Viperion Tech Careers

Cybersecurity Professionals

Automation and Optimization

The purpose of Automation and Optimization is to keep pace with, and find creative ways to, integrate emergent technologies into existing customer cybersecurity workflows and processes. This effort shall improve and optimize methods and technologies in support of continuous monitoring analytics for customer IS, develop and implement test scripts, tools, and procedures that satisfy customer security control requirements. Maintain and improve existing tools and workflows, develop new solutions as needed, while keeping pace with emerging technologies to maximize business process efficiency, develop a list of cybersecurity integration objectives and agree to a delivery schedule. Implement continuous improvement to expand, improve, and optimize monitoring methods and technologies aligned with NGA’s cybersecurity goals and objectives. Define processes and integrate Government provided software components to facilitate consuming Enterprise Security Services (ESS) and inform optimized continuous monitoring analytics within NGA IS. Incorporate test scripts, tools, and procedures that ensure security controls are implemented correctly, operate as intended, and produce sufficient evidence to demonstrate that security requirements are satisfied. Integrate Government provided tools, test procedures, and processes that deliver consistent cybersecurity solutions within DevSecOps pipeline environments.

Required: Must have an IAT certification at Level 3 or an industry recognized developer certification or a degree from an accredited institution with a major in a relevant cybersecurity or IT area.

Computer Network Exploitation

The purpose of CNE is to examine and simulate adversarial activity to support risk management decisions on networks and recommend appropriate mitigations against exploitable threats discovered. Coordinate with stakeholders internal and external to NGA on threat activities and to support operations as a third party and advise NGA leadership on emerging threats when appropriate. Conduct advanced adversary and insider threat emulation, in accordance with the defined Rules of Engagement, on enterprise systems and networks to determine enterprise risk posture and determine root cause, actionable remediation’s or mitigations, countermeasures and defensive training. Emulation activities may include participation with other NGA entities or external organizations. Conduct penetration testing to evaluate the effectiveness of the security controls levied against enterprise systems and networks. Conduct vulnerability validations, coordinating with internal and external entities for validating fixes of responsibly disclosed vulnerabilities/exposures. Conduct incident response activities that provide technical subject matter expertise and analytic support to NGA Counterintelligence and Cyber Defense Provider components. Perform threat emulation of risks and vulnerabilities identified on the NGA IT enterprise. Develop and deliver CNE assessment reports at the conclusion of all CNE activities (e.g., penetration tests, insider threat emulation activities, etc.). The number of days from the completion of the CNE activity to the delivery of the CNE assessment report shall be 5 business days. Provide day-to-day maintenance (routine, preventative, and corrective) of all NGA CNE equipment to ensure consistent, reliable and secure service availability. Create Tactics, Techniques and Procedures (TTP) and Attack/Penetration Research and Development.

Required: Must have an advanced Computer Network Defender Service Provider (CND-SP)/Cyber Security Service Provider (CSSP) certification focused on ethical hacking (e.g., OCSP, OSCE, OSEE, GSE, GXPN, CEPT). Must have at least an IAT Level 3 certification with one penetration testing certification or an IAT certification with two penetration testing certifications (e.g., GPEN, GWAT, GCIH, CEH, GPYC, LPT, CPT).

Cross Domain Governance

The purpose of Cross-Domain Governance is to implement the vision of becoming the governance one-stop-shop for all cross domain capabilities, both enterprise and mission focused, for the totality of the GEOINT Mission. Support to the Cross Domain Support Office will include governance of delivering cross domain capability at mission speed, defending the classified networks, enabling federated cross domain services and developing cross domainexpertise throughout NGA. Establish and maintain a comprehensive inventory, and common operating picture of all NGA Cross Domain connections and data flows. Support the development and maintenance of a Government approved NGA Cross Domain Strategic Plan that includes an Enterprise Cross Domain Service (ECDS) Provider Roadmap, NGA Cross Domain Consolidation Plan, and CDSO Communications Plan. Perform architectural and engineering analyses of existing and proposed Cross Domain requirements and systems to determine their feasibility, impacts to the NGA risk posture, benefits to the NGA mission, and adherence to NGA’s ECDS Provider Roadmap and NGA Cross Domain Consolidation Plan. Support the development, maintenance, and implementation of a Government approved Cross Domain Support Office Governance Concept of Operations (CONOPS) with a common, reusable framework for governing all Cross Domain systems in NGA, to include, but not limited to: Standardized Rule Sets for Cross Domain Data Flows and a Cross Domain Filter Policy Catalog and Repository. Provide technical support to the Cross Domain Support Office by reviewing new, or modified Cross Domain Solution requirements. Establish and maintain a comprehensive architectural and technical summary of all NGA Cross Domain connections, and data flows. Determine if existing NGA Cross Domain Solution implementations can meet existing and emerging requirements. Assess proposed Cross Domain solutions for technical feasibility and potential impacts to NGA risk posture. Support Risk Management decisions for all Cross Domain Solutions by providing CDS expert informed security and risk assessments and recommendations.

Required: Personnel performing Cross-Domain Governance services shall have an IAT, Information Assurance Management (IAM), or Information Assurance System Architect and Engineer (IASAE) certification at Level 3.

Cyber Business Intelligence

Experience with utilizing the cybersecurity data provided and organize it in a way that is logical and retrievable utilizing NGA data science and presentation tools. Analyze cybersecurity data to deliver work products and recommend actions. Employ industry standard data science techniques to develop information enabling rapid, actionable, and timely decision making and improve NGA cybersecurity posture. Identify, coordinate, and manage cybersecurity performance measures and metrics to understand, enhance, and portray NGA’s cybersecurity posture. Develop methods to identify, collect, process, manage, and analyze large volumes of data for use in building actionable cybersecurity business intelligence and supporting compliance and reporting requirements. Perform data mining and retrieval, and apply statistical, mathematical, and predictive analyses to identify trends and support data-driven decision processes to improve operational effectiveness and generate cybersecurity intelligence using a range of Government provided commercial and open-source tools. Create methods for centralized, near real-time presentation of cybersecurity intelligence using techniques such as data visualization, performance scorecards, dashboards, and recurring reports. Deliver weekly Analytic Projects such as Performance and Cybersecurity Business Intelligence, Risk Management, and Investment Planning reports. For example, weekly reporting zero day vulnerabilities, and IS that have a high availability but do not have disaster recovery plans or back up communications. Deliver dynamic repeatable visualizations / status dashboards for monitoring and performance tools (e.g., ArcSight, RedSeal, Netwitness, XACTA 360, ACAS, and Configuration Management Data Base (CMDB)).

Cybersecurity Software Assurance

The purpose of Cybersecurity Software Assurance is to determine the risk of using commercial, government, and open-source software within NGA and employs software code analysis techniques to mitigate risk during Software Development Life Cycles (SDLC).

Required: All personnel performing Cybersecurity Software Assurance services shall have an IAT certification at Level 3 or an industry recognized developer certification or a degree from an accredited institution with a major in a relevant area.

Cyber Supply Chain Risk Management

The purpose C-SCRM is to develop, implement, and mature the NGA C-SCRM program. This effort shall ensure alignment with NGA’s SCRM program requirements and objectives, participate in the NGA SCRM process when necessary and incorporate lessons learned to improve NGA’s cybersecurity objectives. Support the development, maintenance, and implementation of a Government approved C-SCRM program, ensuring adherence with NGA’s SCRM program requirements. Provide cybersecurity inputs to the NGA SCRM process, to include supporting C-SCRM cases. Leverage outputs from the SCRM process to enhance cybersecurity activities.

Required: All personnel performing C-SCRM services shall have an IAT or IAM certification at Level 3.

                                                                                  Active TS/SCI required

Cybersecurity

We are currently seeking cybersecurity professionals to enable the customer to build, operate, support, defend, extend, and engage in cyberspace, thus ensuring US warfighters maintain the information advantage over our adversaries. More ever, the impending EC2 vehicle supports and enables the entire cyber framework, including C2, cyber operations, cyber planning, cyber security, cyber analysis, full spectrum testing, TTP development, modeling and simulation, cyber mission essential support, threat assessment support, targeting and analysis support, real time operation and integration activities, software and tool development, vulnerability research, intrusion detection and prevention support, cyber qualification training, and strategic management support.

High level description of duties include:

Operate and Maintain (O&M): The Contractor shall provide the technical support, administration, and maintenance necessary to ensure effective and efficient information system performance and security.

Training: The contractor shall provide continuous learning and adherence to Governmental training mandates and related policies.

Management and Policy: The contractor shall provide assistance and support for Governmental leadership, management, direction, or development and advocacy to effectively conduct cybersecurity work.

Protect and Defend: The contractor shall identify, analyze, and mitigate threats to internal information systems and/or networks.

Analyze: The contractor shall perform highly-specialized review and evaluation of incoming cybersecurity information to determine its usefulness for intelligence.

Collect and Operate: The contractor shall provide specialized denial and deception operations and collection of cybersecurity information that may be used to develop intelligence.

Investigate: The contractor shall investigate cybersecurity events or crimes related to information systems, networks, and digital evidence

Securely Provision: The contractor shall conceptualize, design, procure, and/or build secure information systems, with responsibility for aspects of system and/or network development.

 

Active TS/SCI required

© 2022 Viperion Tech
Website Developed by Wicked Design.