Cybersecurity System Administrator

Primary Responsibilities:

System Administration Duties

• Install, configure, upgrade, and maintain enterprise systems including:
  • Windows Server 2019/2022, Windows 10, RHEL 7/8
  • VMware ESXi / vSAN infrastructure
  • Web browsers, Adobe Acrobat, and other desktop applications
• Manage virtual machines and storage in a VMware vSAN environment.
• Administer Microsoft SCCM, WSUS, Active Directory (AD), Group Policy (GPO), and perform system patching and image deployment.
• Integrate and maintain vendor systems and third-party applications within a Windows ecosystem.
• Operate and manage jump (bastion) hosts for network segregation and secure remote access.
• Coordinate with development and support teams to test system hardware/software and optimize performance.
• Provide Tier 1–3 support, troubleshoot incidents, and maintain operational resilience via regular backups and recovery plans.
• Load PKI certificates and maintain change management documentation and incident logs.

Cybersecurity Operations

• Serve as the Information System Security Manager (ISSM) for all assigned systems.
• Monitor networks for real-time threat indicators; investigate and respond to security events.
• Implement and operate cybersecurity tools such as ACAS, NESSUS, SCAP, and STIG Checklists.
• Conduct and remediate vulnerability scans; follow DISA STIGs and IAVA compliance.
• Manage POA&Ms, deviation lists, and ensure systems maintain Authority to Operate (ATO).
• Provide FRCS cybersecurity engineering support and continuous monitoring in accordance with DoD and Army standards.
• Perform penetration testing, threat analysis, and security risk assessments in lab/test environments.
• Collaborate with stakeholders to improve system hardening, respond to ICS-CERT alerts, and mitigate CAT 1/2/3 vulnerabilities.

Compliance & Documentation:

• Maintain up-to-date security artifacts, plans, and policies as required under RMF, NIST SP 800-series, FISMA, and FedRAMP.
• Load documentation and scan data into the A&A Asset Manager.
• Facilitate FISMA-required annual reviews (e.g., Contingency Plans, Security Controls).
• Support system reauthorization activities, including 5-day on-site assessments if required.
• Educate end users on security best practices and threat awareness.

Work Conditions & Travel:

• Primarily on-site; periodic travel may be required for assessments or installations.
• Participation in on-site assessments up to 5 days in duration.
• Occasional after-hours support for mission-critical operations.

Position Responsibilities:

• • Conduct ICS/SCADA system inventories following guidance including, but not limited to U.S. Army ICS Inventory Methodology and Unified Facilities Criteria (UFC) 4-010-06, Cybersecurity of Facility-Related Control Systems.
  • Assist in the development and verification of documentation necessary to complete the DoD RMF assessment and authorization process.
  • Implement Implementation of DoD Security Technical Implementation Guides (STIGs) on traditional Information Technology (IT) and Operational Technology (OT) systems.
  • Conduct vulnerability scanning and document system vulnerabilities.
  • Work in a team environment alongside other cybersecurity engineers and Risk Management Framework (RMF) analysts.

Qualifications:Required Education & Experience:

• Active TS/SCI w/ polygraph clearance is required.

• 3+ Years of Experience with a Master's Degree in Information Technology, Risk Management, Cybersecurity
• 5+ Years of Experience with a Bachelor's Degree in Information Technology, Risk Management, Cybersecurity
• 8+ Years of Experience with an Associate's Degree in Information Technology, Risk Management, Cybersecurity
• 11+ Years with a High School Diploma
• Ability to process and operate application software, to include word-processing, spreadsheets and databases.
• Must meet the Department of Defense Directive (DoDD) 8570.01 “Information Assurance Training, Certification, and Workforce Management” and DoD 8570-M “Information Assurance Workforce Improvement Program” requirements for IAM (Information Assurance Manager) Level 2, IAT (Information Assurance Technical) Level 2, OR IASAE (Information Assurance System Architect and Engineer) Level 2.
• Documented training in the following areas: network infrastructure (Cisco), Microsoft Windows.
• Experience working on government and/commercial projects implementing cybersecurity requirements in a variety of industrial control systems (e.g., building management, electronic security, fire alarm/mass notification, electrical distribution, power management, etc.).

Minimum Requirements:

• DoD 8140 IAT Level II certification (e.g., Security+ CE, CCNA Security, CySA+).
• TS/SCI clearance is required.
• 5+ years of experience in DoD RMF cybersecurity and system administration.
• Experience with IA tools and processes: STIGs, Nessus, SCAP, ACAS, vulnerability management.
• Demonstrated knowledge of:
  • Windows Server/Client, RHEL, VMware
  • Cybersecurity frameworks: RMF, NIST SP 800-53, FISMA
  • Security monitoring, firewall, and encryption toolsets.
• 3+ Years of Experience with a Master's Degree in Information Technology, Risk Management, Cybersecurity
• 5+ Years of Experience with a Bachelor's Degree in Information Technology, Risk Management, Cybersecurity
• 8+ Years of Experience with an Associate's Degree in Information Technology, Risk Management, Cybersecurity
• 11+ Years with a High School Diploma

Preferred:

• Bachelor’s degree in Computer Science, Information Systems, or related technical field.
• Familiarity with federal cybersecurity policy, FRCS/ICS security operations, and DoD IA compliance.

Additional Preferred Qualifications:

• 5+ years of experience working with industry and government agencies on the design of ICS platforms and integrated ICS systems
• Strongly preferred: Meet the Department of Defense Directive (DoDD) 8570.01 “Information Assurance Training, Certification, and Workforce Management” and DoD 8570-M “Information Assurance Workforce Improvement Program” requirements for IAM (Information Assurance Manager) Level 3, IAT (Information Assurance Technical) Level 3, OR IASAE (Information Assurance System Architect and Engineer) Level 3
• Familiarity with various industry ICS products
• Experience implementing a variety of security assessment tools
• Implementation of DoD Security Technical Implementation Guides (STIGs)
• Security Readiness Review (SRR) Tools (scripts and OVAL Benchmarks, ACAS, Wireshark)
• Excellent understanding of the DoD RMF lifecycle and NIST 800-53 controls implementation
• Strong written and verbal communication skills Ability to coordinate with and support multiple team members, vendors, and government customers
• Ability to identify, maintain, and troubleshoot HMI components
• Ability to identify, maintain, and troubleshoot control network components
• Ability to interpret drawings both mechanical and electrical
• Ability to identify, maintain, and utilize SCADA systems and KPI's
• Ability to train others with lesser skills
• Ability to access all levels and areas of the facility
• Working knowledge of EMS/SCADA or other operational control systems.
• Knowledge of SCADA protocols like Modbus, IEC 60870-5-101 or 104, IEC 61850 and DNP3 and other major SCADA protocols
• Awareness of NIST Special Publication 800-82, Guide to Industrial Control Systems (ICS) Security and UFC 4-010-06 Unified Facilities Criteria (UFC) Cybersecurity of Facility
• Awareness of DoD Risk Management Framework (RMF) process.
• Possession of excellent customer service and organization skills.
• Possession of excellent oral and written communication skills.

Preferred Certifications:

• 
  Certified Information Systems Security Professional (CISSP)
• Certified Ethical Hacker (CEH)
• Certified SCADA Security Architect (CSSA) Related Control Systems.

Abilities:

• Exposure to computer screens for an extended period of time.
• Sitting for extended periods of time.
• Reach by extending hands or arms in any direction.
• Have finger dexterity in order to manipulate objects with fingers rather than whole hands or arms, for example, using a keyboard.
• Listen to and understand information and ideas presented through spoken words and sentences.
• Communicate information and ideas in speaking so others will understand.
• Read and understand information and ideas presented in writing.
• Apply general rules to specific problems to produce answers that make sense.
• Identify and understand the speech of another person.