WEEKENDS AND HOLIDAYS CONTRACTOR POSITIONS SCOPE AND KNOWLEDGE/SKILLS/ABILITIES
Scope Of Work:
No. 1
40% Security Operations and Network Operations (SOC):
· Responsible for the Weekends and HolidaysMidnight to Noon, (12:00 AM – 12:00 PM), and two weekdays, 12:00 AM – 9:00 AM. Specifically, Fri & Mon 12AM - 9AMSat & Sun + Holidays 12AM – noon. Additionally, weekly team meeting on Mon at 9AM.
· Assist in maintaining the NCAOC SecurityOperations Center security posture.
· Responsible on Weekends and Holidays to respondto Network Operations Center priority one circuit outages.
· Responsible for creating, triaging, updating,and seeing closure of Security Operations Incident, Request, and EnterpriseChange Management tickets.
· Monitors and maintains Firewalls andcorresponding management tools (FMC, ASDM), Intrusion Prevention Systems (IPS),Vulnerability Management (VM), Cisco Umbrella domain name security, ISE networkAccess Control, Posturing, and Profiling, IPsec VPN tunnels, AnyConnect remoteusers and security module, Third Party Partner Security Incident and EventManager (SIEM), and other network and cloud security tools.
· Use tools (Wireshark and interface captures, andlog searching) to assist in troubleshooting network, device configuration, and networksecurity related problems.
· Responsible for firewall cleanup processes,tasks, and learning firewall tools to assist in performing these processes andtasks.
· Follow and maintain SOC process and technologydocumentation.
· Open and work to closure vendor TAC cases,mostly Cisco, to resolve incidents and device issues.
· Provide reports and metrics for the SOCSupervisor or Operations and Administration Manager as requested.
· Interface with all other TSD technical teams ininitiatives and activities the require Security Operations Center resources.
No. 2
20% Network Security and Cybersecurity:
· Monitor and respond to Third Party Partnerinitiated security investigations.
· Provide support of the established IncidentResponse Policy from beginning preparation and prevention through post-incidentactivity.
· Subscribe to and monitor Security ProductAdvisories and Cybersecurity Organization Bulletins researching and ensuringcoverage of security device risks and Common Vulnerability Enumerations (CVE)
· Update PSIRT/CVE spreadsheet or other reporttracking mechanism to report progress and coverage of Security ProductAdvisories and Cybersecurity Organization Bulletins.
· Monitor and Maintain the IPS signatures, Blocklists, URL reputation lists, and malware file lists to ensure latest securityrecommendations are implemented.
· Use monitoring and security diagnostic tools tothreat hunt for network and device vulnerabilities, security risks andpotential threats.
· Research trends to assist the SecurityOperations team in staying up to date on industry best practices and current Cybersecuritytrends, tools, techniques, and procedures.
No. 3
30% Network Patching, Upgrading, and Maintenance:
· Evaluate, plan, and implement network devices, (switches,routers, management tools, etc.) and network security devices and tools(firewalls, IPS, ISE, etc.) upgrades and patches on a monthly and as neededschedule.
· Coordinates with various TSD teams in theevaluation, planning and implementation of patching, upgrading, and maintenance.
· Update patching spread sheet to reflect historicand current versioning.
· Uses software tools to manage patching,upgrading and maintenance of network and security devices (Visio, MicrosoftOffice, etc.)
No. 4
10% Security Industry and Product Research andTraining
· Attend, classes, seminars, webinars,conferences, training sites, and research product documentation, to enhanceprofessional development and to progress in the field of Network andCybersecurity trends and developments.
· Use NCAOC provided resources to attain SecurityProfessional Certificates, (Ex. Cisco CCNA routing and switching, CCNASecurity, CCNP Security, CISSP)
Knowledge, Skills and Abilities:
Knowledge:
Knowledge of enterprise network security technologies:Cisco FTD and ASA firewalls, IPS, FMC, IPsec tunnels, AnyConnect client, Cisco ISE,Cisco Umbrella, Third Party SIEM, DDI, DNS, VLANS, NAT Cisco Secure Endpoint(AMP), Load Balancing IP/Domain/URL security intelligence sources (Virus Total,TALOS, etc.)
Knowledge and or possession of Security Profession Certificates,(Cisco CCNA routing and switching, CCNA Security, CCNP Security, CISSP) ispreferred but not required.
Knowledge of NCAOC security policy and Criminal JusticeInformation System (CJIN) policies is preferred but not required.
Skills:
Skills in enterprise security technology; fundamentalknowledge of the following, IPsec, IPS/IDS Snort Engine, SIEM, IdentityServices Engine (ISE), Vulnerability Management, Access Control/AAA; networkingfundamentals in the areas of enterprise network topology, routers, switches,servers, NAT, DNS; TCP/IP architecture and functionality, Wireshark andinterface captures, and log searching to assist in troubleshooting configurationand network security related problems.
Abilities:
Ability to plan and manage complex projects independentlyand within a team; communicate effectively with users to determine and resolveproblems; communicate technical information to lay persons; interpret andfollow established employment and policies; produce highly technical documents;consider the implications of new technology implementations; balance theapplication and system access business needs of users with network securityprotections.
| Skill | Required /Desired | Amount | of Experience |
|---|---|---|---|
| Configuration and administration of Cisco ASA Firewalls | Required | 3 | Years |
| Configuration and administration of Cisco FTD Firewalls | Required | 3 | Years |
| Fundamental knowledge of the following, IPsec, IPS/IDS Snort Engine, SIEM, Identity Services Engine (ISE), Vulnerability Management | Required | 3 | Years |
| Fundamentals in the areas of enterprise network topology, routers, switches, servers, NAT, DNS; TCP/IP architecture and functionality | Required | 3 | Years |
| Works independently to accomplish short and long term project goals with clear and concise communication to team members and management | Required | 3 | Years |
| No. | Question |
|---|---|
| Question1 | Absences greater than two weeks MUST be approved by CAI management in advance, and contact information must be provided to CAI so that the resource can be reached during his or her absence. The Client has the right to dismiss the resource if he or she does not return to work by the agreed upon date. Do you accept this requirement? |
| Question2 | Please list candidate’s email address. |
| Question3 | Please indicate how soon this candidate is available to start work. Vendors are encouraged to submit candidates that are available for the duration of the assignment. |
| Question4 | Vendor must disclose to the agency if the candidate will be subcontracted at the time of submission. Do you accept this requirement? |
| Question5 | Vendor must notify the agency if any portion of the requirements listed in this task order are to be outsourced to other countries. Do you accept this requirement? |
| Question6 | Candidates submitted above the rate of - will not be considered. Do you accept this requirement? |
| Question7 | Payment for all approved hours will be paid at the straight hourly rate regardless of the total hours worked by the engaged resource. It is the responsibility of the supplier to adhere to any applicable compensation laws including payment for overtime hours. Do you accept this requirement? |
| Question8 | Please confirm you have thoroughly validated, and attest to the accuracy of, the credentials listed throughout this candidate’s VectorVMS profile and resume pursuant to Section 5.2.5 of ITS-009440. Do you confirm? |