ManTech International Corporation provides innovative engineering and systems integration services that help our customers solve their toughest, most intractable problems. National defense and homeland security clients depend on our rapid, cost-effective development of adaptable, interoperable, integrated solutions that provide high performance in quick-response scenarios.
ManTech is seeking an experienced Cyber Security Subject Matter Expert (SME) to support our growing Marine Corps programs in Quantico, VA.
** This position requires a current DoD TS/SCI clearance **
Conduct technical self-assessments and independent verification and validation (IV&V) assessments aligned with Marine Corps policy. Applicable testing includes but not limited to; DoD approved automated tools (Kali Linux, ACAS, Wireshark, nMap), security readiness reviews, Security Technical Implementation Guidance (STIGs) and manual security checklists.
Apply Common Vulnerability Scoring System (CVSS) ratings and other applicable guidance in communicating characteristics and impacts of vulnerabilities to key stakeholders.
Conduct repeatable and accurate testing techniques within the appropriate system classification levels and in accordance with applicable DISA, NSA, DIA and Marine Corps guidance. Conduct security impact analysis. Develop custom tools and attack scripts for vulnerability exploitation. Conduct remote triage, debugging and analysis.
Conduct a comprehensive technical review and examination of all system baseline changes to include development of test procedures, testing of proposed changes, implementation of changes and system operations.
Provide input into the security design and architecture of all MCIA IT systems by implementing system security mechanisms and providing cybersecurity guidance.
Conduct an evaluation of the system architectures and identify whether or not security engineering and principles are embedded throughout the system.
Support the installation of new or modified hardware, operating systems, and software applications ensuring integration with cybersecurity requirements for the systems.
Apply group policies changes, STIGs and any other security protection mechanisms.
Conduct cybersecurity protection, detection, response and recovery actions to quickly resolve or mitigate emergent cybersecurity threats, unauthorized activity and vulnerabilities for all IT systems.
Conduct system administration duties of CND tools to include application and operating system (HBSS, SPLUNK, Websense, Forensics Tool Kit (FTK) or EnCase, ACAS).
Conduct Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) monitoring, analysis and reporting (HBSS/HIPS/etc).
Conduct incident handling and reporting.
Conduct impact assessment matrix IAW applicable incident response policy. Implement vulnerability countermeasures on all IT systems/networks.
Meet DoD 8570 requirements for example, must have, and maintain active Security + CE and MS Windows certificates
• Should include at least three (3) of the following:
• Working knowledge of SCOM
• Working knowledge of SCCM
• Active directory (user account creation, password resetting, Kerberos setup, PKI setup)
• Set-up, configuration and support of internal and external networks
• Identifying and analyzing systems requirements
• Developing and maintaining system applications and security
• Developing and maintaining network configurations
• Troubleshooting network performances issues
• Providing user support and guidance
• Recommending and implementing upgrades, patches, new applications and new equipment
• Developing and maintaining disaster recovery place
• Ensuring proper documentation, coordination and maintenance of multiple systems
• PowerShell scripting using any/all of the respective plugins related to the applicable technologies
• Working knowledge of DoD STIGs related to the applicable technologies and how to implement, mitigate, and write POAM statements
• Respond to, incidents, change requests, and service requests making sure to follow up with the customer to ensure completion