NCAOC - Security Specialist- Mid Level

Responsible for the Weekends and Holidays Midnight to Noon (12 : 00 AM 12 : 00 PM) and two weekdays 12 : 00 AM 9 : 00 AM. Specifically Fri & Mon 12AM 9AM Sat & Sun Holidays 12AM noon. Additionally weekly team meeting on Mon at 9AM.

• The manager has a strong preference for local candidates. The work will be 100% remote. However in the event of a major data center upgrade best practices would say for the resource to be on site in the event of a catastrophic failure requiring a direct connection. In a rare instance they may have a meeting where the candidate would need to be on site but no more than once or twice a year.
• AOC cannot engage candidates beyond the end of Fiscal Year. This position will extend for six months from June 30th 2024.

WEEKENDS AND HOLIDAYS CONTRACTOR POSITIONS SCOPE AND KNOWLEDGE / SKILLS / ABILITIES

Scope Of Work : No. 1

40% Security Operations and Network Operations (SOC) :

Responsible for the Weekends and HolidaysMidnight to Noon (12 : 00 AM 12 : 00 PM) and two weekdays 12 : 00 AM 9 : 00 AM. Specifically Fri & Mon 12AM 9AM Sat & Sun Holidays 12AM noon. Additionally weekly team meeting on Mon at 9AM.

Assist in maintaining the NCAOC SecurityOperations Center security posture.

Responsible on Weekends and Holidays to respondto Network Operations Center priority one circuit outages.

Responsible for creating triaging updatingand seeing closure of Security Operations Incident Request and EnterpriseChange Management tickets.

Monitors and maintains Firewalls andcorresponding management tools (FMC ASDM) Intrusion Prevention Systems (IPS)Vulnerability Management (VM) Cisco Umbrella domain name security ISE networkAccess Control Posturing and Profiling IPsec VPN tunnels AnyConnect remoteusers and security module Third Party Partner Security Incident and EventManager (SIEM) and other network and cloud security tools.

Use tools (Wireshark and interface captures andlog searching) to assist in troubleshooting network device configuration and networksecurity related problems.

Responsible for firewall cleanup processestasks and learning firewall tools to assist in performing these processes andtasks.

Follow and maintain SOC process and technologydocumentation.

Open and work to closure vendor TAC casesmostly Cisco to resolve incidents and device issues.

Provide reports and metrics for the SOCSupervisor or Operations and Administration Manager as requested.

Interface with all other TSD technical teams ininitiatives and activities the require Security Operations Center resources.

No. 2

20% Network Security and Cybersecurity :

Monitor and respond to Third Party Partnerinitiated security investigations.

Provide support of the established IncidentResponse Policy from beginning preparation and prevention through postincidentactivity.

Subscribe to and monitor Security ProductAdvisories and Cybersecurity Organization Bulletins researching and ensuringcoverage of security device risks and Common Vulnerability Enumerations (CVE)

Update PSIRT / CVE spreadsheet or other reporttracking mechanism to report progress and coverage of Security ProductAdvisories and Cybersecurity Organization Bulletins.

Monitor and Maintain the IPS signatures Blocklists URL reputation lists and malware file lists to ensure latest securityrecommendations are implemented.

Use monitoring and security diagnostic tools tothreat hunt for network and device vulnerabilities security risks andpotential threats.

Research trends to assist the SecurityOperations team in staying up to date on industry best practices and current Cybersecuritytrends tools techniques and procedures.

No. 3

30% Network Patching Upgrading and Maintenance :

Evaluate plan and implement network devices (switchesrouters management tools etc.) and network security devices and tools(firewalls IPS ISE etc.) upgrades and patches on a monthly and as neededschedule.

Coordinates with various TSD teams in theevaluation planning and implementation of patching upgrading and maintenance.

Update patching spread sheet to reflect historicand current versioning.

Uses software tools to manage patchingupgrading and maintenance of network and security devices (Visio MicrosoftOffice etc.)

No. 4

10% Security Industry and Product Research andTraining

Attend classes seminars webinarsconferences training sites and research product documentation to enhanceprofessional development and to progress in the field of Network andCybersecurity trends and developments.

Use NCAOC provided resources to attain SecurityProfessional Certificates (Ex. Cisco CCNA routing and switching CCNASecurity CCNP Security CISSP)

Knowledge Skills and Abilities :

Knowledge :

Knowledge of enterprise network security technologies : Cisco FTD and ASA firewalls IPS FMC IPsec tunnels AnyConnect client Cisco ISECisco Umbrella Third Party SIEM DDI DNS VLANS NAT Cisco Secure Endpoint(AMP) Load Balancing IP / Domain / URL security intelligence sources (Virus TotalTALOS etc.)

Knowledge and or possession of Security Profession Certificates(Cisco CCNA routing and switching CCNA Security CCNP Security CISSP) ispreferred but not required.

Knowledge of NCAOC security policy and Criminal JusticeInformation System (CJIN) policies is preferred but not required.

Skills :

Skills in enterprise security technology; fundamentalknowledge of the following IPsec IPS / IDS Snort Engine SIEM IdentityServices Engine (ISE) Vulnerability Management Access Control / AAA; networkingfundamentals in the areas of enterprise network topology routers switchesservers NAT DNS; TCP / IP architecture and functionality Wireshark andinterface captures and log searching to assist in troubleshooting configurationand network security related problems.

Abilities :

Ability to plan and manage complex projects independentlyand within a team; communicate effectively with users to determine and resolveproblems; communicate technical information to lay persons; interpret andfollow established employment and policies; produce highly technical documents;consider the implications of new technology implementations; balance theapplication and system access business needs of users with network securityprotections.

Required / Desired Skills

Skill

Required / Desired

Amount

of Experience

Configuration and administration of Cisco ASA Firewalls

Required

Years

Configuration and administration of Cisco FTD Firewalls

Required

Years

Fundamental knowledge of the following IPsec IPS / IDS Snort Engine SIEM Identity Services Engine (ISE) Vulnerability Management

Required

Years

Fundamentals in the areas of enterprise network topology routers switches servers NAT DNS; TCP / IP architecture and functionality

Required

Years

Works independently to accomplish short and long term project goals with clear and concise communication to team members and management

Required

Years

Questions

Question

Question1

Absences greater than two weeks MUST be approved by CAI management in advance and contact information must be provided to CAI so that the resource can be reached during his or her absence. The Client has the right to dismiss the resource if he or she does not return to work by the agreed upon date. Do you accept this requirement

Question2

Please list candidate s email address.

Question3

Please indicate how soon this candidate is available to start work. Vendors are encouraged to submit candidates that are available for the duration of the assignment.

Question4

Vendor must disclose to the agency if the candidate will be subcontracted at the time of submission. Do you accept this requirement

Question5

Vendor must notify the agency if any portion of the requirements listed in this task order are to be outsourced to other countries. Do you accept this requirement

Question6

Candidates submitted above the rate of XX95.26 will not be considered. Do you accept this requirement

Question7

Payment for all approved hours will be paid at the straight hourly rate regardless of the total hours worked by the engaged resource. It is the responsibility of the supplier to adhere to any applicable compensation laws including payment for overtime hours. Do you accept this requirement

Question8

Please confirm you have thoroughly validated and attest to the accuracy of the credentials listed throughout this candidate s VectorVMS profile and resume pursuant to Section 5.2.5 of ITS009440. Do you confirm