One Federal Solution seeks a talented and passionate Network Defense Administrator Expert to join our Hawaii team to support our Federal Government client. The Network Defense Administrator Expert will perform day-to-day Computer Network Defense (CND) Analyst services and is responsible for supporting information security technology disciplines and practices to ensure the confidentiality, integrity, and availability of information assets in accordance with established standards and procedures. Task and Duties: Regularly analyze multiple sources of data from CND tools to gain situational awareness of cyber activity.
Analyze, interpret, and recommend solutions for system shortfalls, discrepancies or improvements in technologies and security requirements.
Maintain currency of cyber threats and threat actors. Conduct deep-dive intelligence analysis of threat actors and attacks as directed.
Manage and administer the organization's firewalls, IDS, IPS, and packet capture (PC) analysis system. This includes developing custom content, monitoring system health, performing upgrades/updates, and ensuring proper operation of physical & virtual appliances.
Monitor the performance of the firewalls, IDS, IPS, and PC systems and identify and troubleshoot issues as they arise.
Conduct regular assessments of the organization's cybersecurity posture related to firewalls, IDS, IPS, and PC systems and identify areas for improvement and enhancement.
Work closely with other cybersecurity professionals and stakeholders to ensure effective communication and collaboration on cybersecurity issues.
Proactively analyze, interpret, and prioritize system shortfalls, discrepancies, or necessary improvements in technologies and security requirements. Provide recommendations on engineering solutions and complex trouble resolutions. Work closely with network administrators to troubleshoot network connectivity and work with the various Operations teams to isolate faults. Use Splunk to perform analysis and event correlation to identify anomalous activity. Work with SIEM Administrator to identify, capture and display timely and relevant security. information from Firewall, IPS, IDS, and PC in the Security Information Event Manager (SIEM). Stay abreast of the latest cybersecurity threats, trends, and technologies. Maintain documentation of all configurations and changes to the system.
The contractor will conduct analysis of suspicious activity and categorize findings within SIEM.
Configuration management summary of changes to maintain and validate changes to each system baseline on a weekly basis.
Maintain the security posture and Security Technical Implementation Guide (STIG) compliance, in accordance with DoD requirements, of all assigned systems and applications.
Review and evaluate assigned tickets in ServiceNow daily and determine the best way to support.
Identify and develop workflows for CND based assets, requests, and tasks within ServiceNow.
Utilize ACAS to monitor the security posture of assigned assets, to include creating policies, running scan jobs, analyzing reports, and validating repository information.
Ensure all systems and applications are compliant with DoD Public Key Infrastructure (PKI) requirements, to include the maintenance of DoD PKI certificates for all assigned systems and applications.
Occasional after-hours and weekend work are required to support both scheduled and unscheduled service outages. Qualifications: IAW DoD 8140.03-M, must meet the Intermediate Proficiency Level qualifications.
Must have at least four years of cybersecurity experience, focusing on firewall, IDS, and IS administration.
Demonstrated knowledge of firewall, IDS, and IPS systems and their capabilities.
Must have experience with packet capture technology.
Strong analytical and problem-solving skills, with the ability to analyze and interpret data flows.
Excellent communication and collaboration skills.
Must be familiar with DoD Instructions 8530 and 8551.
Have experience with Cyber Incident Response in accordance with CJCSM 6510.01b
Must have experience using Microsoft Office tools (Word, Excel, PowerPoint, Outlook, and Visio) in preparing analytical reports, information papers, and briefings for executive level recipients.
Relevant industry certifications, such as Cisco CCNA/CCNP, Checkpoint CCSA/CCSE, or Palo Alto PCNSE, are preferred.
Must have at least one relevant CND certification: CISSP, CASP, OSCP, CySA+, CEH, or GCIH
Secret Clearance required.