Information Assurance (IA) Technician II - Military Veterans
This position description is subject to change at any time as needed to meet the requirements of the program or company.
Intermediate level Information Assurance Technician responsible for providing cyber security management support to the 379th Communications Squadron in Qatar.
MAJOR JOB ACTIVITIES:
Provide cyber security management support IAW AFI 17-130, Air Force Cyber Security Program Management, as defined in the individual TOs. Support coordination of all actions required by USAFCENT cyber security-related CTOs including, but not limited to, vulnerability scanning and patch compliance. USAFCENT Cyber Security oversees all vulnerability scans IAW SPIN-C. Cyber security tasks include:
- Scanning: Annotate remediation and mitigation actions on the vulnerability scan reports and return responses to USAFCENT Cyber Security to meet CTO compliance standards.
- Patching: Monitor and verify patch compliance using the approved technical solution (i.e., SCCM, Assured Compliance Assessment Solution Information Assurance Vulnerability Alert compliance dashboards to track patching progress IAW patch compliance CTO requirements). Subtasks include:
- Coordinate appropriate actions to ensure site systems are receiving patches and identify any patch installation issues.
- Coordinate with local administrators to troubleshoot and elevate patching issues to NOSC engineers in a timely manner in order to meet patch compliance timelines. If automated patches are unavailable, such as with PMO systems, coordinate with PMO offices for manual patching of these systems to meet compliance levels IAW the CTO and SPIN-C requirements.
- Develop a POA&M when CTO compliance cannot be met by the compliance date.
- Review System Logs: Review all system logs daily for indications of unauthorized activity. Suspicious or abnormal log information shall be noted, escalated, and safeguarded IAW the SPIN-C.
- Report and Contain Viruses, Malicious, and Negligent Activities: report virus outbreaks or suspected malicious activity IAW SPIN-C directives and
- instructions. Take appropriate action to contain a virus outbreak or suspected malicious activity immediately; this includes updating virus signatures and possibly isolation of the infected system(s). A Remedy trouble ticket shall be opened for all virus outbreaks or suspected malicious activity.
- Report all negligent discharges of classified information (NDCI) or cross-domain violations (CDV) IAW SPIN-C directives and instructions. Take appropriate actions to contain and safeguard classified information from being further compromised. All NDCIs/CDVs and their respective reporting shall be classified to the same level as the information contained.
- Attend and participate in required NOSC systems and cyber security meetings or teleconferences.
- Security Information and Event Management (SIEM): Monitor internal and wireless (if site is equipped with wireless) SIEM systems and escalate any possible alerts to USAFCENT Cyber Security for investigation. Attempt to identify the source and severity of activity and work with USAFCENT Cyber Security to contain, eradicate, or block the malicious activity. Review all intrusion and SIEM system alerts, logs, and reports for false positives. Identify all activity detected by working with site systems and networks to document the activity that is causing the alerts. Work with site and USAFCENT Cyber Security leadership to acquire approval to filter out these alerts.
- Air Wireless Detection: Monitor over-the-air wireless detection systems, if site is so equipped, for indications of malicious activity against wireless systems. Attempt to identify the source of activity and consult with USAFCENT Cyber Security and site leadership on courses of action.
- Wireless Audits: Conduct wireless audits (war drives) IAW the SPIN-C to detect any unauthorized wireless devices connected to the site network. Consult with site leadership and USAFCENT Cyber Security to identify the device and assist in any investigations as directed by leadership.
- Network Compliance: Review all site access control lists and validate that permitted activity is relevant to current systems/network architecture and approved through USAFCENT Cyber Security leadership. Audit all backup procedures IAW the SPIN-C to validate critical systems can be reconstituted after failure. Review all network account access request forms for accuracy prior to account creation. Be responsible for maintaining certifications as listed in the labor category. Certification will be included in the work center’s continuity book.
MATERIAL & EQUIPMENT DIRECTLY USED:
Standard office equipment to include Government provided computers, printers, scanners, telephone.
Work is completed in a climate-controlled facility/office. Outside temperatures can reach 110 degrees Fahrenheit.
Should be able to lift 40 pounds.
Education/Certifications: One year related experience may be substituted for one year of education, if degree is required.
Must meet the certification requirement of DoD 8570.01-M or individual task order. The contractor is expected to have, but is not limited to, one or more IT certifications from each group:
Group 1: Information Technology Certification Requirements
- Microsoft Certified Solutions Expert (MCSE) – Microsoft Exchange/Windows Server or equivalent
- Cisco Certified Network Associate
- Cisco Certified Network Professional (CCNP)
- CompTIA Linux +
- Linux Professional Institute Certification (LPIC)
- Red Hat Certified Engineer (RHCE)
Group 2: IA Technology Certification Requirements
- GIAC Certified Perimeter Protection Analyst (GPPA)
- GIAC Certified Intrusion Analyst (GCIA)
- GIAC Certified Windows Security Administrator (GCWN)
- GIAC Certified UNIX Security Administrator (GCUX)
- GIAC Systems and Network Auditor (GSNA)
- GIAC IT Security Audit Essentials (GSAE)
- GIAC Certified Incident Handler (GCIH)
- Security Certified Network Professional (SCNP)
- Certified Information Security Auditor (CISA)
- GIAC Security Expert (GSE)
- Security Certified Network Architect (SCNA)
- Certified Information Systems Security Professional (CISSP) or Associate
- Certification and Accreditation Professional (CAP)
- GIAC Information Security Fundamentals (GISF)
- GIAC Security Leadership Certification (GSLC)
- Certified Information Security Manager (CISM)
Group 3: IAT Level III Requirements
- GIAC Global Industrial Cyber Security Professional (GICSP)
- Cisco Certified Network Associate (CCNA) – Security
- CompTIA Cyber Security Analyst (CSA +)
- Global Information Assurance Certification (GIAC) Security Essentials Certification (GSEC)
- CompTIA Security + CE
- Systems Security, Certified Practitioner (SSCP)
Intermediate level of experience in IA technology or design, maintenance, and operation of small to medium networks. This experience must include administrating corporate or business’ user accounts managing mail servers, printer servers, WWW servers, and/or firewalls. Must have experience in reviewing and recommending software applications as well as identifying hardware salient characteristics and any add on devices. Experience in systems management, monitoring and sustainment; hardware repair for servers, PCs, peripheral equipment; software installation, maintenance and sustainment.
Must have intermediate level of experience working with the following:
- Tactical and strategic security issues of systems and networks, and associated requirements specific to deployed architecture
- Network security, network and systems intrusion detections, advanced devices, firewalls, and software specific to the Department of Defense
- Server operations including installation, configuration, optimization, and analyzing logs on Windows operating systems (including Server 2008/2012 and modern desktop versions)
- Cisco IOS, CAT OS, configuration of Cisco routers and switches
- Server operations including installation, configuration, optimization, and analyzing logs on Unix operating systems (including Linux and Solaris)
- Mastery of the functions of both DoD 8570-defined IAT Level I and IAT Level II positions
- Top Secret Clearance
We are committed to an inclusive and diverse workplace that values and supports the contributions of each individual. This commitment along with our common Vision and Values of Integrity, Respect, and Responsibility, allows us to leverage differences, encourage innovation and expand our success in the global marketplace. Vectrus is an Equal Opportunity /Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, national origin, protected veteran status or status as an individual with a disability. EOE/Minority/Female/Disabled/Veteran.
Vectrus is a leading global government services company with a history in the services market that dates back more than 70 years. The company provides facility and base operations; supply chain and logistics services; information technology mission support; and engineering and digital integration services to U.S. government customers around the world. Vectrus is differentiated by operational excellence, superior program performance, a history of long-term customer relationships and a strong commitment to their customers' mission success. Vectrus is headquartered in Colorado Springs, CO, and includes about 6,700 employees spanning 129 locations in 22 countries. In 2018, Vectrus generated sales of $1.3 billion. To learn about career opportunities at Vectrus, visit www.vectrus.com/careers.