Computer Network Defense (CND) - Infrastructure -TS/SCI - Hawaii

Pearl Harbor, HI
May 19, 2017
Jun 23, 2017
Full Time
Mission Statement: Tests, implements, deploys, maintains, reviews and administers the infrastructure hardware and software that are required to effectively manage the computer network defense (CND) service provider network resources. Monitors network to actively remediate unauthorized activities. administer computer network defense (CND) test bed(s), and test and evaluate new CND applications, rules/signatures, access controls, and configurations of CND service provider managed platforms
Coordinate with Computer Network Defense (CND) Analysts to manage and administer the updating of rules and signatures (e.g., intrusion detection/protection systems, anti-virus, and content blacklists) for specialized computer network defense (CND) applications
Create, edit, and manage changes to network access control lists on specialized computer network defense (CND) systems (e.g., firewalls and intrusion prevention systems)
Identify potential conflicts with implementation of any computer network defense (CND) tools within the CND service provider area of responsibility (e.g., tool/signature testing and optimization)
Perform system administration on specialized computer network defense (CND) applications and systems (e.g., anti-virus, audit/ remediation) or Virtual Private Network [VPN] devices, to include installation, configuration, maintenance, and backup/restoration
Assist in identifying, prioritizing, and coordinating the protection of critical computer network defense (CND) infrastructure and key resources
Must have a good understanding of networks at the packet level and be able to analyze packet captures at the expert level.
Basic experience administering and Automating Linux Systems
Scripting experience in Powershell/BASH
Programming and Automation experience utilizing Ruby/Python/Perl
Network Access Control (NAC) experience: ForeScout CounterACT, Cisco ICE
Firewall experience: Cisco ASA, Cisco IOS FW, Palo Alto
Network TAP/SPAN aggregators: Cisco Nexus with Data Broker, Gigamon, Ixia
Virtualization experience: VMware ESX and NSX, KVM, Xen Server
HBSS Operations, In-depth experience with configuring and analyzing results from but not limited to HIPS, DLP and VSE
ACAS Operations (Security Center, Nessus Scanner and PVS),
SPLUNK operations,
Fidelis - In-depth operational work with network IDS and incident response including but not limited to FidelisHBSS ExperienceHBSS Operations, In-depth experience with configuring and analyzing results from but not limited to HIPS, DLP and VSE
Maintain and administer the HBSS operations for the campus wide Enterprise computing systems
Install HBSS agent and modules to servers and end user machines (modules: ACCM,DLP,HIPS,MOVE,PA,RSD,VSE)
Respond to escalated support requests for technical assistance
Validate and coordinate HBSS scheduled maintenance
Create custom queries to meet varying informational demands
Maintain and administer the campus wide Enterprise computing systems to meet the DoD mandated security requirements and directives
Create custom Firewall policies and work with Cybersecurity and incident teams to identify, configure and apply host based IPS signatures to protect against zero-day threat
Create firewall and IPS exclusions based on customer demand and the A&A approval process
Work with the trouble ticket system to coordinate troubleshooting efforts with the end user and their varying issues
Troubleshoot VM and SQL issues that conflict with the basic functionality of ePO
Understand client's operational and sustainment methodologies and processes.
Monitor HBSS to detect faulty operation, anomalies, and security events.
Develop, run, analyze, and maintain reports using SQL and HBSS reporting.
Develop sorting rules, dashboards, data monitors, and filters using HBSS.
ACAS ExperienceProvide cyber security remote scanning and remediation support, as necessary, to sites preparing for CCRIs.
Assist the PMO with maintenance of base/site lists and Internet Protocol host counts.
Maintain effective communications with other teams essential to ACAS operation (e.g., Base Boundary, Server Consolidated Environment,etc.).
Support the reporting of compliance data via ACAS to the e-MASS
Facilitate, as necessary, the transition of ACAS Security Centers new virtual infrastructure; as needed
Author custom security policies.
Perform systems analysis, design review, programming, documentation and implementation of complex system applications and related IT/ADP systems concepts.
Participate in all phases of the software life cycle with emphasis on the planning, analysis, programming, testing and acceptance phases.
Author and/or assist in the authoring of configuration files, signatures and other such files necessary to add new vulnerability discovery capabilities into the ACAS system tool.
Assist vulnerability personnel in the implementation of the DISA Information Assurance and Vulnerability Management programs including vulnerability tracking and compliance reporting.
Assist with implementation of DISA-released software patches, updates, and upgrades.
Accommodate, as necessary, PMO-led pilot programs of Internet Protocol version 6 (IPv6) and Passive Vulnerability Scanner on ACAS.
Experience with Microsoft SQL 2008
Experience with Windows Server 2008 R2
Scripting experience (Perl, JavaScript, HTML)
Knowledge of data communications, local-area networking, wide-area networking, routers, and switches
Thorough understanding of Internet Protocol (IP) routing, switching and the OSI model Must be DOD 8570 CND-IS with in 90 days of hire
Must possess and maintain a US TS/SCI Security Clearance Education Bachelors Degree in Computer Science, Engineering or a related technical discipline, or the equivalent combination of education, technical training, or work/military experience.

Qualifications 5-8 years of related systems engineering experience.


1. Performs complex systems development and design work that may include logic design, I/O design, firmware development, model formulation, manufacturing and development cost projections, computer architecture analysis and design, and analog or digital systems engineering.
2. Performs systems modeling, simulation, and analysis.
3. Participates in the upgrading of operating systems and design of systems enhancements.
4. Provides input for documentation on new or existing systems. 5. Develops and conducts tests to ensure systems meet documented user requirements.
6. Identifies, analyzes, and resolves system problems.
7. Provides system/equipment/specialized training and technical guidance.
8. Determines system specifications, input/output processes, and working parameters for hardware/software compatibility.
9. May provide guidance and work leadership to less-experienced systems engineers.
10. Maintains current knowledge of relevant technology as assigned.
11. Participates in special projects as assigned.12. Comprehensive knowledge of systems engineering principles, methods, and techniques.13. Knowledge of the associated hardware, software, and equipment.14. Professional certification in one or more specific technologies may be required, depending on job   Must be capable of obtaining and maintaining a TS/SCI Clearance.
- Must be able to achieve Security+ CE Certification (or equivalent) within 90 days of hire for positions requiring elevated privileges and ITIL V3 Foundation within six months of hire.
- Additional specific certifications may be required.
- This position may be required to complete short-term deployments to austere locations worldwide.
The work is typically performed in an office environment, which requires normal safety precautions; work may require some physical effort in the handling of light materials, boxes or equipment.
The above job description is not intended to be, nor should it be construed as, exhaustive of all responsibilities, skills, efforts, or working conditions associated with this job.
Requests for reasonable accommodations will be considered to enable individuals with disabilities to perform the principal (essential) functions of this job.
GDIT is an Equal Opportunity/Affirmative Action Employer - Minorities/Females/Protected Veterans/Individuals with Disabilities.  As a trusted systems integrator for more than 50 years, General Dynamics Information Technology provides information technology (IT), systems engineering, professional services and simulation and training to customers in the defense, federal civilian government, health, homeland security, intelligence, state and local government and commercial sectors.With approximately 32,000 professionals worldwide, the company delivers IT enterprise solutions, manages large-scale, mission-critical IT programs and provides mission support services.GDIT is an Equal Opportunity/Affirmative Action Employer - Minorities/Females/Protected Veterans/Individuals with Disabilities.