Privileged Access Systems Engineer - Senior
Description:
Empower AI is AI for government. Empower AI gives federal agency leaders the tools to elevate the potential of their workforce with a direct path for meaningful transformation. Headquartered in Reston, Va., Empower AI leverages three decades of experience solving complex challenges in Health, Defense, and Civilian missions. Our proven Empower AI Platform® provides a practical, sustainable path for clients to achieve transformation that is true to who they are, what they do, how they work, with the resources they have. The result is a government workforce that is exponentially more creative and productive. For more information, visit
Empower AI is proud to be recognized as a 2024 Military Friendly Employer by Viqtory, the publisher of G.I. Jobs. This designation reflects the company’s commitment to hiring and supporting active-duty and veteran employees.
Responsibilities
Empower AI: As a Privileged Access Systems Engineer, you will provide services in support of the Army Network Enterprise Technology Command (NETCOM) on the Army Department of Defense Information Network (DoDIN-A) Cybersecurity and Network Operations Mission Support (ADCNOMS) contract. A Privileged Access Workstation (PAW) includes security controls and policies that restrict local administrative access and productivity tools to minimize the attack surface to only what is absolutely required for performing sensitive administrative tasks. Privileged level access for workstations and servers will support AD theater administration of domain controllers, users, and applications. Privileged level access solutions for workstations and servers include items such as VDI, CyberArk PAM, and PAW/DAW.
Highlights of Responsibilities:
Complete new ASCL token requests required for access to PAW/DAW or similar solutions for privileged access.
Draft and maintain enterprise system documentation.
Conduct Change, Configuration, Release Management (CCRM) activities on a recurring basis.
Draft emerging technology or new capability fielding documentation.
Complete and upload into eMASS vulnerability scans using ACAS, and compliance scans (SCAP) to support RMF.
Develop artifacts including items such as documentation of system functionality, connectivity, data flows, PPSs, management concepts, security plan, and hardware/software configurations in support of system ATOs.
Update the eMASS POA&M for each capability.
Manage applicable system changes using both approved NETCOM document templates and the Configuration Management Data Base (CMDB).
Maintain standard baseline configuration within the ITEF.
Participate in technical information exchanges in various technical forums
Provide enterprise compliance analysis.
Provide and support data mining and data visualizations, including items such as dashboards, business intelligence, workflow diagrams, SharePoint Services sites, and customized queries and reports.
Test and identify system limitations and make recommended system improvements to optimize and enhance system functionality and performance
Support automated software delivery and configuration management of the computing environment.
Develop and release Cyber Tasking Order (CTO) POA&M mitigations that delineate the defense in depth measures taken to reduce the risk to the DoDIN-A infrastructure, data, and customers.
Develop system-specific technical key performance indicators (KPI) and analysis reports.
Draft enterprise system architectural diagrams.
Develop and maintain system diagrams, to include High Level Operational Concept Graphic (OV-1), Operational Resource Flow Description (OV-2), System Interface Description (SV-1), Systems Resource Flow Description (SV-2), or other required system interface diagrams.
As required support fielding activities.
Monitor capability incident queues, respond to > 95% of new incidents in accordance with minimum response times.
Generate monthly standardized reports of incident and problem management KPIs by capability.
Provide weekly in-depth discussions by capability on incident management performance utilizing Government provided dashboards
Provide Tier III support (break/fix) during normal duty hours and during call-back hours.
Coordinate and interface with the Global Cyber Center (GCC), Regional Cyber Centers (RCCs), Network Enterprise Centers (NECs), all echelons of the DoDIN-A and the Joint NetOps community, and product specialists to resolve incidents and problems.
Document all known errors, problems, and solutions discovered in the process of executing Tier-III break/fix operations.
Request and receive Government approval before escalating Tier-III incidents or problems to Tier-IV vendor support.
Draft technical guidance outlining step-by-step remediation procedures, targeted to a Tier-I/Tier-II user audience.
Qualifications
Minimum Requirements:
Secret Security Clearance
Microsoft Azure Virtual Desktop Specialty certification
Bachelor’s degree
7 – 12 years of experience
Advanced sustaining engineering in applications and technologies comprising the privileged access system.
Intermediate sustaining engineering with SIPRNET and NIPRNET engineering and network management, Active Directory, Virtualization and Remote Desktop Service.
Intermediate sustaining engineering in all aspects of network security and IP Security.
Basic knowledge of networking concepts, including common infrastructure, technologies, security, troubleshooting, and tools.
Basic knowledge of common operating systems, including Windows Desktop, Windows Server, or RedHat Linux.
Basic knowledge of virtualization technologies and software, such as VMWare or Hyper-V.
Basic knowledge of cloud technologies, such as Intune, Azure, and Amazon Cloud Services.
Intermediate knowledge in Microsoft Office tools, including Word, Excel, Outlook, Teams, and PowerPoint.
Intermediate knowledge in latest version of ITIL processes, with particular emphasis on Change, Release, and Configuration Management for enterprise systems.
Intermediate knowledge in latest version of ITIL processes, with particular emphasis on Incident and Problem Management for enterprise systems.
Intermediate experience providing direct technical support and troubleshooting to customers for complex IT-related issues.
Preferred Qualifications:
Microsoft 365 Certified: Endpoint Administrator Associate certification
DoD Cyber Workforce Framework (DCWF 632) Systems Developer Advanced qualified (FITSP-D or GCSA or GISF or SSCP) or equivalent certification
ITIL v4 Foundations certification
Physical Requirements:
Sitting for long periods
Standing for long periods
Ambulate throughout an office
Ambulate between several buildings
Stoop, kneel, crouch, or crawl as required
Travel by land or air transportation 10% or less
About Empower AI
All hiring and promotion decisions at Empower AI are based on merit to bring the best talent available to contribute to our firm’s overall success. It is the policy of Empower AI not to discriminate against any applicant for employment, or employee because of age, color, sex, disability, national origin, race, religion, or veteran status. Empower AI is a VEVRAA Federal Contractor.
Regular Full-Time