Sign Up Sign Up Log In Sign Up
This job has expired and you can't apply for it anymore. Start a new search.

Network Engineer/IA–RMF I - ISSO

Job Description

Performs Computer Security Incident Response activities for a large organization, coordinates with other government agencies to record and report incidents. Monitor and analyze Intrusion Detection Systems (IDS) to identify security issues for remediation. Recognizes potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information. Evaluate firewall change requests and assess organizational risk. Communicates alerts to agencies regarding intrusions and compromises to their network infrastructure, applications and operating systems. Assists with implementation of counter-measures or mitigating controls. Ensures the integrity and protection of networks, systems, and applications by technical enforcement of organizational security policies, through monitoring of vulnerability scanning devices. Performs periodic and on-demand system audits and vulnerability assessments, including user accounts, application access, file system and external Web integrity scans to determine compliance. Prepares incident reports of analysis methodology and results. Provides guidance and work leadership to less-experienced technical staff members. Participates in special projects as required.

Requires comprehensive knowledge of data security administration principles, methods, and techniques. Professional Certification in one or more specific technologies may be required to meet DoD Approved RMF Baseline Certifications. Requires familiarity with domain structures, user authentication, and digital signatures. Requires understanding of firewall theory and configuration. Requires understanding of DHS/DoD policies and procedures, including FIPS 199, FIPS 200, NIST 800-53, DHS 4300A SSH and other applicable policies. IAT/M baseline certified

2) Principle Duties and Responsibilities: (application of General Summary attributes)
a) Leadership - Not generally a supervisory position. May be tasked to temporarily supervise certain functions as needed.
b) System Tasks –
Must be well-versed in general system administration principles including operating system configuration for Windows 7, Windows 10, Windows 2008 and Windows 2012 Server with emphasis on Army Gold Master versions of those operating systems, and Linux systems.

Must be experienced with analyzing network security architectures and network design diagrams that provide port, protocol, and service details. Experience with DoD and US Army IAVM tracking and reporting, and with implementing Cybersecurity Best Practices and formulating remediation guidance for supported platforms is also required.

Must have a basic understanding of Army staff procedures regarding TOC operations and individual C4I data threads and how they are managed to ultimately form the Common Operating Picture (COP).

The ISSO shall be the overall implementer for the MTC’s RMF program. The ISSO coordinates directly with the Government ISSM and is responsible for ensuring the appropriate operational security posture is maintained and documented for MTC information systems. The position is responsible for defining & implementing standard operating procedures, implementing DoD, Army, & MTC policies, and creating & implementing plans of action and milestones
(POA&M) in response to vulnerabilities identified during risk assessments, audits, & inspections. Acts as auditor for Cross-Domain solutions; Assures successful implementation and functionality of security requirements and appropriate IT policies and procedures that are consistent with the organization's mission and goals. This position requires a Secret Security Clearance and the appropriate DoD 8570.01-M baseline certifications as an IAMII.

The RMF ISSO will be the primary network administrator responsible for the configuration and management of the Mission Training Complex (MTC) Boundary Defense Systems to ensure the security of MTC network enclave. Additionally, the RMF ISSO will also be the primary network administrator responsible for applying Defense Information Systems Agency (DISA) STIGS to the many routers and switches that form the MTC network enclave. The RMF Analyst shall possess the general knowledge and diagnostic abilities to solve complex technical problems associated with maintaining local and wide area networks in a training and simulation environment. Possesses strong written and verbal communication skills and able to work both independently and in a team environment.

Analyze local and wide area network systems, including planning, designing, evaluating, selecting, and upgrading operating systems and protocol suites and configuring communication media such as Cisco integrated services routers, Cisco model 6500 and 4500 series network backbone switches, Cisco model 5500 series security appliances, Cisco model 3500 and 3700 series level-2 and level-3 switches, and other devices.

Establish and maintain Ethernet networking and configuration of associated hardware devices and the various protocols employed in networked data communications at various levels of the protocol stack.

Employ configuration guidance based on (DISA) Security Technical Implementation Guides (STIG). An in-depth knowledge of Cisco integrated operating systems and experience with network management systems such as Solarwinds network management suite or Ipswitch What’s Up Gold is essential to performing this task.

c) Network Management (Non-Exercise Support) - Setup and maintain the physical network security for the site enclave. Maintain knowledge of the Risk Management Framework (RMF) Assess and Authorize (A&A) process.
Perform and/or evaluate vulnerability scans on production and integration systems utilizing approved network scanning tools and appropriate government provided software such as Retina, DISA Gold Disk, and UNIX and Oracle SRR scripts. Experience performing security test and evaluation, directing remediation efforts, building residual risk reports and tracking POA&M as well as experience performing privacy impact assessments and knowledge of best practices protecting sensitive Information is essential to performing this task.

Establish internal procedures for review of system logs, event files, and critical systems file management in order to assess system network systems and network support systems integrity.

Perform backup and storage of critical files and logs on monthly basis. Employ network intrusion detection systems such as Snort as well as intrusion prevention systems and anti-virus deployment systems such as Host Based Security Systems (HBSS) utilizing McAfee ePolicy Orchestrator.

d) Network Management (Exercise Support) - Work directly with internal and external customers to develop and report present network activity and status.

Work with MTC staff and supported units to provide the network capabilities required to pass tactical data from the simulation interfaces to tactical systems in support of exercises.

Work with remote locations to enable wide area network connectivity to MTC assets.

Resolve interoperability problems to obtain operations across all platforms utilizing various data exchange and file transfer methods.

Configure systems to meet user requirements. Perform various tests to analyze network performance and document results. Provide technical support and troubleshooting to users. Maintain current knowledge of relevant computer hardware/software applications.

e) Risk Management Framework (RMF) – For the MTC network enclaves, prepare and maintain accreditation documentation and artifacts in accordance with RMF policy for US Army and/or DoD programs on behalf of the MTC Information Assurance Security Officer (IASO).

Assist the MTC IASO performing Cybersecurity vulnerability alert monitoring issue resolution. Analyze the impact of potential vulnerabilities to MTC network enclaves, and ensure MTC conformance with network security architecture and NIPRNET/SIPRNET policy.

Assist MTC IASO in coordination with Network Enterprise Centers (NEC), Network Command (NETCOM), and DISA staff to ensure that Connection Approval Process (CAP) requirements are met and connection waivers are accurate and submitted in accordance with DoD and Army policy.

f) Security Requirements:
i) Complies with MTC security requirements. Performs physical security, classified information security, and information assurance security tasks in order to safeguard classified information/equipment and high value government purchased and owned equipment and software.
ii) Ensures that data security, including data retrieval, transmission, and storage is conducted IAW applicable government standards to ensure that data transmission and storage are secure and free from unauthorized access IAW AR 380-5 and AR 25-2.
iii) Under the guidance of the Information Assurance Manager (IAM) shall ensure RMF/DIACAP accredited database and network security measures remain in place to protect information and systems from unauthorized access IAW AR 25-2 and all RMF regulations.
iv) Picks up, handles, transports, installs, inventories, stores, and destroys COMSEC equipment, devices, and keying material IAW all DA and National Security Agency (NSA) procedures and regulations when required.

3) Job Qualification
a) Expert understanding of NIST, DoD, & Army Cybersecurity & Risk Management Framework policies, directives, instructions, manuals, and best business practices. Knowledge of current industry methods for evaluating, implementing, and disseminating IT security assessment, monitoring, detection and remediation tools and procedures utilizing standards-based concepts and capabilities. Knowledge of disaster recovery continuity of operations plans. Knowledge of enterprise incident response program, roles, and responsibilities. Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of Defense-in-Depth). Knowledge of known vulnerabilities from alerts, advisories, errata, and bulletins. Knowledge of measures or indicators of system performance and availability. Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools. Knowledge of server administration and systems engineering theories, concepts, and methods. Knowledge of systems lifecycle management principles, including software security and usability. Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.


6-8 Years, “and/or” related BS/B in computer science, information systems, engineering, or related field with concentration in computer based technology


6-8 Years, “and/or” related BS/B in computer science, information systems, engineering, or related field with concentration in computer based technology A
d) DoD Certification and Training Requirements: As a condition of initial and continuing employment, obtains and maintains required certifications.
i) Baseline Certification: Security + CE
ii) Computing Environment Certification: CompTIA Advanced Security Practitioner (CASP)
iii) Mandatory Training / Local Training Plan: Complies with all DoD, Army, and company training requirements IAW Government policy, DoD 8570.01-M IA Workforce Improvement Program, Army Regulation, and company and site policy.


For more than 50 years, General Dynamics Information Technology has served as a trusted provider of information technology, systems engineering, training and professional services to customers across federal, state, and local governments, and in the commercial sector. Over 40,000 GDIT professionals deliver enterprise solutions, manage mission-critical IT programs and provide mission support services worldwide. GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.




Company Name:
Security Clearance:
Ft Bragg, North Carolina
United States
Not Specified
Job Number:

Send me email alerts for similar jobs