Description
Job Summary: KMS Application
The services needed are threefold: (1) IT services; (2) Technical writing for a training user guide; and (3) Helpdesk services. The CMA Applications/Systems consist of an online document repository hosted by Government hardware currently consisting of (1) Kubernetes; (2) HTML/JavaScript; (3) Elasticsearch; (4) MinIO; (5) Kibana; (6) Logstash; and (7) PostgreSQL containers on virtual and physical devices. An Army 365 hosted Sharepoint Instance and NodeJS applications hosted on RHEL servers. The Candidate maintains and updates the CMA System including server optimization, user interface enhancements, and portal functionality based on stakeholder requirements. The CMA Applications expands multi-organization feature support, configurable user notifications throughout the application, and support data ingests such as bulk uploads.
Candidate would be responsible for ensuring the confidentiality, integrity, and availability of information systems. They typically have a background in computer science or a related field, and they have experience with a variety of IT security technologies.
The DevSecOps Engineer is responsible for the development, deployment, and maintenance of software applications in a secure and compliant manner. The ideal candidate will have experience with a variety of DevOps tools and technologies, as well as a strong understanding of security principles and best practices.
Specific Task
CMA KMS Sustainment Activities: assess the CMA KMS infrastructure and data requirements periodically in coordination with the CMA IT Project Manager to determine the optimal balance of operating cost and performance. Any necessary adjustments to the system to accommodate additional storage or computing resources should be prioritized with the CMA IT Project Manager against other KMS activities. The Contractor shall conduct revisions to the ARIMS categorization process based on revisions of the ARIMS record numbers by the Records Management and Declassification Agency
CMA KMS Security and Compliance Activities: quarterly STIG checks as along with any artifacts deemed necessary by the applicable STIGS; in coordination with DEVCOM Chemical Biological Center (CBC) IT services who sets the acceptable thresholds of findings in each STIG artifact. The Candidate shall ensure compliance with AR 25-2, DoDI 8500.01, “Cybersecurity,” DoDI 8570, and DoDI 8510.01, “Risk Management Framework for DoD Information Technology”. The Contractor shall work with the CMA Records Manager and IT subject matter experts to prioritize and complete the necessary security requirements. Additionally, the Contractor shall provide the STIG/SRG checklists to the COR for approval quarterly.
CMA KMS Build Guide: implementing the code on production and development systems and providing a guide to re-engineer the deployment steps so that it can be duplicated on demand. Major version releases are along with any artifacts deemed necessary by the Government. The contractor shall provide the KMS Build Guides to the COR for approval quarterly.
CMA KMS User Guide Updates: once per year or after a change. The CMA KMS User Guide Updates is a help tool that is posted on the KMS Site to help users operate the CMA KMS Site. The CMA KMS User Guide Updates shall be provided to the COR for approval, then uploaded into the CMA KMS site.
CMA KMS Helpdesk Services: monitor the help desk email requests, phone calls (approximately 1-5 emails and phone calls per week), verbal in-person requests, and administer access request.
Duties and Responsibilities:
Knowledge Managment professionals need to have strong technical skills, including knowledge of computer hardware and software, networking, and security. This includes:
- Security assessment and testing: The ability to identify and assess security vulnerabilities in information systems.
- Security engineering: The ability to design, implement, and maintain secure information systems.
- Security operations: The ability to monitor and respond to security incidents.
- Security awareness and training: The ability to train users on security best practices.
- Problem-solving skills: IA professionals need to be able to identify and troubleshoot security problems.
- Communication skills: IA professionals need to be able to communicate effectively with users, other IT professionals, and management.
- Teamwork skills: IA professionals often work as part of a team, so they need to be able to work well with others.
- Conducting security assessments of information systems
- Developing and implementing security policies and procedures
- Monitoring and responding to security incidents
- Training users on security best practices
- Develop and implement security controls throughout the software development lifecycle
- Automate security testing and remediation
- Work with development and operations teams to ensure that applications are secure and compliant
- Monitor and analyze security data to identify and respond to threats
- Stay up-to-date on the latest security threats and trends
MINIMUM QUALIFICATIONS, SKILLS, AND EDUCATIONAL REQUIREMENTS
- Bachelor's degree in Computer Science, Cyber Security, or a related field
- 5+ years of experience in DevSecOps or a related field
- Technical skills: Database Engineers/Knowledge Managers need to have strong technical skills, including knowledge of database hardware and software, networking, and security.
- Problem-solving skills: Database Engineers/Knowledge Managers need to be able to identify and troubleshoot database problems.
- Experience with a variety of DevSecOps tools and technologies
- Strong understanding of security principles and best practices
- Excellent problem-solving and analytical skills
- Strong communication and interpersonal skills
GSI Service Group Inc. is an equal opportunity and affirmative action employer that consciously builds inclusive teams and is proud to support a diverse environment that considers all qualified applicants for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.