with the DCAA Incident Response Plan and procedures. Level 2 Service Provider personnel must perform the following tasks, and make every effort to meet the SLA requirements as set by the priority level of the incident:
• Investigate the facts surrounding the incident, using DCAA resources as needed
• Develop damage mitigation strategies
• Document all changes, following up with a CR, as required
• Provide eDiscovery and digital forensic collection and analysis capabilities. In support of this requirement, the Contractor is required to:
• Provide digital collection of information, using a variety of tools, such as: EnCase, and Access Data tools, such as FTK, FTK Imager, Password Recovery Toolkit (PRTK), and Mobile Phone Examiner Plus (MPE+)
• Image computers and mobile devices using approved DOD methods for digital evidence
• Safeguard and maintain chain of custody of digital evidence
• Extract data from the digital evidence and provide detailed written reports of forensics findings
• Maintain accountability and document activity for each case.
• Cybersecurity Toolset Administration (SPLUNK). The contractor shale provide functional expertise for all aspects DCAA’s SPLUNK toolset to correlate events and reporting from multiple network sources
• Responsible for the addition and removal of devices in the SPLUNK system
• Responsible for the configuration of SPLUNK to allow DCAA to get the most effective use
• Responsible for the installation, patching, upgrading, and maintaining IAVA compliance of SPLUNK
• Responsible for manipulating the data to get DCAA the reports they need
• Responsible for developing dashboards and running adhoc, daily, weekly and monthly reports
• Responsible for notifying government of potential issues pertaining to the SPLUNK system.
• Responsible for documenting hardware and software configurations and keeping them up to date.
• Submit Configuration Control Board requests for configuration changes.

Requirements

• Secret Security Clearance
• 5 years of progressive experience in continuous monitoring, analyzing incidents and handling incident response.
• Expert knowledge of utilizing Cyber tools, performing vulnerability scans and utilizing DoD Standard Technical Implementation Guide (STIG), Secure Content Automation Protocol (SCAP) assessments, and manual review checklists to ensure compliance with DISA STIGS and Cybersecurity.
• DoD 8570 IAT Level II Certification