Easy Apply

Please enter a valid email.
Please enter a valid phone number.
Please select a valid country.
Please provide a resume.
You must review and agree before submitting.
NCAOC - Security Specialist- Mid Level
Responsible for the Weekends and Holidays Midnight to Noon, (12:00 AM – 12:00 PM), and two weekdays, 12:00 AM – 9:00 AM. Specifically, Fri & Mon12AM - 9AMSat & Sun + Holidays12AM – noon. Additionally, weekly team meeting on Mon at 9AM.

****The manager has a strong preference for local candidates. The work will be 100% remote. However, in the event of a major data center upgrade, best practices would say for the resource to be on site in the event of a catastrophic failure requiring a direct connection. In a rare instance, they may have a meeting where the candidate would need to be on site, but no more than once or twice a year.

***AOC cannot engage candidates beyond the end of Fiscal Year. This position will extend for six months from June 30th, 2024.


Scope Of Work:

No. 1

40% Security Operations and Network Operations (SOC):

·        Responsible for the Weekends and HolidaysMidnight to Noon, (12:00 AM – 12:00 PM), and two weekdays, 12:00 AM – 9:00 AM.  Specifically, Fri & Mon 12AM - 9AMSat & Sun + Holidays 12AM – noon. Additionally, weekly team meeting on Mon at 9AM.

·        Assist in maintaining the NCAOC SecurityOperations Center security posture.

·        Responsible on Weekends and Holidays to respondto Network Operations Center priority one circuit outages.

·        Responsible for creating, triaging, updating,and seeing closure of Security Operations Incident, Request, and EnterpriseChange Management tickets.

·        Monitors and maintains Firewalls andcorresponding management tools (FMC, ASDM), Intrusion Prevention Systems (IPS),Vulnerability Management (VM), Cisco Umbrella domain name security, ISE networkAccess Control, Posturing, and Profiling, IPsec VPN tunnels, AnyConnect remoteusers and security module, Third Party Partner Security Incident and EventManager (SIEM), and other network and cloud security tools.

·        Use tools (Wireshark and interface captures, andlog searching) to assist in troubleshooting network, device configuration, and networksecurity related problems.

·        Responsible for firewall cleanup processes,tasks, and learning firewall tools to assist in performing these processes andtasks.

·        Follow and maintain SOC process and technologydocumentation.

·        Open and work to closure vendor TAC cases,mostly Cisco, to resolve incidents and device issues.

·        Provide reports and metrics for the SOCSupervisor or Operations and Administration Manager as requested.

·        Interface with all other TSD technical teams ininitiatives and activities the require Security Operations Center resources.

 No. 2

20% Network Security and Cybersecurity:

·        Monitor and respond to Third Party Partnerinitiated security investigations.

·        Provide support of the established IncidentResponse Policy from beginning preparation and prevention through post-incidentactivity.

·        Subscribe to and monitor Security ProductAdvisories and Cybersecurity Organization Bulletins researching and ensuringcoverage of security device risks and Common Vulnerability Enumerations (CVE)

·        Update PSIRT/CVE spreadsheet or other reporttracking mechanism to report progress and coverage of Security ProductAdvisories and Cybersecurity Organization Bulletins.

·        Monitor and Maintain the IPS signatures, Blocklists, URL reputation lists, and malware file lists to ensure latest securityrecommendations are implemented.

·        Use monitoring and security diagnostic tools tothreat hunt for network and device vulnerabilities, security risks andpotential threats.

·        Research trends to assist the SecurityOperations team in staying up to date on industry best practices and current Cybersecuritytrends, tools, techniques, and procedures.

 No. 3

30% Network Patching, Upgrading, and Maintenance:

·        Evaluate, plan, and implement network devices, (switches,routers, management tools, etc.) and network security devices and tools(firewalls, IPS, ISE, etc.) upgrades and patches on a monthly and as neededschedule.

·        Coordinates with various TSD teams in theevaluation, planning and implementation of patching, upgrading, and maintenance.

·        Update patching spread sheet to reflect historicand current versioning.

·        Uses software tools to manage patching,upgrading and maintenance of network and security devices (Visio, MicrosoftOffice, etc.)

 No. 4

10% Security Industry and Product Research andTraining

·        Attend, classes, seminars, webinars,conferences, training sites, and research product documentation, to enhanceprofessional development and to progress in the field of Network andCybersecurity trends and developments.

·        Use NCAOC provided resources to attain SecurityProfessional Certificates, (Ex. Cisco CCNA routing and switching, CCNASecurity, CCNP Security, CISSP)

Knowledge, Skills and Abilities:


Knowledge of enterprise network security technologies:Cisco FTD and ASA firewalls, IPS, FMC, IPsec tunnels, AnyConnect client, Cisco ISE,Cisco Umbrella, Third Party SIEM, DDI, DNS, VLANS, NAT Cisco Secure Endpoint(AMP), Load Balancing IP/Domain/URL security intelligence sources (Virus Total,TALOS, etc.)

Knowledge and or possession of Security Profession Certificates,(Cisco CCNA routing and switching, CCNA Security, CCNP Security, CISSP) ispreferred but not required.

Knowledge of NCAOC security policy and Criminal JusticeInformation System (CJIN) policies is preferred but not required.


Skills in enterprise security technology; fundamentalknowledge of the following, IPsec, IPS/IDS Snort Engine, SIEM, IdentityServices Engine (ISE), Vulnerability Management, Access Control/AAA; networkingfundamentals in the areas of enterprise network topology, routers, switches,servers, NAT, DNS; TCP/IP architecture and functionality, Wireshark andinterface captures, and log searching to assist in troubleshooting configurationand network security related problems.


Ability to plan and manage complex projects independentlyand within a team; communicate effectively with users to determine and resolveproblems; communicate technical information to lay persons; interpret andfollow established employment and policies; produce highly technical documents;consider the implications of new technology implementations; balance theapplication and system access business needs of users with network securityprotections.

Required/Desired Skills

SkillRequired /DesiredAmountof Experience
Configuration and administration of Cisco ASA FirewallsRequired3Years
Configuration and administration of Cisco FTD FirewallsRequired3Years
Fundamental knowledge of the following, IPsec, IPS/IDS Snort Engine, SIEM, Identity Services Engine (ISE), Vulnerability ManagementRequired3Years
Fundamentals in the areas of enterprise network topology, routers, switches, servers, NAT, DNS; TCP/IP architecture and functionalityRequired3Years
Works independently to accomplish short and long term project goals with clear and concise communication to team members and managementRequired3Years


Question1Absences greater than two weeks MUST be approved by CAI management in advance, and contact information must be provided to CAI so that the resource can be reached during his or her absence. The Client has the right to dismiss the resource if he or she does not return to work by the agreed upon date. Do you accept this requirement?
Question2Please list candidate’s email address.
Question3Please indicate how soon this candidate is available to start work. Vendors are encouraged to submit candidates that are available for the duration of the assignment.
Question4Vendor must disclose to the agency if the candidate will be subcontracted at the time of submission. Do you accept this requirement?
Question5Vendor must notify the agency if any portion of the requirements listed in this task order are to be outsourced to other countries. Do you accept this requirement?
Question6Candidates submitted above the rate of - will not be considered. Do you accept this requirement?
Question7Payment for all approved hours will be paid at the straight hourly rate regardless of the total hours worked by the engaged resource. It is the responsibility of the supplier to adhere to any applicable compensation laws including payment for overtime hours. Do you accept this requirement?
Question8Please confirm you have thoroughly validated, and attest to the accuracy of, the credentials listed throughout this candidate’s VectorVMS profile and resume pursuant to Section 5.2.5 of ITS-009440. Do you confirm?