Linux System Administrator

Title: Linux System Administrator
Location: Springfield, VA
*Clearance: *Active TS/SCI needed to apply *
Company Overview:
Cornerstone Defense is the Employer of Choice within the Intelligence, Defense, and Space communities of the U.S. Government. Realizing early on that our most prized assets are our employees, we continually focus our attention on improving the overall work/life experience they have supporting the mission. Our Team is pushed every day to use their industry leading knowledge to provide end-to-end solutions to combat our nation's toughest and most secure problems. If you are looking for a place to not only be professionally challenged, but encouraged and supported by a company that cares, don't look any further than Cornerstone Defense.

Benefits Overview :
Cornerstone Defense offers a very comprehensive benefits package including, but not limited to: Medical, Dental and Vision Plans * Generous PTO Policy * 401(k) * HSA and FSA options * Life and Disability Insurance * Tuition Reimbursement and Training * Perks at Work Discount Program * Referral Program * Leads Generation Program * CollegeAmerica 529 * Fitness Reimbursement Program * Travel Assistance * Norton Lifelock Benefit Solutions * Life Planning Financial & Legal Services *

Job Responsibilities:

• Correct messages that have failed message format validation for continued processing
• Troubleshoot and resolve connectivity issues with connected systems/applications
• Perform message system configuration and database modifications, Network Configuration changes, and security configuration or communications line security parameters based on government direction.
• Install, configure and test message application software releases and/or patches with existing connected systems.
• Coordinate and collaborate with the Application Service Provider (ASP)/Infrastructure Support Provider (ISP) on hardware, operating system, transport, or etc. issues that impact the M3 system functionality and availability.
• Manage and assist in the multimedia messaging software access and permissions to the system (Information Transport Service (ITS), Replacement External Message Handler (REMH), message operators, NGA Operations Center (NOC), Command and Control, Production System Operations Center (PSOC), Library of National Intelligence (LNI), NGA Cedalion, etc.).
• Manage and configure new communication lines to include functional testing with the distant end based on NGA government direction.
• Functional availability should be maintained at 99% (16 hours of approved downtime per month). This is based on the operational system and not just uptime on the multimedia messaging server.
• Provide support to all agents, real-time dissemination of incoming organizational record messages based on user-created profiles/agents, retrospective search of historical information and composition, coordination, and release of organizational record messages.
• Perform routine application preventive maintenance functions and database back-ups.
• Support all NGA and Non-NGA outages that impact the M3 servers.
• Provide assistance with security, certification and accreditation of the multimedia messaging systems
• Request, install and update certificates (servers) to ensure the servers are properly maintained and functional.
• Comply and support applicable Department of Defense (DoD) security policies as well as NGA Information Technology Risk Management initiatives.
• Support ongoing NGA cybersecurity initiatives. Cybersecurity is defined as codifying the M3 v.5 software updates.
• Respond to M3 system vulnerabilities per NGA's direction and prioritization.
• Provide Cybersecurity Support via the following tasks:
• Provide Cybersecurity Subject Matter expertise to provide support with the A&A security, certification and accreditation of the multimedia messaging systems.
• Comply and support applicable Department of Defense (DoD) security policies as well as NGA Information Technology Risk Management requirements.
• Support ongoing NGA cybersecurity initiatives and respond to system vulnerabilities per NGA's direction and prioritization.
• Provide expertise to support NGA's Risk Management and Cybersecurity efforts required to obtain an Authority To Operate (ATO) any new system. This includes adherence to the NGAM 8010.1 Information Systems (IS) Risk Management Framework (RMF) guide and Intelligence Community Directive (ISD) 503 in developing the Security Plan, Risk Assessment Report, Security Assessment Report and Plan of Actions and Milestones (POA&M), as well as compliance with NGA's Enterprise Security Services cybersecurity initiatives. Use industry leading tools and work with appropriate security stakeholders to implement continuous monitoring capabilities. This effort includes, but not limited to the list detailed below.
• Create an ICD-503 compliant system security plan in NGA's Xacta software by entering relevant information into, as well as subsequent proof of compliance (documentation and demonstration) with any assessed security controls.
• Create a system boundary diagram. Create the Ports, Protocols and Services matrix for all partners (IP address, and inbound/outbound/both).
• Create any needed Firewall Change Requests (FCRs) via NGA's Service+ portal.
• Support TEMs with NGA's Risk Management Team (Registration, SOT, Pre-CAST, CAST, SCA) to achieve an Authority To Operate (ATO).

Utilize ACAS vulnerability scanning via the NESSUS agent, evaluate and remediate, mitigate or patch vulnerabilities, utilizing NGA's Authorized Outage (AO)/Change Request process.

Investigate Quest Authentication Services (QAS) to "join" Active Directory, and, if feasible, install upon Government direction

Enable web-based logins with NGA's Active Directory utilizing the GEOAxis application.

Create the documentation of Personally Identifiable Information /Personal Health Information (PII/PHI) for additional security controls determination.

Enable End Point Security/ENS (evolution of Host Based Security System/HBSS) utilizing NGA's Enterprise.

Enable Carbon Black managed monitoring with NGA's Enterprise when applicable.

Enable NGA's Insider Threat monitoring via the Enterprise User Activity Monitoring (UAM) tool.

Collaborate with NGA's Disaster Recovery team in the creation of the system's Information System Contingency Plan (ISCP)

Aid NGA's Production Systems Operation Cell (PSOC) with installations of monitoring widgets/APIs for after hour monitoring.

Investigate Data at Rest Encryption, and, if feasible, install upon Government direction

Investigate utilizing NGA's SHIELD two factor authentication procedure to daily elevate privileged user access, and, if feasible, install upon Government direction

Investigate ArcSight (Enterprise auditing integration) service for insider threat detection and off system audit log reviews, and, if feasible, install upon Government direction