Author name: Bruce

DISA has approved the Draft DoD Secure Cloud Computing Architecture (SCCA) Functional Requirements (FR)  for public release. The SCCA Functional Requirements are released in Draft to solicit comments from industry and DoD Components. A comment matrix is provided in the zipped package. The SCCA FR .zip package is available on IASE at: http://iase.disa.mil/cloud_security/Pages/index.aspx Submit all comment matrices and questions to disa.meade.sd.mbx.scca@mail.mil

DISA has released the following IAVM packages: http://iase.disa.mil/stigs/Pages/iavm.aspx AIX 6.1 Ver 1, Rel 20 Apple OS 10.10 Workstation Ver 1, Rel 9 Apple OS 10.8 Workstation Ver 1, Rel 13 Apple OS 10.9 Workstation Ver 1, Rel 10 BlackBerry 10 OS Ver 1, Rel 11 Cisco IOS Ver 1, Rel 11 HP-UX 11.31 Ver 1, Rel 20 MAC OS X 10.6 Ver 1, Rel 20 Oracle Linux 5 Ver 1, Rel 13 Oracle Linux 6 Ver 1, Rel 13 RHEL 5 Ver 1, Rel 20 RHEL 6 Ver 1, Rel 18 Solaris 10 SPARC Ver 1, Rel 20 Solaris 10 x86 Ver 1, Rel 20 Solaris 11 SPARC Ver 1, Rel 13 Solaris 11 x86 Ver 1, Rel 13 Windows 7 Ver 1, Rel 18 Windows 8 and 8-1 Ver 1, Rel 18 Windows 2008 R2 Ver 1, Rel 18 Windows 2008 Ver 1, Rel 18 Windows 10 Ver 1, Rel 4 Windows 2012 and 2012 R2 Ver 1, Rel 16 Windows Vista Ver 1, Rel 18 zOS Ver 6, Rel 26 For all STIG related questions, please contact the DISA STIG Customer Support Desk:disa.stig_spt@mail.mil

Space and Naval Warfare Systems Command (SPAWAR) is conducting a Customer Satisfaction Survey on the SCAP Compliance Checker (SCC) application.  SPAWAR has contracted with ITG Inc., an independent third-party firm, to administer this Customer Satisfaction Survey using the SPAWAR-approved survey tool “SurveyMonkey.”  The survey will be hosted on the SurveyMonkey server, and accessed via the URL link provided below. Please take a few minutes of your time to give us your feedback.  Your response would be greatly appreciated.  Feel free to forward this email to any other SCC end user. The survey will be available from Tuesday, April 5th, through Friday, April 22, 2016. Below is the link to complete the brief survey: https://www.surveymonkey.com/r/SCAPComplianceCheckerFY16 For all STIG related questions, please contact the DISA STIG Customer Support Desk:disa.stig_spt@mail.mil

Agency:                                DLI (Defense Language Institute)  Position:                              Cyber security / Information Assurance Analyst Duration:                             Full Time Location-                             Monterey, CAJob Description: Security+CE certification Must! Duties may include: •             Support an Information Systems Security, Education, Training, and Awareness Program. •             support implementation and enforcement of Information Security Policies and Procedures. •             Review and update all Information Systems Security Plans/SSPs and support certification and accreditation efforts. •             Provide technical support in the areas of vulnerability assessment, risk assessment, and security implementation.Technical Skills: Information Assurance HBSS ACAS STIG Retina, MacAfee Thanks & Regards, Harpal Singh Technical Recruiter 22nd Century Technologies Inc.(TSCTI) Direct : (908) 765-0003 Ext: 315 Fax : 609-228-4044 Email: singhh@tscti.com

Title                                                      IT OPERATIONS ENGR – COMPUTE (5388997) Location:                                            CHATTANOOGA TN Duration:                                             9-12 Months Hours:                                                 8:00am to 5:00 pm Job Description FOLLOWS THE ENGINEERING DESIGN PROCESS TO PROVIDE COMPLETE IT SOLUTIONS INCLUDING HARDWARE, SOFTWARE, CONFIGURATION, AND PROCESS BASED ON COLLABORATION AND ANALYSIS WITH STAKEHOLDERS, INDUSTRY BEST PRACTICE AND BEST VALUE SOLUTIONS. LEVERAGE ADVANCED KNOWLEDGE IN MULTIPLE TECHNOLOGIES; COLLABORATE WITH PEERS TO ANALYZE PERFORMANCE OF COMPONENTS AND SYSTEMS TO TROUBLE SHOOT, EVALUATE PERFORMANCE, AND DETERMINE CAPACITY. USES ROOT CAUSE ANALYSIS, CORRECTIVE ACTIONS, TACTICAL PLANNING AND STRATEGIC PLANNING TO CORRECT PROBLEMS, PROVIDE IMPROVED RESPONSE AND PROJECT LONG TERM INVESTMENTS REQUIRED TO PROVIDE SUFFICIENT SUPPORT FOR IT SERVICES TO THE BUSINESS. ABILITY TO MANAGE OR PARTICIPATE ON COMPLEX ISSUES IMPACTING THE INFRASTRUCTURE. A BACHELOR’S DEGREE IN COMPUTER SCIENCE, ENGINEERING, MATHEMATICS, BUSINESS ADMINISTRATION, OR RELATED FIELD OF STUDY; OR EQUIVALENT EDUCATION, TRAINING & EXPERIENCE. ADVANCED KNOWLEDGE OF SERVER INCLUDING SOLARIS, LINUX, WINDOWS SERVER, VMWARE ESX, VCLOUD, EMC, AND JVMS IN ALL AREAS (EXAMPLES: CONFIGURATION, TUNING, CAPACITY MANAGEMENT, SECURITY, COMPLIANCE, MONITORING, AUTOMATION, SUPPORT, VENDOR RELATIONSHIPS, AND OTHER AREAS) HARDWARE INCLUDING ORACLE, HP BLADE, CISCO UCS, VERITAS. KNOWLEDGABLE IN DEVELOPING, IMPLEMENTING, TROUBLE SHOOTING AND SUPPORTING CLOUD BASED SOLUTIONS. IN DEPTH KNOWLEDGE AND UNDERSTANDING OF A BROAD RANGE OF MANAGEMENT, COMPUTE AND NETWORKING TECHNOLOGIES. Additional Job Details:  Need someone that is a windows resource that might also have some cloud experience. This is a request for 1 position but could possibly turn into more. Depends on the candidates received. Skills needed include: Advanced Knowledge • Server 2003/2008 Upgrade Experience • Group Policy Configuration • Active Directory Organizational Design Experience • Microsoft Hyper-V • File Shares and Access Based Enumeration • 2012 DFS and Namespace Basic Knowledge • Active Directory Sites and Services • DHCP • DNS • VMWare • Technical Documentation Soft Skills: • Punctual • Positive Attitude • High Aptitude for new technology • Excellent verbal and written communication Good to have but not required: • Active Directory Federation Services • Public Azure enterprise administration • VMware vSphere 5.1, 5.5, 6.0 • System Center Configuration Manager Thanks & Regards, Simranjeet Singh Intern Recruiter Direct : (908) 765-0002 Ext:322 Fax No: 609-228-4044 Email: simranjeets@tscti.com

Job Title: Security Engineer/ Architect (50% Remote) Location: Greenwood Village, CO Duration: 12+ Months Contract (Very High possibility of Extension/ Conversion) Job Description: KP’s Cyber Security team is looking to expand, mature, and execute the Enterprise Technology Security Hardening Service.  The goal of the Security Hardening Service is to develop security-hardening standards for platforms, applications, networks and protocols.  These hardening standards serve as the gold image requiring compliance for all implementation of a particular technology or a protocol.  The hardening standards take into account the entire lifecycle of a technology or a protocol, and include hardening requirements and/or security recommendations for each phase in the lifecycle from a people, process and technology perspective. These baselines are produced and maintained for applications, networks, and platforms to ensure consistent implementation of technical security controls across KP’s technology landscape. This position is focused towards providing expert level security guidance for producing and maintaining security certifications for KP’s IT landscape based on identification and analysis of security control gaps, industry security best practices, regulatory guidance, and KP’s IS Policies. The position will also involve building a security strategy for the service to ensure the service is extensible to accommodate the changing IT landscape for near term future (e.g. cloud, mobile, big data etc.). Top 3-5 Daily Responsibilities: Perform Security Hardening Service Design including process, methodology, and any tools that would be required to ensure hardening standards are developed using a repeatable methodology. Formally document the artifacts for various phases of security architecture engagements, and obtain sign-off from all stakeholders. Top 3-5 Required Skills: BS in IT-related or engineering degree and 4 years of experience  in IT industry, OR Associates/ equivalent collegiate certificate in an IT-related or engineering degree program and six years of experience in IT industry. At least two years of experience in general endpoint configuration management and/or computer engineering, with one year of specialized experience in the following platform OS’s:   (requirements can be broken up among different people) Windows Professional Windows Server Linux (RedHat & Suse) Unix (Solaris) At least one year specialized experience in interpreting and applying a system of cyber security controls to endpoints, such as NIST 800-53, Defense Information Systems Agency Security Technical Implementation Guides (DISA STIGs), or Center for Internet Security (CIS) Security Benchmarks. Demonstrated understanding of cloud computing and mobile computing concepts and how to apply them. Desired Skills: At least one year’s specialized experience in configuring security settings and setting Enterprise security policy for the following operating systems:  (requirements can be broken up among different people) RedHat Enterprise Linux 7.1, 6.x and 5.x Suse Linux 11 and 12 Solaris 10 and 11 IBM AIX 5.x, 6.x and 7.x MacOS 10.x Experience in working in one of the following cloud architecture environments: AWS Azure Experience in working with and managing mobile devices in an Enterprise environment. Advanced GIAC certification and/or CISSP Soft Skills: Very strong communication skills If you are qualified, available, interested and planning to make a change, or know of a friend who might have the required qualifications and interest, you can contact me on desk: 415-915-1164 even if we have spoken recently about a different position. If you do respond via e-mail please include the Best time to call and phone number so I can reach you. Thank you, Anuj S. Verma Executive – Resourcing Pyramid Consulting, Inc. Email: anuj.verma@pyramidci.com

Title:                                     Comp Network Technologist II (5238156) Location:                             MA304 880 Technology Park Drive Billerica MA United States Duration:                             6 month CTH Hours:                                  8:00am to 5:00pm Job Description As part of the corporate network monitoring tools and analysis group you will be responsible for implementing and supporting a variety of applications and analyzing traffic across the Raytheon network. You will be a key member of an advanced engineering team supporting a solution that operates out of the Boston, Massachusetts area. We are seeking an experienced engineer that works well in a fast-paced environment. Additional Job Details: Required Skills: •Must have 4+ years of working experience in Information Technology •Able to work effectively in a team environment. •Must have 2+ years experience configuring, supporting and integrating monitoring and ticketing tools (e.g. CiscoWork, HP Performance Insight, SMARTS/Ionix, Spectrum, eHealth, NNM, Remedy Suite, Q Radar, Solar Wind) for network monitoring, trend analysis, network performance reporting and etc. •Database administration experience •Understanding of network traffic from a protocol/packet perspective •Excellent troubleshooting skills Desired Skills: •Current experience implementing and maintaining enterprise NOC tool suite. •Operational network experience •CCNA certification •Scripting experience •database administration experience •*Nix (UNIX/Linux/Solaris/RHEL) administration experience •Experience with both netflow and EEM •Ability to train operations staff on NOC tool suite •Experience with packet capture analysis •Supporting an enterprise NOC to include: •Supporting the software tools and agents capable of inventorying and monitoring the global network •Performing network tools development, customization and integration with network management platform •HW and database support and automation to include experience building servers from ground up, supporting oracle and other sql databases. •Establishing roles, service levels, installation, configuration, agents, policies, and day-to-day administration •Developing workflow design and CMDB database integration •Modifying alerts, threshold settings, procedures and processes on an ongoing basis •Specific experience on SMARTS/IONIX, OVPI and/or Remedy suite •Experience with Windows Administration •Specific experience on SMARTS/IONIX, OVPI and/or Remedy suite Education: 4 Years experience with a B.S./B.A. in Engineering, Science, or Mathematics or relevant degree or equivalent experience. Smile -n- Be happy Thanks & Regards, Mohit Sharma Technical  Recruiter Direct : 908-765-0002 Ext: 389

The Comptia Security+ IT certification is a very good certification for IT professionals getting into IT security and for IT security professional that have been doing cyber security for a while.  If you already have a high-level security certification (i.e. CISSP, CISM,CISA,CASP) I would say the Security+ is not necessary, because those certs already cover everything in the Security+ and more.  But if you don’t have any general security certs then you should definitely get it. What are the benefits: It is a well known certification that lets employers know that you are more than familiar with security best practice. Having the Security+ alone is enough to get a job or a raise in some situations. If you are unfamiliar with all the security best practices it is a great start in getting to know an important body of knowledge. It is 8570/8140 compliant.   For more information on the Security+: https://certification.comptia.org/certifications/security Exam Codes SY0-401 Launch Date May 1, 2014 Exam Description CompTIA Security+ certification covers network security, compliance and operation security, threats and vulnerabilities as well as application, data and host security. Also included are access control, identity management, and cryptography. Number of Questions Maximum of 90 questions Type of Questions Multiple choice and performance-based Length of Test 90 Minutes Passing Score 750 (on a scale of 100-900) Recommended Experience CompTIA Network+ and two years of experience in IT administration with a security focus Languages English, Japanese and Portuguese Retirement TBD – Usually three years after launch. Price $3​11.00 USD (See all pricing)

Position: Vendor Risk Manage. Location: Montvale, NJ Employment Type : Full Time.   Technical/Functional Skills – MUST HAVE SKILLS:-   FISAP vendor risk assessment program execution. ISO 27002 Domain audit/assessments. Critical Vendor Risk Assessments . Vendor Risk Management Program Leadership. CISA, CISSP, or other Risk certification preferred.   Technical/Functional Skills   -Good To HAVE SKILLS:-   Project management; people management; client relationship management; excellent oral and written English communications skilled with MS-PowerPoint; MS-Word; MS-Excel. Driven to achieve high delivery quality and effectiveness.   Roles & Responsibilities:-   ·        Annual vendor risk assessment compliance program leadership. ·        Vendor Risk Assessment Planning & Scheduling. ·        Vendor reconnaissance and updates with owners. ·        Questionnaire updates and initiation . ·        Manage offshore resource(s), and their activities, results. ·        Assessment Quality Assurance. ·        Establish and track/validate program metrics. ·        Vendor interactions and Issues management. ·        High Risk Vendor Assessments & Interactions . ·        Process Improvement . ·        VRM Best Practices Alignment. ·        Weekly, Quarterly, Ad-Hoc Reporting.       Thanks And Regards, Ajit Rai  Ventures Unlimited Inc. 309 Fellowship Road, East Gate Center, Suite 200 Mount Laurel , New Jersey 08054. Desk: 856-842-1988 Ext 230

Position: Security Analyst Location:   Montgomery, AL and San Antonio TX Duration: Full Time EDUCATION REQUIREMENTS: -  One or more of the following IAT Level II Certifications (GSEC, Security +, SSCP, CCNA-Security) -  CND Certification (GCIA, CEH, GCIH). Active Top Secret or TS/SCI BASIC QUALIFICATIONS: -  Intermediate knowledge with one or more of the IDS/IPS systems currently in use by the Department of Defense (DoD), Services, and Agencies (i.e., AF, Navy, Army, DC3, DISA) or Federal Government and intermediate experience in the following areas: IP addressing and domain name service; network components; Transmission Control Protocol (TCP)/User Datagram Protocol (UDP), File Transfer Protocol (FTP), Simple Mail Transfer Protocol (SMTP), and Hypertext Transfer Protocol (HTTP); and understand the network Open Systems Interconnection (OSI) model Must be able to work shifts as required. -  Conduct network security monitoring and intrusion detection analysis for the NIPRNet using the AF’s selected IDS/IPS toolset -  Research NIPR and SIPR defensive cyber operations events to determine the necessity for deeper analysis and conduct an initial assessment of type and extent of intruder activities. -  Enter event data into mission support systems according to operational procedures and reports through the 33rd operational chain. -  Record suspicious events, meeting established thresholds, into the operational database for suspicious traffic. Records shall contain sufficient information to stimulate future research of suspicious traffic. The record shall answer the: who, what, where, why and when for this suspicious activity. -  Compile suspicious events records and other artifacts as part of its Monthly Operational Report. -  Provide pass-on information to bring incoming crews up to speed on latest suspicious traffic seen from a given port, IP, etc. -  Coordinate with the Crew Commander for authorization before departing after pass-on to incoming shift. -  Provide computer security-related assistance to Air Force field units (example: the Integrated Network Operations and Security Center (INOSC), Base Information Assurance shop) in countering vulnerabilities, minimizing risk, and improving the security posture of AF computer networks and systems within the scope of operational requirements and mission execution. -  Provide focused DCO, tailored analysis and monitoring operations of specified sensor locations during contingency operations and in support of named DCO operations and exercises. -  Must be willing to receive additional training and maintain position qualification to perform assigned duties, as required Thanks & Regards Vandana Team Lead 22nd Century Technologies (Minority, 8(A) & GSA Schedule 70 Company) CMMi Level 3, ISO 9001:2008 and SBA certified 8(a) SDBEmail: vandanav@tscti.com