Senior Network Defense Design Engineer

Leidos is pleased to announce that it has been awarded the Next Generation Enterprise Network-Recompete (NGEN-R) Contract.  This is an eight-year, $7.7 billion contract that is responsible for maintaining and modernizing the main global network of the Navy and Marine Corps.

NGEN-R is the largest IT services program for the Navy. Under the Service Management, Integration, and Transport portion of NGEN-R, the Leidos team will deliver the core backbone of the Navy-Marine Corps Intranet, including cybersecurity services, network operations, service desk, and data transport. Ultimately, Leidos will support the Navy in unifying its shore-based networks and data management to improve capability and service while also saving significant dollars by focusing efforts under one enterprise network.

Job Description
The selected candidate will operate all assist the Government Lead in the daily engineering duties on systems. Additional job duties and responsibilities include:

• Operate and manage all aspects of Information Systems, data availability, integrity, authentication, confidentiality, and non-repudiation.

• Implement and monitor security measures for communication systems, networks, and provide advice that systems and personnel adhere to established Government security requirements.

• Develop and execute security policies, plans, and procedures.

• Develop Continuity of Operations Plan/Disaster Recovery (COOP/DR) plans and support certification of Information Systems and Networks.

• Operate and Design Enterprise solutions for Logging, Forensics, Security Incident and Event Management (SIEM), and Design Network Access Control (NAC).

• Design and implement the Enterprise Services portion of the Sensor Grid within the security infrastructure that collects intrusion, incident, and audit data from a collection of sources including, but not limited to, Content Monitoring products, Content Filtering products, Host Based Security System (HBSS) for servers and hosts with the capability for packet capture, deep inspection, and customized signature capability.

• Design and implement HW sensors into the Navy/Marine Corps architecture for on-call and future CND tools.

• Design, plan, and implement actions on the enterprise as required by each of the Cyber Readiness Conditions.

• Design and integrate Computer Network Defense (CND) mechanisms, including anti-spam tools, Network Access Control, HBSS, and HBSS Device Control Modules at Enterprise locations.

• Assist with the development and integration of identity and access management requirements.

• Execute Project Management tasks such as developing a Plan of Actions and Milestones (POA&M) for system compliance. 

• Monitor and optimize replication speed of directory services. 

• Oversee Rights Management Services for administrators, users and groups.

• Perform tasks associated with application networking ports and protocols, Information Assurance (IA), routing and Local Area Network (LAN). 

• Perform integration with Public Key Infrastructure (PKI) certificates and network accounts to support two-factor authentication for all Active Directory (AD) domain account categories and eliminate the need for password-based authentication.

• Administer intrusion prevention. 

• Perform Backup (Disaster Recovery). Perform integration tasks using McAfee IPS and McAfee SIEM.

Basic Qualifications:

• Bachelor's Degree and a minimum of 10 years of relevant experience

• IASAE II certification

• Must possess Information Technology Infrastructure Library (ITIL) version 3 Foundation certification.

• Active DoD Secret Clearance

• Experience with Network Access Control (NAC) and network scanning tools including: Assured Compliance Assessment System (ACAS). Perform integration with standard Active Directory (AD) services plus the availability to use Windows Light Directory Access Portal (LDAP) services for network devices and appliances.

• Experience with Navy/Marine Corps, Defense Information Systems Agency (DISA) and Joint interoperability of network design, integration, and implementation.