IS/IT Subject Matter Expert Level V- Continuous Network Defense

Information Systems Solutions (ISS) is looking for an IS/IT Subject Matter Expert Level V to support the JS J7 Joint Training DevSecOps pipeline core infrastructure and data center in Suffolk, VA. The selected candidate will be responsible for supporting the Deputy Directorate, Joint Training (DDJT) for Continuous Network Defense (CND) cybersecurity engineering.

This role is 100% onsite.

Why Work For ISS?

At ISS we pride ourselves on providing an employee-focused and family first environment. Being a small business, we take the time to get to know our employees and have a vested interest in helping them achieve their career goals. We work to schedule regular social gatherings within the company to foster camaraderie. ISS values their employees by providing a comprehensive benefits package that includes a fully vested 401(k) matching program, coverage of family medical deductibles, spot bonuses, and educational assistance to further your career.

Clearance Level

TS/SCI clearance

Key Responsibilities

• Serve as the primary Subject Matter Expert (SME) for all aspects of the Continuous Network Defense cybersecurity tools in accordance with all applicable DoD Instructions (DoDI), policies and regulations.
• Utilize Tenable and Nessus to perform regularly scheduled discovery and vulnerability scans, provide analysis of results, and development mitigation strategies to reduce overall risk surface.
• Manage Trellix ePO and deploy endpoint products such as ENS, PA, DLP, etc., to implement and enforce endpoint security policies in accordance with response to and mitigation of potential threats.
• Implementation of ForeScout policies for Comply-To-Connect (C2C) initiative, to ensure continuous compliance and quarantining of unauthorized, noncompliant devices.
• Monitoring of Cortex Xpanse to identify and assess external-facing assets and responding to alerts with the corrective action to mitigate the findings.
• Ensure continuous data flow is active for the Continuous Monitoring and Risk Scoring (CMRS) DoD system, including endpoint security data (Trellix), vulnerability and flaw remediation (Tenable), and security compliance data (ForeScout).
• Configuration, modification and deployment of security policies on Cisco Firepower Management Console (FMC) to ensure intrusion prevention (IPS) is enforced at the network security level.
• Utilize and validate DNS and DHCP data within Infoblox, monitoring for anomalous records, unauthorized entries, and removal of duplicate records.
• Implementation of AD Audit Engine to detect and investigate anomalous, malicious or malformed activity within Active Directory, to identify potential insider threats and/or compromised accounts.
• Conduct threat hunts and active/passive reconnaissance using network traffic analysis, heuristic analysis, and cybersecurity data analysis to identify and mitigate indicators of compromise (IoC), misconfigured systems, and advanced persistent threat actors (APTs).

Certifications (IAT Level III)

One of the following:

• CISA
• GSE
• SCNCA
• CISSP (or Associate)
• GCIH

Functional area training certificates:

• DISA ACAS Operator Computer Based Training
• Annual Cyber Awareness Training

Required Skills and Experience

• A Master's of Cybersecurity or related degree, or 10 years of experience in cybersecurity engineering focused on Government-approved cybersecurity tools.
• At least 5 years of experience related to DoD cybersecurity vulnerability detection and response utilizing tools within FISMA compliance.