We are currently looking for an expert Information Security Analyst. Support the AFIN enterprise architecture which consists of a diverse interconnected set of Local Area Network (LAN)/Wide Area Network (WAN) topologies spanning AF gateways, AF base boundaries, AF base networks, AF data centers, and private enclaves. These topologies include hardware and software that must be monitored against state and non-state adversary exploitation. Network operators must be provided with decision quality real-time Situational Awareness (SA) 24/7/365. SA requires an operationally relevant picture of the battle space that portrays the status and disposition of AF networks and the interconnections with other supporting networks. In early 2012 the SA Modernization Program (SAMP) accomplished its goals to consolidate and modernize the hardware and software of the previously deployed eight (8) Major Commands SA systems into a single enterprise SA system. This product improved reliability, and enhanced technical performance and operational effectiveness to the Integrated Network Operations Squadrons (NOS’s) responsible for ensuring the health and status of the AFIN.
Support SAMP which consists of two (2) major integrated Commercial of the Shelf (COTS) products which include: Various modules from the IBM Tivoli suite and NetIQ Application Manager modules. A third operationally deployed COTS product (Solarwinds) is currently providing SA capability as well. The Tivoli suite is the current Enterprise Manager of Managers (EMoM) and provides a consolidated enterprise-wide presentation layer to the 624 OC which includes alert and event data collected from the NOS’s and lower tier Network Control Centers (NCC’s). The EMoM is deployed at two Tier II locations; 561 (NOS) (Peterson AFB, CO), and the 83 NOS (Langley AFB, VA). It is also deployed at the Tier I location (624 OC, JBSA Lackland AFB). NetIQ AppManager is installed at Tier III bases and Hickam AFB, HI, and Ramstein AB, Germany. A Solarwinds to EMoM interface is operational between the 299th NOSS, McConnell AFB, KS and the 624 OC, JBSA Lackland AFB, TX. Support ACAS which is a COTS toolset comprised of Tenable Network’s Security Center manager and the Tenable Nessus vulnerability scanner. ACAS is the replacement for Defense Information Systems Agency (DISA)’s Secure Configuration Compliance Validation Initiative, comprised of eEye Digital Security’s Remote Enterprise Manager and the eEye Retina vulnerability scanner. Air Force implementation of ACAS is being managed by the AFNet Vulnerability Management PMO, at Hanscom AFB, MA. The ACAS tool suite will support the following user groups:• IA/Computer Network Defense (CND) Operators (Tier I-Tier III)
• Audit and Inspector General Personnel IA/CND operators include Tier I IA/CND, NetOps and policy development personnel, Tier II CND Service Providers and Tier III system and network operators. The PMO has organically deployed Nessus scanners to over 200 ADAF, AFR, and ANG locations worldwide. The PMO uses remote or “satellite” servers located at each of the I-NOSCs to manage and apply updates to the Nessus scanners. These satellite servers run on a version of the Red Hat Enterprise Linux Smart Manager. For the purposes of this PWS, the satellite servers shall be considered to be part of the overall ACAS system.
“*LPIC-2 or equivalent
*Experience in managing, implementing and administering Tenable/NESSUS
*Security+ and/or CISSP or equivalent
*Knowledge of data communications, local-area networking, wide-area networking, routers, and switches
*Thorough understanding of IP routing, switching and the OSI model”