3835 - HBSS Engineer

OVERVIEW:

Technical Reviewers play a pivotal role in evaluating the cybersecurity posture of enterprise environments across the Intelligence Community (IC). They conduct comprehensive technical assessments and perform detailed analysis of vulnerability scans to ensure compliance with Intelligence Community Directives (ICDs), IC Technical Implementation Guides (TIGs), Security Technical Implementation Guides (STIGs), Security Requirement Guides (SRGs), and NIST 800-53 rev 5 security controls.

GENERAL DUTIES:

• Conduct thorough technical assessments and manual audits of host-based security controls across enterprise endpoints, servers, and workstations within Intelligence Community (IC) environments.
• Analyze system configurations, host-based firewalls, endpoint detection and response (EDR) tools, antivirus/antimalware solutions, and application whitelisting to ensure compliance with IC Directives and STIG requirements.
• Evaluate compliance with IC Technical Implementation Guides (TIGs), Security Technical Implementation Guides (STIGs), Security Requirement Guides (SRGs), and applicable NIST 800-53 Rev 5 controls relevant to host-based security.
• Independently perform manual checklist reviews of host security settings and controls; identify vulnerabilities, risks, and recommend mitigations.
• Engage with system administrators, endpoint security teams, and leadership to clarify findings, provide risk assessments, and coordinate remediation efforts.
• Lead and mentor Level 1 IDRs in host-based security tasks and inspections.
• Stay current on emerging host security threats, vulnerabilities, and mitigation strategies including zero-day exploits, advanced persistent threats (APTs), and endpoint hardening techniques.
• Participate in planning, execution, and reporting phases of inspections with minimal oversight; prepare clear and concise technical reports and presentations.
• Travel as necessary to support onsite inspections at IC facilities. (8-12 weeks of travel avg, some international and passport required).

REQUIRED QUALIFICATIONS:

• Possess a master's degree, with 8+ years of total experience/equivalent certifications. Master's degree may be substituted with a bachelor's degree and 5+ years of additional experience/equivalent certifications, for a total of 13+ years.
• Knowledge:
  • Deep understanding of endpoint security technologies including EDR, antivirus, host-based firewalls, application whitelisting, and system hardening best practices.
  • Familiarity with common host OS platforms (Windows, UNIX/Linux) and their security architectures.
  • Proficient in interpreting and applying STIGs, SRGs, and NIST 800-53/800-171 controls related to host security.
  • Awareness of host-based attack vectors such as privilege escalation, malware persistence, and lateral movement techniques.
• Skills:
  • Strong analytical skills to assess host configurations, detect security gaps, and evaluate risks.
  • Excellent communication skills for briefing technical and leadership audiences on findings and recommendations.
  • Ability to lead inspections and mentor junior personnel.
  • Capable of working both independently and collaboratively within multidisciplinary teams.

• Abilities:
  • Lead host-based security inspection initiatives, including risk analysis and reporting.
  • Translate technical findings into actionable security controls and risk mitigation strategies.
  • Adapt to evolving cybersecurity threats and emerging technologies in endpoint security.
  • Efficiently manage time and tasks during inspection cycles.

• Certifications:
  • Obtain an IAT-III or Maintain IAT Level III Certification in compliance with DoD 8570.01-M and DoD Directive 8140 Cyberspace Workforce Management.
  • CASP+ CE
  • CCNP Security
  • CISA
  • CISSP (or Associate)
  • GCED
  • GCIH
  • CCSP

CLEARANCE:

• Top Secret minimum