Physical Security Network Engineer

About The Position

Requirements

• Minimum of five (5) years of relevant security IT/network engineering experience, preferably within the U.S. Department of Defense (DOD) community.
• Must possess a current CompTIA Security + (SEC+) or equivalent certification.
• Must possess a current CISCO Certified Network Associate (CCNA) certification or equivalent.
• Must have HS diploma; Bachelors degree or higher preferred.
• Must possess the Lenel Certified Professional (LGE-Core, LGE-Access, and LGE- Enterprise) certification or obtain within 120 days after hire.
• Maintain knowledge of the Federal Enterprise Architecture (FEA) and Department of Defense (DoD) Enterprise Architecture framework (e.g., SIPR, NIPR and Joint Worldwide Intelligence Communications Systems (JWICS) networks), and the Information Technology (IT)/Cybersecurity rules and regulatory authorities to develop and implement policies and planning concepts, and project management methods.
• Maintain knowledge of governing laws, regulations, precedents, and directives governing DoD security programs (e.g. information, personnel, physical, industrial, etc.).
• Possess general knowledge and perspective of the operational, procedural, and technical standards that achieve interoperability with other non-DoD Federal Government agencies.
• Maintain proficiency using basic Microsoft Office software applications (e.g., Word, PowerPoint, Excel, and Access).
• Must have an active TS/SCI security clearance.

Nice To Haves

• Bachelors degree or higher preferred.

Responsibilities

• Responsible for the ESS/LENEL network infrastructure, operation/maintenance (O&M) and lifecycle.
• Provide a Tier 3 IT problem solving solution and have the ability to identify, document, and resolve major problems; operate, monitor, alert, manage, maintain, install, and troubleshoot USSOUTHCOM Security ESS network infrastructure devices and services; provide services for all aspects of network management and operations, including policies, procedures, implementation, technology integration, and guidance for both scheduled and unscheduled maintenance.
• Maintain responsibility for the research and development of solutions to new or unknown issues.
• Analyze code and data; responsible for designing and developing one or more courses of action, evaluating each of these courses in a test-case environment, and implementing the best solution to the problem.
• Network Security Hardware O&M – configure, maintain, analyze, and monitor data output from the ESS network security hardware to accurately detect and respond to threats across the network; operate, monitor, alert, manage, maintain, install, and troubleshoot the ESS network infrastructure devices and services; provide technical recommendations for the development of policies for all aspects of network management and operations.
• Domain Name Service (DNS) – provide internal and external IPv4 primary and secondary DNS services for USSOUTHCOM security ESS network.
• Monitoring and Management Solutions – leverage the Fault, Configuration, Accounting/Administration, Performance, and Security (FCAPS) framework for network management; monitor, alert, and forecast problems before they arise; alert and consult the Government on any fault, performance, and/or security issues that may arise.
• Access Control – operate and maintain enterprise applications and devices for network Authentication, Authorization, and Accounting (AAA), port authentication, network end-device compliance, device profiling, and policy compliance.
• Log Management – configure and maintain all network equipment for log collection and retention according to applicable policies and regulations (includes services to configure, maintain, analyze, and monitor data input and output from the SIEM tools in order to accurately detect and respond to problems, outages, and security threats); provide intelligent insights that enable quick response measures to reduce the impact of incidents and proactively prevent future incidents; configure, test, fine-tune, and maintain all rule sets within SIEM; sets exhibit fluidity to adapt to changes within the AO Uniform environment; analyze and investigate all alerts/offences generated within SIEM on a daily basis, and resolve offences upon termination of analysis/investigation; analyze and fine-tune rule sets to reduce false positives within the SIEM.
• Storage – manage, update, and troubleshoot all Storage Area Network (SAN) and other storage technology devices across the USSOUTHCOM Security ESS network.
• Backups – manage backup services including file-level and system-level recovery services; develop and implement a successful Backup Plan that supports the traditional IT backup.
• Virtualization – provide services for virtualized platforms and systems which include, but are not limited to, automated system provisioning, deployment, and servicing of multiple physical and virtual enclaves.
• Active Directory (AD) – provide all AD management services including, but not limited to, DNS, DHCP, group policy, and certificates.
• Application Operations – execute services covering engineering, installation, and O&M of various applications and their operating environments.
• Systems Operations – provide systems operations services including manual and automated processes to perform activities such as imaging, patching, application deployment, system monitoring, application monitoring, and service operations.
• End User Device Operations – execute engineering, installation, and O&M services for multiple end-user device types, including manual and automated provisioning/de-provisioning, thin/zero client services, imaging, monitoring, patching, and application virtualization.
• Password Management – engineer, install, operate, and maintain a password management system.
• Adhere to incident reporting requirements and handling procedures as required by USSOUTHCOM regulations, and CJCSI Cyber Conditions (CYBERCON).
• Respond to critical ESS failures after duty hours, on holidays, or weekends as needed to maintain the integrity and accreditation/certification of DoD classified information processing areas; provide and maintain standby roster for after/off duty hours two-hour response.
• Develop and establish a system to track maintenance agreements with Lenel, Quest, Solar Winds, Microsoft, NETAPP, Thales, and all other software/hardware components that support ESS; update status on Weekly Activity Report (WAR).
• Research, advise, and provide recommendations/quotes for all ESS and Physical Security enhancements procurements, including all ESS components including IT hardware and software, X-Ray machines, metal detectors, turnstiles, PED storage and other physical security enhancements; adhere to all federal, local, and USSOUTHCOM J2 Physical Security policies regarding procurements.
• Provide Physical Security support as assigned by government leadership to include but not limited to customer service, X-Ray machine relocation/maintenance, Autocrib relocation/maintenance, and etcetera.