AITC is fast-growing, proven, and
reputable Information Technology Company focused on Systems Integration,
Value-Added Reselling, and Professional Services of IT products and End-To-End
solutions. We represent from top select manufacturers to a network of direct
and indirect Customers in the Federal, State and Local Governments as well as
in the Commercial sector.
AITC has an opening for a new Cybersecurity Systems Administratorlocated in
Einsiedlerhof, Germany in support of Warrior Preparation Center (WPC) Network
Cybersecurity Support candidate will support Live, Virtual, and Constructive Modeling & Simulation Federations and
Systems at WPC and assist in developing constructive capabilities to train in a synthetic environment against cyber-attacks.
Job Responsibilities and Duties:
Serve as the operation and maintenance lead for WPC’s Assured Compliance Assessment Solution (ACAS) systems and scan/report production processes. Provide technical inputs for Cyber Vulnerability Management (CVM) and Risk Management Framework (RMF) Plans of Action and Milestones (POA&Ms) regarding remediation timelines or vulnerability mitigation to sufficient detail;
Provide complete scan reports of each network monthly (or after a major network reconfiguration) in the needed template/format for reporting or submission into the appropriate CVM repository. Troubleshoot and research problems with systems that do not provide a complete or fully-credentialed scan result until resolution. Accomplish vulnerability remediation (e.g. patches & updates) as well as STIG/SRG configuration compliance actions on domain core services systems and workstations in coordination with and support of WPC Communications Support system administration personnel;
Actively maintain lists of active hosts on the different networks and the corresponding basic inventory listings of software used to determine STIGs and/or SRGs that need to be applied. Research proposed configuration updates/changes and apply a “patch-and-test” approach as appropriate to determine if a configuration update/change will have a detrimental effect on the WPC processes and mission to make a determination on application in the operational environment;
Accomplish STIG/SRG checklist updates and reporting quarterly (tracking both automated compliance scans and manual STIG checklists as applicable.) Track/report compliance of configuration changes based on CYBERCOM-driven tasking orders or other DoD short-notice threat response notifications;
Provide guidance and subject matter expertise of DoD and AF policies, instructions related to the C&A processes, AF Security, Interoperability, Supportability, Sustainability and Interoperability (SISSU) activities, DoD Enterprise Mission Assurance Support Service (eMASS) web based tool used to implement the DoD Information Assurance C&A Process, the AF Certification and Accreditation Process (AFCAP), and DoD’s Risk Management Framework (RMF);
Provide security engineering to implement security controls and ensure these controls do not degrade performance and availability requirements needed to execute and sustain M&S/LVC exercises/events;
Report security findings and issues associated with the RMF process to the appropriate Cybersecurity POCs;
Provide M&S/LVC cybersecurity to include collaborating with Cybersecurity POCs to address C&A, conducting technical exchange meetings, reviewing system architecture and DIACAP or RMF as well as their respective C&A documentation, documenting problem areas and provide recommendations for a resolution, conducting site visit follow-up on issues and resolutions, and documenting recommendations for process improvements;
Review system artifacts (e.g., documents) for accuracy and perform hands-on testing of system security features;
Conduct facility visits to observe the actual processes related to each IA control (technical, personnel, operational, or management in nature);
Utilize tools such as Retina and Nessus scanners, DISA System Readiness Review (SRR) and Gold Disks, and database and web server security test tools;
Perform hands-on validation of IA control implementation in M&S/LVC;
Base assessment primarily on the validation procedures of the DIACAP or RMF Knowledge Service and DISA STIGs;
Provide specialized subject matter expertise of the M&S/LVC community’s systems;
Participate in meetings with system Information Assurance Security Officers (IASOs), program managers, IA managers, C&A authorities and their representatives; present overviews of issues and recommendations; and provide meeting reports that outline the discuss topics and note action items from these meetings;
Perform other duties as assigned.
Incumbent is required to perform all duties listed and may be required to perform additional, position-specific duties.
• Certified Information Systems Security Professional (CISSP)
• Microsoft Certified Solutions Expert: Server Infrastructure and/or Red Hat Certified System Administrator,10 years’ experience.
• DoD 8570.1 IAT Level II Certification required.
• Experience with ACAS or Tenable Nessus vulnerability scanners.
• ISSO cybersecurity qualification.
• Security Clearance:
Secret. The selected applicants will be subject to a security investigation and must meet eligibility requirements for
access to classified information