Security Defense Design Engineer

This is an eight-year, $7.7 billion contract that is responsible for maintaining and modernizing the main global network of the Navy and Marine Corps.

SMIT is the largest IT services program for the Navy. Under the Service Management, Integration, and Transport program the Leidos team will deliver the core backbone of the Navy-Marine Corps Intranet, including cybersecurity services, network operations, service desk, and data transport. Ultimately, Leidos will support the Navy in unifying its shore-based networks and data management to improve capability and service while also saving significant dollars by focusing efforts under one enterprise network.

Job Description
The selected candidate will work along with the Government Lead in the daily engineering duties on systems. Addition job duties and responsibilities include:

• Operate and manage all aspects of Information Systems, data availability, integrity, authentication, confidentiality, and non-repudiation. 

• Implement and monitor security measures for communication systems and networks while ensuring that systems and personnel adhere to established Government security requirements.

• Design, develop and execute security policies, plans, and procedures.

• Design and implement data network security measures.

• Operate Network Intrusion Detection and Forensics.

• Conduct performance analysis of Information Systems security incidents.

• Develop Continuity of Operations Plan (COOP) and Disaster Recovery (DR) plans and support certification of Information Systems and Networks.

• Operate and design Host Based Security System (HBSS), Intrusion Prevention Systems, Intrusion Detection Systems, other point of presence security tools, and related security operations.

• Perform integration with Public Key Infrastructure (PKI) certificates and network accounts to support two-factor authentication for all Active Directory (AD) domain account categories and eliminate the need for password-based authentication.

• Monitor and optimize replication speed of directory services.

• Design and implement the Enterprise Services portion of the Sensor Grid within the security infrastructure that collects intrusion, incident, and audit data from a collection of sources including but not limited to Content Monitoring products,

• Content Filtering products, HBSS for servers and hosts with the capability for packet capture, deep inspection, and customized signature capability.

• Design automated logging aggregation system that compresses, correlates, and provides 30 days of log data for analysis and audit from all sources.

• Design and integrate Computer Network Defense (CND) mechanisms, HBSS, and HBSS Device Control Modules at enterprise locations.

• Design Government provided components of HBSS to develop and maintain baseline.

• Conduct routine vulnerability scans. Design and implement anti-virus, scans, automation, and updates of servers/hosts. 

• Assist with the development and integration of identity and access management requirements.

• Provide security updates in accordance with Government procedures for directory services.

• Design and Operate configuration and integration and ePolicy Orchestrator (ePO) Servers.

• Execute antivirus product integration, configuration and Intrusion prevention, Endpoint encryption, and Data Loss Prevention (DLP).

• Design tasks associated with application networking ports and protocols, Information Assurance (IA), routing and Local Area Network (LAN).

• Perform standard Active Directory services plus the availability to use Windows Light Directory Access Portal (LDAP) services for network devices and appliances.

Basic Qualifications:

• Bachelor's Degree and a minimum of 10 years of relevant experience

• IASAE II certification

• Must possess Information Technology Infrastructure Library (ITIL) version 3 Foundation certification.

• Active DoD Secret Clearance

• Experience with Navy/Marine Corps, Defense Information System Agency (DISA) and Joint interoperability of network design, integration and implementation.