Cyber Security Engineer

Description INTRODUCTION: The Customer has an environment dedicated to tradecraft innovation and is a unique addition to the Intelligence Community (IC). This office incorporates new and emerging commercial technologies, along with tailored and specific technical and analytic capabilities in order to achieve its core mission. Partnerships with tradecraft schools and mission elements drive discovery and definition of projects suitable to Customer's capabilities. The Customer provides an environment for concept incubation, prototype evaluation, and pilot execution in the effort to advance technical intelligence, tradecraft, capabilities, and techniques. The efficiencies gained by collocating technical tradecraft capabilities with new employee training and development provides a comprehensive perspective of exactly what new employees may encounter when they go to the field. SCOPE: a. Blank Slate Development: Based on Customer provided requirements, the Contractor, when applicable, shall employ blank slate development for all elements of a new tool and avoid code reuse with respect to any previous tools developed by the Customer, or the greater IC. Diversity validation will be conducted at the Customer's discretion and may produce specific enhancement requests. b. Proof-of-Concept Productization: Based on Customer direction, the Contractor shall productize previously developed or Customer provided proof-of-concept capabilities into tools that satisfy operational requirements. c. Tool Repurposing: Based on Customer direction, the Contractor shall identify open-source capabilities, or characterize Customer provided tools, that support operational requirements. The Contractor shall determine the modifications needed for a tool to be viable for operational use and conduct development of a repurposed capability to be delivered to the Customer. As directed by Customer, the Contractor shall ensure the development, deployment, implementation, operation, and support of Customer technical information systems and projects complies with security policies and procedures. The Contractor shall be required to communicate and collaborate across organizational boundaries, to include other contractor teams. The Contractor shall be required to work with Customer staff and contractor personnel, as well as external stakeholders.
TECHNICAL REQUIREMENTS: Contractor team ensures that all developed applications and modifications to existing Customer applications operate in compliance with applicable documents. Compliance standards could include security accreditation, program management control gates, integration with external services (e.g., access control, auditing), patching and maintaining current versions of software, outage reporting, accessibility requirements, internal-use software reporting, auditing, logging, solution reconstitution testing, and technical directives. Planned activities shall be coordinated with all stakeholders and approved by the Customer. a. The Contractor Team shall, within an Open-source Environment utilizing Artificial Intelligence (AI) or Machine Learning (ML), develop the ability to correlate data from various sources to create real time pattern of life predictability. b. The Contractor Team shall support ongoing development on tools to gather data from various COTS sensor-based sources and develop systems to return data to Customer. c. The Contractor Team shall support transitioning developed tools and systems to Customer's Enterprise system. d. The Contractor Team shall follow policy requirements related to application retooling and development. e. The Contractor Team shall support tool implementation on Customer's Enterprise system. f. The Contractor Team shall modify applications to meet compliance with the Customer's architectural and Authorization and Accreditation (A&A) process. g. The Contractor Team shall develop tools to enable technology starting from various initial maturity levels. h. The Contractor Team shall develop and support scalable and secure functionality into software applications. i. The Contractor Team shall study how to use Machine Learning to simulate human learning activities, to improve their performance by data analyzing without following the instructions of the program. j. The Contractor Team shall develop data framework for data analysis to support end-user data discovery and data correlation. k. The Contractor Team shall design, setup and perform technical demonstrations. l. The Contractor Team shall incorporate multiple technologies for novel solutions. m. The Contractor Team shall enact ad-hoc technical experiments to test tradecraft concepts.
Cyber Security Engineering a. The Contractor shall analyze systems, including forensically, for malware, misuse, or unauthorized activity. b. The Contractor shall investigate virus/malware alerts/incidents to determine root cause, entry point of code, damage risk, and report this information. c. The Contractor shall investigate and analyze of all data sources, to include Internet, Intelligence Community reporting, security events, firewall logs, forensic hard-drive images, and other data sources to identify malware, misuse, unauthorized activity or other cyber security related concerns. d. The Contractor shall monitor, document, and respond to centrally collected virus alerts. e. The Contractor shall participate in project review meetings and provide technical cyber security guidance when necessary. f. The Contractor shall conduct tier-3 support of current infrastructure. g. The Contractor shall design, test, and integrate new security products as directed by Customer. h. The Contractor shall ensure network defense capabilities are kept current, patched, and securely configured and management informed of status. i. The Contractor shall provide engineering support such as network-based intrusion detection for Customer systems. j. The Contractor shall integrate security products, including designs for all Customer networks. k. The Contractor shall maintain a network diagram for each instruction detection, cyber defense capability and sensors and make available to all Customer personnel. l. The Contractor shall maintain system baselines and configuration management items, including security event monitoring policies in a manner determined and agreed to by the Customer. m. The Contractor shall provide engineering documentation and interact with colleagues to ensure a complete and functioning system that meets requirements. n. The Contractor shall conduct software testing (patches, other updates); beta testing; proof of concept testing. o. The Contractor shall stay abreast Customer's directives, regulations, guidance, notices, and standards on cybersecurity. p. The Contractor shall have detailed knowledge of Intelligence Community Directives (ICDs) related to cybersecurity, at a minimum, ICD 503.
CORE COMPETENCIES: Cyber Security Engineering - Provides policy and technical guidance, Customer systems through the approval process, coordinate Information Security issues and activities, and provides policy and technical guidance to Customer's program, in complete compliance with regulations. Qualifications Required Skills: 1. Demonstrated experience with detailed knowledge of Intelligence Community Directives (ICDs) related to cybersecurity, at a minimum, ICD 503.
2. Demonstrated experience with configuration system or network monitoring tools such as Security Onion or Nagios.
3. Demonstrated experience describing complex technical matters to non-technical trained staff.
4. Demonstrated strong communication skills and decision-making skills.
5. Demonstrated experience with strong cybersecurity and awareness skills.
6. Demonstrated experience deploying Dockerized Python micro services with FastAPI.
7. Demonstrated experience with developing user interfaces with Typescript using the Vue framework with the open-source Leaflet and PixiJS libraries.
8. Demonstrated experience deploying Docker containers for staged applications.
9. Demonstrated experience using Git and Gitlab.
10. Demonstrated experience collecting and managing requirements from users in a formal and adhoc manner.
11. Demonstrated experience using JIRA and Confluence for tracking and managing project progress.
Desired Skills: 1. Demonstrated experience with Sponsor's Enterprise network and security requirements for Authorization To Develop and Authorization To Operate.
2. Demonstrated experience in the design, setup and operation of technical demonstrations.
3. Demonstrated experience enacting ad-hoc technical experiments to test tradecraft concepts.
4. Demonstrated experience or knowledge of cybersecurity frameworks and risk management methodologies.
5. Demonstrated experience or knowledge in public key infrastructure.
6. Demonstrated experience with Unix, Linux, and Windows operating systems.
7. Demonstrated experience with SaaS models and cloud computing.
8. Demonstrated experience or knowledge of using forensic tools.
9. Demonstrated experience or knowledge of vulnerabilities and penetration testing.
10. Bachelor degree or BSc or BA in computer science or 4 years' experience in computer science/software development.
11. Certification(s) or knowledge of certified ethical hacking, GIAC security certifications, EC-Council certified security analyst, security+, or network+.
12. Understanding deploying Dockerized Python micro services with FastAPI.
13. Understanding developing user interfaces with Typescript using the Vue framework with the open source Leaflet and PixiJS libraries.
14. Understanding deploying Docker containers for staged applications.
15. Experience using Git and Gitlab.
16. Experience collecting and managing requirements from users in a formal and adhoc manner.
17. Experience being responsible for developing and maintaining an cloud-based environment that contains data of the highest sensitivity.
18. Experience being responsible for managing databases, applications, data, analytical tools, and extract, transform, load (ETL) pipelines.
19. Experience being responsible for designing, developing, and maintaining user interfaces that programmatically connect to back-end database and systems.
20. Experience primarily working independently as the single point of failure for all systems administration work on the environment.
21. Experience performing security assessments to identify and correct weaknesses or deficiencies within the information system and its environment of operation.
22. Experience being directly involved in processing all customer efforts through the various facets of the Risk Management Framework (RMF) and Assessment & Authorization (A&A) processes.
23. Experience performing system configuration and patch management on live critical systems.
24. Experience implementing corrective actions to address identified vulnerabilities, negotiate and coordinate with the program on an acceptable mitigation plan, and then verifying those mitigations were effectively implemented.
25. Experience acting as a point of contact (POC) with department personnel and performing requirements gathering and application design to support operational facing customer needs in an Agile methodology.
26. ALL POSITIONS:
27. Demonstrated experience or understanding of cellular network operations/exploitation.
28. Demonstrated experience or understanding of vehicle systems telematics.
29. Demonstrated experience with VMware or equivalent.
30. Demonstrated experience or understanding with Python AI/ML.
31. Demonstrated experience or understanding with OpenCV.
32. Demonstrated experience with scikit-learn, tensorflow, or pytorch.
33. Demonstrated experience or understanding with Software Defined Radios (SDR) and related software (KISMET, GNURadio, rtl_433).
34. Demonstrated experience with JavaScript UI libraries such as vuetify, leaflet and pixi.js.
35. Demonstrated experience with opensource video analytic and CCTV tools (i.e. OpenMPF, Shinobi, MotionEye, and/or ffmpeg).
36. Demonstrated experience with ARM, PowerPC, MIPS, and x86, x64 architectures & assembly.
37. Demonstrated experience developing and writing code for soho/mobile devices.
38. Demonstrated experience understanding the design and programming for systems integration of complex systems.
39. Demonstrated experience implementing ICD directives.
40. Demonstrated experience documenting networks and diagraming networks.
41. Demonstrated experience with Sponsor's network and security requirements for Approval to Develop (ATD) and Authority to Operate (ATO).
42. Demonstrated experience or knowledge of using JIRA and Confluence for tracking and managing project progress.
43. Demonstrated experience building production grade applications on relational and unstructured streaming data.
44. Cloud certifications (AWS Solutions Architect, AWS DevOps Professional), and Certified Information Systems Security Professional (CISSP)
45. Experience being responsible for developing and maintaining an cloud-based environment that contains data of the highest sensitivity.
46. Experience primarily working independently as the single point of failure for all systems administration work on the environment.
47. Experience performing security assessments to identify and correct weaknesses or deficiencies within the information system and its environment of operation.
48. Experience being directly involved in processing all customer efforts through the various facets of the Risk Management Framework (RMF) and Assessment & Authorization (A&A) processes.
49. Experience performing system configuration and patch management on live critical systems.
50. Experience implementing corrective actions to address identified vulnerabilities, negotiate and coordinate with the program on an acceptable mitigation plan, and then verifying those mitigations were effectively implemented.
51. Experience acting as a point of contact (POC) with department personnel and performing requirements gathering and application design to support operational facing customer needs in an Agile methodology.

SAIC accepts applications on an ongoing basis and there is no deadline.


Covid Policy: SAIC does not require COVID-19 vaccinations or boosters. Customer site vaccination requirements must be followed when work is performed at a customer site.