Network Engineering and Operation Lead

at  DMI

About DMI:
DMI is a leading global provider of digital services working at the intersection of public and private sectors. With broad capabilities across IT managed services, cybersecurity, cloud migration and application development, DMI provides on-site and remote support to clients within governments, healthcare, financial services, transportation, manufacturing, and other critical infrastructure sectors. DMI has grown to over 2,100+ employees globally and has been continually recognized as a Top Workplace in both regional and national categories.
About the Opportunity:
DMI, LLC is seeking a Network Engineering and Operation Lead to join us.

• Manage, deploy, and administrate all cybersecurity tools to include but not limited to Continuous Diagnostics and Mitigation (CDM), Zero Trust, Identity-Credential-Access Management (ICAM), Endpoint Detection and Response (EDR), Data Loss Prevention, Vulnerability Management & Scanning, Enterprise Logging, SIEM/SOAR, and Cloud Security technologies;
• Coordinate with System Owners and ISSOs to log all required operation, security, network, and applications logs as defined by federal requirements;
• Ensure security and privacy considerations and requirements are embedded in all relevant phases and aspects of the SDLC lifecycle. The SDLC consists of, but may not be limited to, threat modeling, requirements, design, development, integration, testing (unit, integration, functional, regression, and security), deployment, operations & maintenance (O&M), and configuration management (CM);
• Responsible for the design, development, integration, testing, implementation, deployment and operations & maintenance of tools for the automation of security testing in support of Assessment and Authorization (A&A);
• Define and automate security test methodologies for systems to ensure all security controls are properly tested;

o Test methodologies may consist of automated tools and manual test procedures.

• Design, develop, integrate, and support custom Artificial Intelligence (AI) and Machines Learning (ML) into cybersecurity program;
• Coordination with all stakeholders is required to ensure the security test methodology is in accordance with tile appropriate policy, standards, guidance, and best security practice;
• Design and implementation support of network services in a TIC 3.0 environment, support agency in transitioning from TIC 2.2 based services with a focus on cloud native solutions
• Provide Security Engineering expertise, on an as needed basis, to support to the Security Control Assessments (SCAs);
• Perform an expert assessment and provide recommendations of access control systems and methodology, application and file security, security practices, intrusion detection and prevention, logical and physical security, and interfaces, servers (enterprise, distributed, network), public key infrastructure, network architecture, and virtual private networks;
• Support system design reviews for systems incorporating security requirements, support the design and development of a DevSecOps and secure Enterprise Data Lake capabilities, evaluate system integration strategies with respect to security impacts, and recommendation of design approaches to address system vulnerabilities. This effort shall cover the security of applications and systems from test environment to operational environment, for both systems and networks;
• Perform full scope of system administration, configuration, patching, upgrades, and optimization of cybersecurity tools, devices, application and sensors;
• Build and integrate cybersecurity components, such as static and dynamic code scanning, within the CI/CD Pipelines and software development platforms
• Implement increased standardization for security across the enterprise;
• Provide security-engineering services for securing private and public Cloud architectures and Cloud applications as a service;
• Leverage cloud solutions, as necessary, utilizing a Cloud Service Provider (CSP) with an existing FedRAMP Joint Authorization Board (JAB) Provisional Authorization to Operate (ATO) or Agency ATO at all service models to include Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS);
• Support intelligent automatic assignment of STIGs or security checklists using assigned meta data and Common Platform Enumeration (CPE) information;
• Support integration of automated tools and data formats to expedite accurate assessments by importing common Federal and industry standards, mapping and de-conflicting rules between automated scans and supporting future integration of changing standards (and backwards compatibility).
• Conduct security analysis of reference models, segment and solution architectures, and the resulting systems supporting missions and business processes;
• Provides expert recommendations in support of ‘Analysis of Alternatives’ (AoA) to inform agency technology roadmap;
• Develop, implement, and execute threat modeling as a part of continuous monitoring strategy
• Designs enterprise and systems security throughout the SDLC; translates technology and law and regulation into security designs and processes;
• Capture and develop security requirements based on information system architecture, operational environments, and type of technology;
• Assist in the development and maintenance of cybersecurity policies, standards, specification, and handbooks;
• Collaborate with the Chief Technology Office to research, recommend, promote, advertise, and revise cybersecurity standards for computing systems, cloud, networking, applications, and data management;
• Develop, solicit, and incorporate stakeholder feedback as required by the appropriate governance process;
• Maintain Enterprise Secure Configuration Benchmarks and Enterprise Secure Configuration Baselines to the latest version of the industry benchmark for the requested platforms;
• Create enterprise benchmarks for technologies utilized within the enterprise by utilizing approved hardening standards (Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIG), Center for Internet Security (CIS) Benchmark);
• Provide architectural support for NIST 800-207, WHEO-14028 and M-22-09, to include, but not limited to support of all enterprise efforts
• Develop and maintain IT Enterprise Cybersecurity Architecture;
• Identify opportunities for leveraging standards and cybersecurity architecture in support of the Enterprise IT Architecture;
• Recommend requirements and integration design of enterprise technologies in the environment;
• Maintain awareness of other federal agency posture and efforts and communicates with federal stakeholders to leverage inter- and intra-agency knowledge, lessons learned and resources regarding platform specific security and compliance information;
• Maintain awareness of the next generation technologies requiring advanced cybersecurity controls and implementation strategies;
• Track and support the governance of common commercial off-the-shelf application and operating system lifecycles;
• Prepare documentation on Security Architect Report consisting of SOP, Trend Analysis, Status, Metrics Report, CONOPS, Charters, and other requested documentation as identified in Section Deliverables.
• Perform design reviews for new technologies and services for customers. New technologies may include, but are not limited to, Cloud technologies, micro-services, micro-segmentation, DevSecOps, Hardware, Operating System, Web technologies, SQL Databases and Big Data/NoSQL databases;
• Develop and maintain network architecture diagram highlighting the layers of protection/technologies in place to detect and analyze incidents and security events.

Qualifications:
Required and Desired Skills/Certifications: The ideal candidate has experience implementing, supporting, and growing enterprise class network solutions in a highly available environment. Proven expertise in providing high quality technical solutions to a wide range of challenges with a focus on redundant layer 3 services, secure WAN solutions and the ability to work in a variety of environments including VMWare enterprise networked systems and all major cloud service provider environments
Skills: Project lead and management experience, demonstrable history of leading successful deployments of enterprise class solutions, skilled at producing technical documents and engineering diagrams, strong written and verbal skills, team focused, deep knowledge of enterprise class network technologies including proven success managing all aspects of a large multi-site layer 3 network using BGP and EIGRP, experience with next generation Virtual Private Network technologies like GETVPN, DMVPN and others, significant experience working with VMWare NSX as well as operational support and design experience within Microsoft Azure or and equivalent cloud service provider’s network environments
Certifications:AZ-900: Microsoft Azure Fundamentals, AZ-700 Designing and Implementing Azure Networking, Cisco Certified Network Associate (CCNA), Cisco Certified Network Professional (CCNP)
Min Citizenship Status Required: Must ba a US Citizen
Physical Requirements: No Physical requirement needed for this position.
Location: Remote, but travel is required