JCIP Senior Infrastructure Virtualization & Storage Technical Reviewer

Pueo is known for bringing the best talent and unique tools to every opportunity. Pueo's Parliament (aka workforce) is composed of professionals who are seeking the opportunity to work in a small business with a flat organization that thrives on career development and independence. In support of mission and professional growth, our Parliament has supported the development of multiple patents, proprietary tools, and applications as well as trademarked processes.

Our flat organization emphasizes career development across multiple career environments (at the members own pace) and ensures those who contribute broadly are properly rewarded. Pueo has four career environments where every member of the parliament can participate. Each environment has opportunities available for all levels. Opportunities are framed by an employee's desires and capabilities, and we ensure challenges, growth, and unique experiences are available for employees at all levels.

Our Career Environments (Program, Functional, Service, and Leadership) provide numerous opportunities for employees to invest in their personal growth and those things that offer fulfillment. We invest in helping our members create and execute their career development plans. Our Pods (small teams of 5 or less) are comprised of personnel with similar skillsets to ensure mentorship, understanding, and peer support.

Role: Pueo has an opportunity for an experienced TS/SCI cleared Computer Network Defense (CND) Technical Reviewer to join our team in Reston, VA. The Computer Network Defense (CND) Technical Reviewer is responsible to exercise technical support as a Reviewer during an inspection conducted within the Intelligence Community Integrated Environment (IC IE). This requires a Reviewer to be an expert in their technical area or multiple areas, to remain agile, and diligent in support of a groundbreaking effort to secure and modernize the JWICS environment.

** This is an on-site role**

**Must be willing to travel up to 30%, including local travel within the National Capital Region (NCR) of Northern Virginia, Maryland, and Washington, DC. **

Responsibilities:

JCIP Reviewers are integral to conducting inspections of environments across the Intelligence Community (IC). They are responsible for:

• Interacting with leadership and site technical staff in advance of conducting inspections to facilitate scoping, data to support security controls assessment input, and execution of operational inspection plans
• Responsible for interviewing organizational subject matter experts in conducting STIG, SRG, and IC policy checklists
• Collect data in support of reviewing a comprehensive Threat Informed Critical Controls List (TICCL), provide written input on review of required security controls, potential vulnerability exploitation, and how MITRE ATT&CK© techniques are plausibly successful based on organizational weaknesses. Ensure inputs link back to security controls
• Participating in the planning, execution, and reporting of security audits and network vulnerability assessments with minimal supervision
• Assisting in preparation of assessment deliverables -Security Risk Assessments input, compliance data, STIG data, etc.
• Communicating on impact of vulnerabilities verbally, through presentations and written deliverables
• Plan, execute, and report on information technology, privacy, and operational reviews to identify mission, privacy, security, compliance, information technology, and regulatory risks
• Familiar with a variety of cybersecurity concepts, practices, and procedures. Relies on extensive experience and judgment to plan and accomplish goals

The Computer Network Defense (CND) Reviewer is responsible for conducting a review of an organization's cybersecurity services and completing checklists to ensure an organization is meeting IC policy requirements. These cybersecurity services include the Cybersecurity Framework Functions of Identify, Protect, Detect, Respond, and Recover. The IC policy checklists are for ICS 502-01, IC CIO 2018-124 Technical Implementation Guide (TIG), CNSS Directive 504, and others will be added over time. The tools evaluated will vary, but the minimum tools expected are ArcSight, Splunk, McAfee Host Base Security, Tanium, and ACAS. This includes the following during an inspection:

• Coordination with multiple organizations and the reviewer staff
• Consolidating reports on an organization's enterprise
• Validating tools are configured to provide the full scope of data able to be captured (i.e., Splunk forwarding, and indexing provide data to UAM tools)
• Conducting interviews and tabletop exercises
• Developing and creating exercises based on specific vulnerabilities and likely scenarios
• Completing and developing checklists
• Verifying IDS/IPS rules implementation
• Providing input to written reports on compliance and associated risks
• Validating specific events (i.e., malware detection alerts) for use in polling other security systems to ensure events are captured
• Coordination with the purple team and cyber threat emulation activities
• Advanced writing skills; experience in coordinating multiple viewpoints into a cohesive document
• Knowledge of audit/log record retention practices
• Attention to detail is an imperative skill for success
• Experience with DoD STIGs and STIG Viewer tool
• Ability to work independently

Education: Bachelor's degree from an accredited institute in an area applicable to the position in Cybersecurity, Computer Science, Software Engineering, Systems Engineering, Information Systems, or a related technical discipline; an additional four (4) years of relevant experience may be substituted in lieu of a degree.

Certifications: Certification in DoD 8570.01-M Cybersecurity workforce, compliance with DoD Directive 8140 Cyberspace Workforce Management, and IAT Level III. CSSP Auditor preferred.

Skills: Strong independent work ethic (auditor mentality), exceptional oral and written communication skills, and the ability to work unsupervised.

Preferred Qualifications

Technical Proficiency: Minimum 5 years of experience as a SOC/CND/CSSP senior analyst or consultant.

Advanced Skills: Experience working in a DoD or Intelligence Community Environment desired.

Interdivision Collaboration: Demonstrated ability to operate across departments to implement cybersecurity principles effectively.

Multitasking and Time Management: Capable of multitasking with efficient time management and possessing a comprehensive understanding of cyber threats, vulnerabilities, and network security methodologies.

Pueo is an equal employment opportunity employer and affirmative action employer. All interested individuals will receive consideration and will not be discriminated against on the basis of race, color, religion, sex, national origin, disability, age, sexual orientation, gender identity, genetic information, or protected veteran status. Pueo takes affirmative action in support of its policy to advance diversity and inclusion of individuals who are minorities, women, protected veterans, and individuals with disabilities.