Title: AD/Network/Cloud Security Administrator

Location: Remote

Length: Long term

Restriction: W2 or C2C

Description:

*** Webcam interview long term project initial PO for 1.5 years with multiyear extensions ***Remote*** *** Need 2 verfiable references ***

Tasks and Deliverables:

Active Directory

Design:

Group policies, security settings, and access controls
DNS and DHCP integration with AD
Plan for high availability, disaster recovery, and scalability
Migration strategies for existing AD data
Configure:
Domain controllers, ensuring proper placement and deploy
DNS and DHCP servers in alignment with AD architecture
Global catalog servers for efficient search operations
Authentication protocols and encryption methods
User and computer policies for consistent system behavior
Audit policies for tracking security events
Group policies to enforce security settings and configurations and deploy
User and computer policies for consistent system behavior

Implement:

Replication and ensure directory synchronization
Security best practices, including least privilege principles
Account policies, password policies, and account lockout settings
Software deployment policies and test
New AD architecture to the production environment
Password reset process
Vulnerabilities and template vulnerabilities
Admin Service Principal Name cleanup
Special Functional account permissions
Active Directory Hardening
Active Directory enablement for legacy and current OS

Test:

AD architecture in a controlled environment
Address and resolve any issues identified during testing
Documentation:
Of the AD architecture
Configuration details, policies, and procedures
User guides and troubleshooting documentation
Training Knowledge Transfer:
Of the AD features and changes
Of the maintenance and troubleshooting procedures
Authentication and Authorization

Configure:

MFA
Password GPO for elevated accounts
Password Complexity
Including local OS password complexity
GPO cleanup
Reporting:
Elevated domain account
Expired passwords
Abandoned accounts
Application Modernization and Hardening

Possible OS upgrades
Supported security configurations for OS, Network and Database
Risk Register and Policy Updates

Ensure compliance with DOF guidelines for Governance, Monitoring, Risk Assessment and Risk and Controls
Ensure all existing and unresolved risk are added to the SOS Risk Register sections and controls

Experience:

This resource must have a minimum of five (5) years of experience applying security policies, standards, testing, modification, and implementation. At least three (3) years of that experience must be in information security analysis.
This resource must have a minimum of seven (7) years of experience with developing and implementing technical solutions to help mitigate security vulnerabilities.
Education

This resource requires the possession of a bachelors degree in an IT related or Engineering field. Additional qualifying experience may be substituted for the required education on a year for year basis.

Minimum Qualifications, Skills, and Experience

The consultants individually or collectively as a team must meet the
following specific, skills, and experience:

7 years experience within the last 10 years providing security vulnerability and risk assessment services.
Security Certification either Certified Information Systems Security Professional (CISSP) or Certified Information Systems Auditor (CISA).
Experience with industry standard compliance frameworks (CIS, NIST, OWASP).
7 years experience within the last 10 years in configuration, support, and architectural design of the following platforms in an enterprise environment:
Palo Alto Next Generation Firewalls
CISCO ASA Firewalls, Routers, Switches, and VPNs
F5 BIG IP appliances and modules
3 years experience within the last 5 years in configuration, support, and architectural design of the following platforms in an enterprise environment
Microsoft Active Directory
AWS server less Cloud Environment AWS Services and Technologies
Microsoft Azure Platform as a Service technologies
Apache web servers
IIS web servers
Linux servers
Windows servers

Desirable Skills:

In addition to the minimum qualifications identified above, the SOS prefers
Contractors possessing some or all the following qualifications:

Cisco Certified Internetwork Expert (CCIE) Routing and Switching
Cisco Certified Network Professional (CCNP) Security
Microsoft Certified Solutions (Expert (MCSE) Server Infrastructure
Palo Alto Network Certified Network Security Engineer (PCNSE)
F5 Certified Technology Specialist (F5 CTS ASM)
GIAC Certified Penetration Tester
Internet Security Certified Product Specialist
3 years experience within the last 5 years in configuration, support, and architectural design of the following platforms in an enterprise environment:
Databases to include Microsoft SQL Server, Oracle Databases and MySQL Database
Web API Services
(link removed) Framework