Description
SAIC is seeking a highly motivated Configuration Management Specialist. The successful candidate will provide support to the Cybersecurity Integrity Center (CIC) in the Department of State Bureau of Information Resource Management (IRM). Duties are in the Washington, D.C. metropolitan area (30% in downtown D.C; 70% in Beltsville, MD). The CIC supports cybersecurity monitoring, threat analysis, incident response, and infrastructure remediation within and across all of the State Department’s information technology (IT) infrastructure. The CIC coordinates and collaborates with other State Department bureaus as well as other organizations within the Federal Government, and commercial partners. Work is performed in a 24x7x365 operation and shifts available are to be determined.
The position may allow temporary hybrid remote work due to Covid-19. Position may be called back onsite at any time at the customer's request.
Description of Duties
The Configuration Management Specialist will provide broad and in-depth knowledge to conduct offensive cyber operations across the organization globally. In this role, you will conduct offensive security operations to emulate adversary tactics and procedures to test preventative, detective, and response controls across the global technology landscape. The Penetration Tester will:
- Conduct highly complex offensive security operations testing consistent with known adversary tactics techniques and procedures and contribute to the development of objectives and approaches taken to remediate risk.
- Apply sound technical and management principles to identify and remediate cybersecurity --vulnerabilities across the State Department global IT enterprise infrastructure
- Apply organizational and process change principals
- Evaluate system performance results, lead teams in response to incidents/problems, perform risk assessments, and evaluate performance metrics
Responsibilities include:
- Prepares configuration management plans and procedures.
- Responsible for configuration management of requirements, design, and code.
- Operates and manages program support library. Responsible for configuration management activities including product identification, change control, status accounting, operation of the program support library, and development and monitoring of equipment/system acceptance plans within a cybersecurity environment.
- Evaluates and selects configuration management tools and standards.
- Conducts periodic site inventory in order to create and maintain inventories of equipment, software, and/or systems.
Qualifications
Required Education & Experience
- Bachelors and five (5) years or more experience; Masters and three (3) years or more experience; may accept additional experience in lieu of degree
- Experience in configuration management and support
- Experience working in the cybersecurity field
- Ability to determine security systems resilience and dependability capabilities, changes in conditions, operations, or the environment will affect these outcomes
- Ability to recognize vulnerabilities in security systems (e.g., vulnerability and compliance scanning)
- Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)
Required Clearance
- US Citizenship
- Active Secret or Top Secret Clearance
- Active Top Secret is preferred
Desired Education, Skills & Experience
- Bachelor’s degree in cyber security and related discipline or equivalent years of experience and expertise
- Evaluated the adequacy of security designs
- Ability to assess security controls based on cybersecurity principles and tenets (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.)
- Developing detection signatures
- Collecting data from a variety of cyber defense resources
- Performing packet-level analysis
- Conducting trend analysis
- Reading and interpreting signatures (e.g., snort)
- Detecting host and network-based intrusions via intrusion detection technologies (e.g., Snort)
- Using protocol analyzers
- Using incident handling methodologies
- Use cyber defense Service Provider reporting structure and processes within one’s own organization
- Recognizing and categorizing types of vulnerabilities and associated attacks
Desired Certifications
- Microsoft Certifications (MCSE, MCSA, MCSD)
- CISSP or CISM
- IAT/IAM/IASAE level III equivalent.
- ISACA Certified Information Systems Auditor (CISA)
- GIAC Security Expert (GSE)
- SCP Security Certified Network Architect (SCNA)
- ISACA Certified Information Security Manager (CISM)
- Cisco Certified Network Associated (CCNA)
- Certified Ethical Hacker (CEH)
Covid Policy: SAIC does not require COVID-19 vaccinations or boosters. Customer site vaccination requirements must be followed when work is performed at a customer site.