Yesterday
Secret
Senior Level Career (10+ yrs experience)
$138,000
No Traveling
IT - Security
Provide expert cybersecurity assessment, analysis, and strategic recommendations to support the Agency's comprehensive Zero Trust (ZT) deployment. All efforts shall be performed in strict accordance with the principles and guidelines set forth in NIST Special Publication 800-207 (Zero Trust Architecture), NIST Special Publication 800-53 (Security and Privacy Controls for Information Systems and Organizations), and relevant Department of Defense (DoD) Zero Trust Guidelines, ensuring a secure, resilient, and successful ZT implementation across the Agency's operational environment.
Responsibilities:
*Monitor the performance and effectiveness of implemented Zero Trust solutions and provide recommendations for ongoing optimization and tuning to enhance security and user experience.
*Advise the Agency on emerging Zero Trust technologies, threats, and best practices to support continuous improvement of the ZT posture
*Perform a detailed gap analysis between the Agency's current state and the DoD Zero Trust Strategy pillars (User, Device, Application/Workload, Data, Network/Environment, Automation/Orchestration, Analytics/Visibility) and maturity model, inclusive of technology, process, and policy gaps.
*Assess existing Multi-Factor Authentication (MFA) implementations across all applicable access points (users, devices, applications) and identify areas for integration and enhancement to align with Zero Trust principles.
*Evaluate current Identity Provider (IdP) capabilities and identify opportunities for modernization and integration with enterprise IdPs (e.g., DoD Enterprise Identity, Credentials, and Access Management (ICAM)).
*Review current access policies and identify opportunities for integrating Conditional Access policies based on user, device, location, and application context.
*Assess existing capabilities for continuous device assessment and compliance enforcement to identify areas for improvement and potential integration of new solutions.
*Evaluate device integrity checks and automated remediation processes for non-compliant devices, identifying gaps and opportunities for enhancement.
*Evaluate the current state of Application Programming Interface (API) security and Web Application Firewall (WAF) integration, identifying opportunities for enhancement and implementation where applicable.
*Assess the current state of data loss prevention capabilities and identify opportunities to implement or integrate Data Loss Prevention (DLP) solutions to protect sensitive data (e.g., CUI, PII).
*Evaluate existing data encryption strategies (at rest and in transit) and advise on potential enhancements or new implementations.
*Assess the Agency's network infrastructure to identify opportunities for designing and implementing logical micro-segmentation (e.g., using SDN, network overlays, or firewall rule sets).
*Evaluate current remote and on-premises access methods and identify where ZT solutions could be implemented to provide secure, granular access to internal resources, replacing or augmenting traditional VPNs.
*Review the configuration and optimization of existing network security controls (firewalls, IDS/IPS) to identify areas for improvement in enforcing Zero Trust policies.
Requirements:
DoD IAT II required certification/s (one of the following):
o CCNA-Security
o CySA+ (CSA+)
o GICSP
o GSEC
o Security+ CE
o CND
o SSCP
Location: Remote Work Available - Fort Lee, VA or Smyrna, GA
Responsibilities:
*Monitor the performance and effectiveness of implemented Zero Trust solutions and provide recommendations for ongoing optimization and tuning to enhance security and user experience.
*Advise the Agency on emerging Zero Trust technologies, threats, and best practices to support continuous improvement of the ZT posture
*Perform a detailed gap analysis between the Agency's current state and the DoD Zero Trust Strategy pillars (User, Device, Application/Workload, Data, Network/Environment, Automation/Orchestration, Analytics/Visibility) and maturity model, inclusive of technology, process, and policy gaps.
*Assess existing Multi-Factor Authentication (MFA) implementations across all applicable access points (users, devices, applications) and identify areas for integration and enhancement to align with Zero Trust principles.
*Evaluate current Identity Provider (IdP) capabilities and identify opportunities for modernization and integration with enterprise IdPs (e.g., DoD Enterprise Identity, Credentials, and Access Management (ICAM)).
*Review current access policies and identify opportunities for integrating Conditional Access policies based on user, device, location, and application context.
*Assess existing capabilities for continuous device assessment and compliance enforcement to identify areas for improvement and potential integration of new solutions.
*Evaluate device integrity checks and automated remediation processes for non-compliant devices, identifying gaps and opportunities for enhancement.
*Evaluate the current state of Application Programming Interface (API) security and Web Application Firewall (WAF) integration, identifying opportunities for enhancement and implementation where applicable.
*Assess the current state of data loss prevention capabilities and identify opportunities to implement or integrate Data Loss Prevention (DLP) solutions to protect sensitive data (e.g., CUI, PII).
*Evaluate existing data encryption strategies (at rest and in transit) and advise on potential enhancements or new implementations.
*Assess the Agency's network infrastructure to identify opportunities for designing and implementing logical micro-segmentation (e.g., using SDN, network overlays, or firewall rule sets).
*Evaluate current remote and on-premises access methods and identify where ZT solutions could be implemented to provide secure, granular access to internal resources, replacing or augmenting traditional VPNs.
*Review the configuration and optimization of existing network security controls (firewalls, IDS/IPS) to identify areas for improvement in enforcing Zero Trust policies.
Requirements:
DoD IAT II required certification/s (one of the following):
o CCNA-Security
o CySA+ (CSA+)
o GICSP
o GSEC
o Security+ CE
o CND
o SSCP
Location: Remote Work Available - Fort Lee, VA or Smyrna, GA
group id: 90982409
