Job ID: 205804
Location: PYONGTAEK, Seoul, Korea, Republic of
Date Posted: Apr 10, 2020
Subcategory: Cyber Sec Analyst
Shift: Day Job
Travel: Yes, 10 % of the Time
Minimum Clearance Required: Secret
Clearance Level Must Be Able to Obtain: Secret
Potential for Teleworking: No
SAIC is hiring a Cyber Security Analyst / HBSS Analyst to join our team in Pyongtaek, Korea !
Host-Based Security System (HBSS) Administration on CENTRIXS-K network and Army SIPRNET (for GCCS-J system).
HBSS Configuration. Configure, monitor, and maintain HBSS and all directed deployments of extended SuperAgent Distributed Repository (SADR) servers to the other security enclaves.
Demonstrate technical proficiency on all HBSS components and roles such as Global/Site Administrator for ePolicy Orchestrator (ePO), McAfee Agent (MA), Host Intrusion Prevention System (HIPS), Asset Baseline Module (ABM), Policy Auditor (PA), Rogue System Detection (RSD), Device Control Module (DCM), Virus Scan Enterprise (VSE) and Network products such as Network Security Platform (NSP). Although the current HBSS system is based on McAfee products, SAIC will support all future versions of HBSS, based on COTS technology.
HBSS Administrator will perform the functions of HBSS System and Database administrator for the HBSS-related servers on CENTRIXS-K. For GCCS-J systems on the Army SIPRNET, HBSS Admin is responsible for monitoring and reporting issues related to deployed or missing HBSS products if permissions are not consistent with remediation. Provide day-to-day management of HBSS technical operations and direction for enterprise deployments of HBSS product suites to include best-practices for product deployment, deployment recommendations, and risk assessments.
Develop and execute an easily repeatable and low risk process for tuning security products within ePolicy Orchestrator (ePO) as recommended through best commercial business practices, DoD policies, and U.S. Army regulations.
Advise the customer on HBSS product performance and maintenance status.
Advise the customer on potential opportunities leveraging HBSS to provide custom security solutions where appropriate.
Analyze technical integration requirements in order to develop effective technical solutions for customer review and consideration, and once approved, integrate into the USFK CENTRIXS-K and Army SIPRNET GCCS-J infrastructure.
Perform the implementation of all DoD released and approved HBSS Endpoint and Network based solutions across a large, operational enterprise to include tactical sites (e.g. sites fielded by the U.S. Army, PEO C3T).
Develop and provide SOP/TTP with recommendations for operational implementation, maintenance and sustainment. Participate on the USFK CENTRIXS-K Change Management Process at the Configuration Control Board (CCB) or Technical Review Board (TRB) as required. Provide technical guidance and recommendations for HBSS to the Configuration Control Board for the USFK CENTRIXS-K Enterprise Network. Provide engineering support for implementation, operation, tuning and sustainment of HBSS product suite on CENTRIXS-K.
HBSS Analysis. Analyze HBSS logs daily for incidents, intrusions, and suspicious activities. Develop and perform custom audits in order to provide compliance reporting for Microsoft patch compliance, IAVA compliance, and STIG compliance.
HBSS Reporting. Report HBSS incidents, intrusions, and suspicious activities NLT 12 hours after reportable event. Provide HBSS reporting on behalf of the customer to USFK, US Army Cyber Command and US Army NETCOM as required. Provide clear, concise, and comprehensive HBSS technical solutions in addition to executive level threat briefs.
HBSS Actions. Minimize threats NLT 3 hours after discovery. Perform implementation, auditing and remediation compliance for DISA HBSS STIG requirements. Provide recommendations for policy refinement and best business practices to operation teams for consideration. Prepare high-level, procedural briefings (i.e. back briefs) on how emerging cyber threats will be mitigated using HBSS, appropriate McAfee Products, and other common security technologies.
HBSS Trend Analysis. Provide weekly Trend Analysis report IAW official guidelines and policy.
HBSS Status. Keep HBSS up-to-date with current signatures and patches within 48 hours of release. Engage in hands-on lab testing and development for problem resolution, new product reporting, or technical functionality. Review application of Security Technical Implementation Guides (STIG) and DoD configuration guidance in images for completeness and correctness.
HBSS Specific Tasks. HBSS Subject Matter Experts (SME) shall primarily support HBSS on USACISA-P owned Mission Command networks. On a case-by-case basis, the HBSS SMEs may also support HBSS on networks that are operated and maintained by the 1ST SIG BDE (e.g. Army NIPRNET, Army SIPRNET), to the extent that it does not impinge on their ability to perform their primary mission to support HBSS on the Mission Command networks. HBSS CND personnel shall support all network inspections for HBSS-related test items.
Within 6-8 months of task, HBSS CND FTEs shall support the government to complete the following on- line system documentation in the DISA Continuous Monitoring and Risk Scoring (CMRS).
Create an HBSS Organization in CMRS.
Register all HBSS components (ePO servers, SADRs, remote consoles, database servers) in CMRS.
Ensure all DISA STIG criterion is correctly evaluated for all HBSS components and recorded in CMRS.
Provide HBSS overall technology area grade IAW CCRI Phase III resulting from the CMRS results.
Provide the required completed scoring spreadsheet IAW CND Directives section of CCRI criterion to ensure compliance with agent deployment, point products, product configuration, rogue system detect, training, maintenance baseline release, roll up reporting.
HBSS SMEs to develop HBSS SOP/TTPs to include implementing DISA recommended reporting standards and completing required RMF documentation. The HBSS SOP/TTP is updated yearly and delivered to the Government by the last working day of each contract year.
Endpoint Security Product Administration. Provide C4I Customers on Coalition-Secret and US-Secret Communications networks with continuous protection against malicious code.
Endpoint Security Product Updates.Protect all Customers with latest anti-virus definition update within 28 hours of release.
Endpoint Security Product Scanning. Scan 100% of all devices for malicious code at least once a week and configure the product to continuously monitor for threats outside of defined scan times.
Endpoint Security Product Remediation. Remediate and report 100% of instances of malicious code found during endpoint scanning.
Cross Domain Solution (CDS) Administration. Provide C4I customers with maximum CDS availability and perform associated CDS tasks, including security audits, system and database updates, security patching, reporting, and accreditation paperwork administration.
CDS Availability. Provide 99.8% availability of cross domain solutions (CDS) for C4I customers.
CDS Tasks. Perform associated Cross Domain Solution (CDS) tasks, including security audits, system updates, Global Information Grid (GIG) Information Assurance (IA) Portfolio (GIAP) database updates, security patching, Joint Vulnerability Assessment Process (JVAP) reporting, and accreditation.
Cybersecurity Support Personnel Requirements. Cybersecurity work requires 24/7 operations, shift work. SAIC personnel will perform shift work, Monday thru Sunday throughout the year to include holidays.
EDUCATION AND EXPERIENCE:
All Service Delivery Support Service Desk II personnel must be at least Information Assurance Technical (IAT) Level III certified. Must have any one of the following certifications at a minimum IAT II:
IAT Level III - CASP+CE, CCNP Security, CISA, CISSP or Associate, GCED, or GCIH)
Must have a Computing Environment certification (e.g. Red Hat Enterprise Linux, Windows McAfee, Symantec, etc)
SAIC is a premier technology integrator solving our nation's most complex modernization and readiness challenges. Our robust portfolio of offerings across the defense, space, civilian, and intelligence markets includes high-end solutions in engineering, IT, and mission solutions. Using our expertise in existing and emerging technologies, we integrate the best components from our own portfolio and our partner ecosystem to deliver innovative, effective, and efficient solutions. We are 23,000 strong; driven by mission, united by purpose, and inspired by opportunities. Headquartered in Reston, Virginia, SAIC has pro forma annual revenues of nearly $6.5 billion. For more information, visit saic.com. For ongoing news, please visit our newsroom. For SAIC benefits information, see Working at SAIC. EOE AA M/F/Vet/Disability