POSITION SUMMARY :
Network Information Assurance specialist support Enterprise-class networks in the day-to-day operations in support of Computer Network Defense (CND), whose function is to deny adversaries access to information and information systems.
The Network Information Assurance specialist is responsible for the operation and maintenance (O&M) of the technologies, to include, troubleshooting, optimization, administration, change management and technical documentation.
The core network technology utilized is the McAfee Network Security Platform, which includes the Network Security Manager (NSM) and the physical Intrusion Prevention System appliances.
MAJOR JOB ACTIVITIES :
1. Provide enterprise-level O&M support as part of the DoDIN Defense-in-Depth strategy. This includes ensuring the NSM stays viable in its reporting capability as well as understanding, identifying and resolving varied appliance disconnects.
Additionally, analysts develop an understanding of current and future attacks which will assist in determining the difference between a bonafide attack, verified suspicious or nuisance reconnaissance, and normal network noise.
2. Perform blocking of Internet protocol (IP) networks when directed by the Government.
3. Monitor, operates, and maintain network-based Intrusion Prevention System (IPS) sensors.
4. Investigate possible network and Automated Information System (AIS) security events.
5. Generate reports and update trouble tickets as required.
6. Provide O&M support of the McAfee Network Security Platform (NSP), Network Security Manager (NSM) servers and IPS sensors (GUI and CLI).
7. Analyze stock IPS alerts on all enclaves to ascertain if the alert should be put into block status.
8. Create Access Control Lists (ACLs) (e.g. Firewall Policies) in the McAfee NSM for IP whitelisting.
or in response to security research performed by members of the IPS team for preventative measures.
10. Maintain and ensure all change management is recorded using the RFC process.
11. Perform in depth analysis using ArcSight to include but not limited to : Reports, Queries, Active Channels, Active Lists, Integration Commands, Data Monitors, Dashboards, Filters, Correlation Development using Rules, etc.
12. Analyze potentially malicious traffic at the packet level using Wireshark.
13. Respond to potentially malicious installed files on remote hosts by pulling down files via remote desktop for analysis, discovering what services are running on the remote host via command line, etc.
14. Participate in CND exercises as requested by the Government to provide configuration and analysis of IPS alerts.
WORKING ENVIRONMENT :
1. Candidate must be able to lift, push and pull up to 40 lbs.
2. The work environment will be 95% indoor and 5% outdoor. The outdoor work environment may exceed temperatures 100º F. Candidate must be able to withstand extreme heat physically.
MINIMUM QUALIFICATIONS :
Education : Bachelors Degree or equivalent experience preferably in Computer Science or MIS, IS, Engineering or related field.
One-year related experience can be substituted for one year of education if the degree is required. One year of related academic study above the high school level may be substituted for one year of experience up to a maximum of a 4-
year bachelor's degree in a Software Engineering or Business Information Systems discipline for three years general experience.
Experience : Minimum of 5 years of experience in administrative, technical work, which demonstrated the ability and aptitudes, required to perform technical, managerial, or analytical work and coordination involving management information systems.
Platforms including a combination of the following : Platforms including a combination of the following : McAfee Network Security Manager, McAfee Intrusion Prevention System appliances, Microsoft Server, Networking and WireShark.
Certifications : This position requires candidates to adhere to DoD 8570.01-M. All candidates are required to maintain at least one (1) baseline certification and one (1) computing environment (CE) certification.
The authorized certifications for this job title are listed as follows :