Overview:

Quantum Research International, Inc. (Quantum) is a certified DoD Contractor providing services and products to US/Allied governments and industry in the following main areas: (1) Cybersecurity, High Performance Computing Systems, Cloud Services and Systems; (2) Space and Ground Support Systems; (3) Aviation Systems; (4) Missile Systems; (5) Artificial Intelligence/ Machine Learning Systems and Experimentation/Training; and (6) Audio Visual Systems and Services. Quantum's Corporate Office is in Huntsville, AL, but Quantum actively hires for positions nationwide and internationally. We pride ourselves on providing high quality support to the U.S. Government and our Nation's Warfighters. In addition to our corporate office, we have physical locations in Aberdeen; MD; Colorado Springs, CO; Orlando, FL; Crestview, FL; and Tupelo, MS.

Mission:

As a member of the DEFENDER Cross Domain Governance team, the contractor supports the Cross Domain Support Office (CDSO) which governs delivery of cross domain capabilities at mission speed, defends NGA's classified networks, enables federated cross domain services, and develops cross domain expertise throughout NGA. The Contractor shall support the development and maintenance of a Government approved NGA Cross Domain Strategic Plan that includes an Enterprise Cross Domain Service (ECDS) Provider Roadmap, NGA Cross Domain Consolidation Plan, and CDSO Communications Plan. The Contractor shall support the development, maintenance, and implementation of a Government approved Cross Domain Support Office Governance Concept of Operations (CONOPS) with a common, reusable framework for governing all Cross Domain systems in NGA, to include, but not limited to: Standardized Rule Sets for Cross Domain Data Flows and a Cross Domain Filter Policy Catalog and Repository. The contractor helps to analyze and develop the integration, testing, operations, and maintenance of systems security support to NGA IT systems. The Contractor shall perform architectural and engineering analyses of existing and proposed Cross Domain requirements and systems to determine their feasibility, impacts to the NGA risk posture, benefits to the NGA mission, and adherence to NGA's ECDS Provider Roadmap and NGA Cross Domain Consolidation Plan. This position is available immediately and supports the National Geospatial-Intelligence Agency (NGA) offsite in a contractor facility in the National Capitol Region (NCR) near NGA headquarters in Springfield, VA.

Responsibilities:

The ideal candidate will support the CDSO integrate and implement Cross-Domain Solutions (CDS) in a secure environment and implement security measures to resolve vulnerabilities, mitigate risks, and recommend security changes to system or system components. The contractor helps mitigate/correct security deficiencies identified during security/certification testing and/or recommend risk acceptance for the appropriate senior leader or authorized representative. The contractor also performs security reviews, identifies gaps in security architecture, and develops a security risk management plan.

Specific responsibilities include:

• Ensure all systems security operations and maintenance activities are properly documented and updated as necessary.
• Ensure that cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level.
• Apply security policies to applications that interface with one another, such as Business-to-Business (B2B) applications to meet security objectives of the system.
• Ensure that the application of security patches for commercial products integrated into system design meet the timelines dictated by the management authority for the intended operational environment.
• Integrate automated capabilities for updating or patching system software where practical and develop processes and procedures for manual updating and patching of system software based on current and projected patch timeline requirements for the operational environment of the system.
• Perform cybersecurity testing of developed applications and/or systems and properly document all systems security implementation, operations, and maintenance activities and update as necessary.
• Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).
• Assess all the configuration management (change configuration/release management) processes.
• Develop procedures and test fail-over for system operations transfer to an alternate site based on system availability requirements.

Requirements:

• Bachelor's degree desired in an accredited Computer Science, Cybersecurity, Information Technology, Software Engineering, Information Systems, or Computer Engineering; or a degree in a Mathematics or Engineering field..In lieu of degree, CISSP-ISSEP or GSNA may be accepted
• Knowledge of computer networking concepts and protocols, network security methodologies, and risk management processes (e.g., methods for assessing and mitigating risk).
• Experience with laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
• Expertise with assessing the impact of cyber threats and vulnerabilities and the potential impacts of cybersecurity lapses.
• Expertise with computer algorithms, encryption algorithms, cryptography and cryptographic key management concepts, database systems, and human-computer interaction principles.
• Knowledge of mathematics (e.g., logarithms, trigonometry, linear algebra, calculus, statistics, and operational analysis).
• Experience with network access, identity, and access management (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML), operating systems, and how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
• Knowledge of parallel and distributed computing concepts, security system design tools, methods, and Techniques, and software engineering.
• Experience with network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
• Knowledge of security models (e.g., Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model).
• Understanding of how to develop and apply user credential management and implement enterprise key escrow systems to support data-at-rest encryption.
• TS/SCI eligible, subject to CI Polygraph.
• IAT, IAM, or IASAE Level 3

Desired/Preferred Skills

• Design the integration of hardware and software solutions.
• Determine how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
• Develop and apply security system access controls and evaluate the adequacy of security designs.
• Write code in a currently supported programming language (e.g., Java, C++).
• Assess security controls based on cybersecurity principles and tenets. (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.).
• Recognize vulnerabilities in security systems. (e.g., vulnerability and compliance scanning).
• Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.

Equal Opportunity Employer/Affirmative Action Employer M/F/D/V:

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability, veteran status, genetic information, sexual orientation, gender identity, or any other characteristic protected by law. *Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.