Senior Systems Engineer (HBSS)

Company Description

Complete Professional Services (CPS) is a forward thinking women owned small business with extensive capabilities in systems development, integration, maintenance and support in the Federal Health Care and National Security Information Technology (IT) domains.

Job Description

Complete Professional Services (CPS) is searching for an Host Bases Security System (HBSS) Managed Systems Engineer – Senior, you will provide engineering support to the Army’s Common Access Card/Public Key Infrastructure (CAC/PKI) in order to effectively meet the Department of Defense (DoD) and Army mandates as part of the identity management mission. Under general direction, you will support the Army’s PKI efforts for the Non-classified Internet Protocol Router Network (NIPRNet) and Secure Internet Protocol Router Network (SIPRNet) networks. You will provide test and evaluation of Commercial off the Shelf (COTS)/Government of the Shelf (GOTS)/Open Source Software (OSS) products, backward compatibility of new smart cards in the enabling of applications, electronic authentication, and logical and physical access in support of the CAC/PKI program. You will maintain a test and evaluation network and support areas of: Smart Tokens; PKI; Certificate Revocation; CAC Pin Reset; PKE; logical and physical access; tactical PKI; directory services, to include Microsoft Active Directory; and other identity management related initiatives, web-enabled, and application services, Microsoft IIS, Apache HTTP Server, and other identity management related initiatives. In assuming this position, you will be a critical contributor to meeting CPS's mission: To deliver innovative, cost-effective solutions and services that enable our customers to rapidly adapt to dynamic environments.

Highlights of Responsibilities:

• Assess, test and evaluate, integrate, and/or support Army participation in DoD activities that merge CAC, PKI, PKE, biometrics, physical and logical access, and tactical PKI as well as the development and integration of comprehensive identification (ID) management.
• Support design and documentation for analysis, integration, testing, and evaluation operations for PKI, Identity Management, with respect to fielding of hand-held, mobile, and other devices that are required to work within the Army and DoD PKI architectures. 
• Perform regression testing of PK enabled end-user computers to include Enterprise baseline users and home users, and smart card technologies, to include interoperability testing; break/fix analysis and testing; integration testing; operation and maintenance procedures; and product integrations. 
• Provide system administration support to maintain a test and evaluation network that simulates the Army’s Active Directory to NETCOM activities and initiatives, to include but not limited to: core data center services; Enterprise Directory Services and Applications (EDS&A); Army Active Directory; and Systems Management (SysMan).
• Provide system administration support to maintain a test and evaluation network that simulates the Army Enterprise deployment of PKE web servers and web services in support of NETCOM activities and initiatives, to include but not limited to: core data center services; Information Technology Service Management (ITSM) or current Enterprise ticketing system; Citrix XenApp; and Network Management (NetMan).
• Analyze, assess, engineer, test and evaluate, integrate, and support the infrastructure components needed to make the SIPRNET PKI interoperable with DoD PKI and Network Security Services (NSS) PKI.
• Provide systems administration support to 700 Army CAC pin reset (CPR) stations in support of the current CPR infrastructure, to include working with the DoD Defense Manpower Data Center (DMDC).
• Provide design and documentation for regression testing of certificate validation technologies such as, Microsoft OCSP; Axway Validation Suite; and CoreStreet Validation Suite.
• Conduct patch testing as required.

Qualifications

• Current Active Secret Security Clearance and or the ability to obtain one. 
• Bachelor’s Degree with 2 years of experience or more than 9 years of practical experience may be substituted for education.
• IT Level II requiring a National Agency Check with Local Agency Check and Credit Check (NACLC) in accordance with AR 25-2.   
• IAT Level II certified as specified in DOD 8570.01-M and BBP 05-PR-M-0002 (Security CE, or GSEC, or SSCP IA Certifications).
• Complete the DISA HBSS Administrators Course prior to task order performance as the Computing Environment Certification.
• Working knowledge in OCSP technologies and their operation within an enterprise setting
• Experience in Active Directory, Active Client, HSM, Online Certificate Status Protocol (OCSP), and Certificate Authority and smart card enablement.
• Knowledge of CAC and CAC enabled Active Directory.
• Knowledge of Army PKI and Joint Informational Environment (JIE) PKI.

Additional Information

Preferred Education and Experience: 

• Experience in support of certificate validation technologies such as, Microsoft OCSP; Axway Validation Suite; and CoreStreet Validation Suite.
• Experience with virtualized environments.
• Experience in designing and securing interfaces between client devices, servers and cloud-based applications, including network topology definition, authentication (of users and systems), and providing required security measures for sensitive data (like Personal Identifiable Information(PII), and Protected Health Information (PHI)).PHI).
• Expertise in documenting designs and in performing configuration management.
• Experience in Microsoft Certification Authority server build, design, operation, configuration, patching, and problem troubleshooting.
• Experience in Microsoft Active Directory configuration, operation, and problem troubleshooting.
• Enterprise experience in integration, implementation, and deployment of virtualized desktop operating systems and applications.
• Experience in smart card operation and configuration of smart card middleware (e.g. ActivIdentity /ActivClient middleware and 90meter smart card middleware).