Cybersecurity, IT Compliance, Information Security
Become part of the XLA team supporting the National Archives and Records Administration (NARA) located in College Park, MD. We are looking for a Cybersecurity Subject Matter Expert (SME) with an active Top Secret Clearance who will possess a broad knowledge of the domain including network security, system security, vulnerability scanning, web-based application scanning, risk assessments, security engineering, etc. Experience configuring, managing and running Security Operation Center (SOC) type tools (e.g., Tenable Continuous View, FireEye Threat Management System, Snort, etc.). SME will support a Federal Civilian Agency with vulnerability management and incident response work. The position involves working in a small focused team that follows the Federal Continuous Monitoring strategy for prioritization of resources and providing support that provides the greatest impact with limited resources. Team members have a large set of cross-functional abilities to support all aspects of Cybersecurity.
Conduct vulnerability scans and assessments against agency information systems, web applications and web services
Conduct assigned activities within the security Incident response and handling lifecycle. These activities could include: detection, triage, analysis, containment, recovery and reporting.
Coordinate response, triage and recovery activities for security events affecting the agency’s information assets
Assist with expanding and maturing existing vulnerability management and incident response processes and activities.
Coordinate with system owners and IT operations to remediate and resolve issues discovered during security scans, system assessments, system audits, and cyber security investigations.
Conduct security assessments and testing for agency’s different cloud platform types (i.e., IaaS, SaaS, PaaS)
Conduct on-demand scans, assessments, and audits to assess the cyber security posture of the various on-premises and cloud-based NARA information systems.
Provide security engineering reviews and recommendations to agency System Owners and Information System Security Officers
Develop and implement technical solutions to help mitigate security vulnerabilities
Analyze network and host-based security logs to identify potential security threats
Develop/review documentation for Security Operations procedures
10-15 years of cybersecurity engineering experience
Industry Security Certifications such as CISSP, CASP, GCIA, GCIH, OSCP, etc.
Experience with different aspects of security engineering including knowledge of network security, operating system security, database security, and web application technologies
Extensive knowledge of the Linux and Windows operating systems
Strong understanding of TCP/IP protocol
Strong troubleshooting skills
Ability to communicate technical information to non-technical users
Experience with some of the following types of technologies: SIEM (SecurityCenter, Splunk, etc.); Firewalls, both network and host based; Application or web content filtering; IDS/IPS
Knowledge of security principles with cloud-based services such as AWS
NMAP and other network mapping tools
3-5+ years of experience in either a system or network administrator role
Experience with some of the following technologies: AWS, VMWare products, Tenable suite of tools, SiLK, NetFlow, Snort, FireEye, etc.
Master’s Degree or other equivalent degree program
Preferred Additional Skills, Knowledge and Experience:
Master's degree with an IT or Computer Science focus
Security Architecture review experience
Scripting and automation (Python, Perl, Ruby, etc.)
Penetration testing experience
Strong verbal and written communication skills
Ability to work in a cross-functional team environment
Flexible, Dependable and Self-motivated
Willingness to learn new skills from peers
Top Secret (TS) w / Ability to obtain SCI
2 openings. Employer does not assist with relocation costs.
Internal Number: 2700
XLA is an award-winning government services provider with 400 employees both domestically and internationally. Our core competencies are Program Lifecycle Management, Engineering and Technical Solutions, and International Program Support services. As agencies face declining budgets and a rising demand for services, XLA provides the continuous support needed to overcome those challenges.
XLA has the project management expertise needed to successfully meet contract requirements and provide excellent performance. XLA has a consistent record of delivering high-quality, agile, and cost-effective solutions, as evidenced by our consistent growth rate and repeat customers.
XLA was named Contractor of the Year for revenue category $25-$75M at the 2013 Greater Washington Government Contractor Awards. We are also a recipient of SmartCEO's GovStar "Star Workplace" award for Large business and XLA continues to receive industry recognition for rapid growth and outstanding performance.