Counter Insider Threat Engineering Specialist - System Administrator ( R-00078884 )
Computer and Network Security Investigators: conduct administrative investigations (i.e. computer misuse, unauthorized disclosures of sensitive or classified information, mishandling sensitive or classified information, etc.); provide computer and network forensic analysis support to SII and Agency investigators; directly support the NGA Cyber Security Operations Cell (CSOC) during responses to computer and network security incidents; and perform other duties as assigned.
- Investigate suspected instances of fraud, waste and abuse, data spills, and network penetrations.
- Investigate and eradicate computer viruses and malicious code.
- Provide computer incident and violation response support, and cyber security awareness and training.
- Participate in technical meetings and working groups to address issues related to computer security and vulnerabilities.
- Develop and deliver reports and briefings.
- Evaluate system and program security vulnerabilities; develop procedures and countermeasures that protect operations.
- Incorporate all security disciplines; recommend and develop requirements, specifications, designs, and procedures that satisfy program security policy and planning guidance.
- Monitor implementation of security requirements for Government and Industry facilities and systems.
- Forensic: uses a variety of forensics and intrusion detection tools to conduct forensic examination activities including assisting in the analysis of various types of network, computer and technology devices which may contain digital evidence.
- Provide computer incident and violation response support, and will participate in technical meetings and working groups to address issues related to computer security, protection against malware, and other vulnerabilities.
- Investigate alerts identified by various security appliances and review audit logs to determine if an incident has occurred.
- Use best practices to document and preserve digital evidence for legal proceedings.
All applicants must have an active TS/SCI clearance and agree to undergo a Polygraph examination to be considered for this position.
BA/BS in Engineering, Computer Science or related science field preferred. A minimum of 7 years' experience in computer science, software engineering, information security fundamentals or general IT. Additional relevant experience in lieu of degree may be considered.
Years of experience: Minimum 5 years of technical experience working in a client/server environment. The applicant should have knowledge in the proper use of computer forensics and security compliance tools, and experience conducting network based incident investigations. The applicant should have experience with Guidance Software toolsets to include EnCase Forensics and EnCase Enterprise, and have demonstrated understanding of client/server architecture and TCP/IP protocols. The applicant should have knowledge of modern Windows Server platforms and desktop operating systems. The applicant should have experience maintaining "chain of custody" by following standard rules of digital evidence. The candidate should have an in-depth working knowledge in DOD and IC intelligence regulations, be familiar with intelligence oversight principles, must possess superior writing and briefing skills, and be capable of providing polished analysis documentation.
Preferred Qualifications: Have an understanding of how various attacks work at the memory and register level. Experience with UNIX/Linux operating systems and various programming and scripting languages are desired. Experience utilizing Microsoft SQL server, BindView and ArcSight would be beneficial. Proficiency using MS-Office tool suite is desired, as is knowledge of all Microsoft Office Suite applications and uses. Prior experience with network intrusion is desired. Experience authoring and executing plans and programs at the headquarters or agency level is beneficial.Pay Range: