Pueo Business Solutions LLC
JCIP Senior Infrastructure Virtualization & Storage Technical Reviewer
Pueo Business Solutions LLC, Tysons Corner, Virginia, United States
Pueo is known for bringing the best talent and unique tools to every opportunity. Pueo's Parliament (aka workforce) is composed of professionals who are seeking the opportunity to work in a business organization that thrives on career development and independence. In support of mission and professional growth, our Parliament has supported the development of multiple patents, proprietary tools, and applications as well as trademarked processes.
Our organization emphasizes career development across multiple career environments (at the members own pace) and ensures those who contribute broadly are properly rewarded. Pueo has four career environments where every member of the parliament can participate. Each environment has opportunities available for all levels. Opportunities are framed by an employee's desires and capabilities, and we ensure challenges, growth, and unique experiences are available for employees at all levels.
Our Career Environments (Program, Functional, Service, and Leadership) provide numerous opportunities for employees to invest in their personal growth and those things that offer fulfillment. We invest in helping our members create and execute their career development plans. Our Pods (small teams of 5 or less) are comprised of personnel with similar skillsets to ensure mentorship, understanding, and peer support.
OVERVIEW Technical Reviewers play a pivotal role in evaluating the cybersecurity posture of enterprise environments across the Intelligence Community (IC). They conduct comprehensive technical assessments and perform detailed analysis of vulnerability scans to ensure compliance with Intelligence Community Directives (ICDs), IC Technical Implementation Guides (TIGs), Security Technical Implementation Guides (STIGs), Security Requirement Guides (SRGs), and NIST 800-53 rev 5 security controls.
GENERAL DUTIES
Conduct comprehensive technical assessments and manual audits of virtualized infrastructure platforms and network-attached storage (NAS) environments in Intelligence Community (IC) settings.
Evaluate compliance with IC Directives, Security Technical Implementation Guides (STIGs), Security Requirement Guides (SRGs), and NIST 800-53 Rev 5 and 800-171 security controls relevant to virtualization and storage systems.
Perform independent manual STIG checklist reviews for leading virtualization platforms including VMware ESXi, Microsoft Hyper‑V, and KVM, as well as NAS/SAN devices such as NetApp and Dell EMC systems.
Analyze risks and attack vectors associated with virtualized environments and storage architectures; assess controls including encryption, authentication, access management, and FIPS compliance.
Provide technical recommendations and architectural guidance to improve virtual infrastructure security posture.
Liaise with virtualization system administrators, storage teams, and leadership to communicate findings, risk assessments, and remediation strategies.
Lead and mentor Level 1 IDRs in conducting IV&S inspections and risk analysis.
Stay current with emerging virtualization and storage security threats, industry trends, and vendor hardening best practices.
Participate in inspection planning, execution, reporting, and deliver clear, concise written and oral assessments.
Travel as necessary to support onsite inspections. (8-12 weeks of travel avg, some international and passport required).
REQUIRED QUALIFICATIONS
Knowledge:
Strong understanding of virtualization platforms: VMware ESXi, Microsoft Hyper‑V, and KVM architectures and security features.
Familiarity with common NAS/SAN systems (NetApp, Dell EMC) and their security considerations.
Ability to interpret and apply STIGs, SRGs, and NIST 800-53/800-171 controls related to virtualized infrastructure and storage.
Knowledge of encryption standards, including FIPS, and their application in storage security.
Awareness of virtualization and storage‑related attack vectors and mitigation strategies.
Skills:
Proficient in performing manual checklist audits and functional risk assessments for virtualized and storage environments.
Strong analytical skills to evaluate complex system configurations and security controls.
Effective communication skills to present findings and recommendations to technical teams and leadership.
Ability to mentor junior inspectors and lead technical discussions.
Abilities:
Lead IV&S inspection efforts independently with minimal oversight.
Provide actionable security architecture recommendations to enhance virtual and storage infrastructure defenses.
Manage inspection activities and deliverables efficiently within tight schedules.
Adapt quickly to vendor‑specific nuances while maintaining a vendor‑agnostic security focus.
Certifications:
Obtain an IAT-III or Maintain IAT Level III Certification in compliance with DoD 8570.01-M and DoD Directive 8140 Cyberspace Workforce Management.
CASP+ CE
CCNP Security
CISA
CISSP (or Associate)
GCED
GCIH
CCSP
CLEARANCE
Top Secret minimum
Pueo is an equal employment opportunity employer and affirmative action employer. All interested individuals will receive consideration and will not be discriminated against on the basis of race, color, religion, sex, national origin, disability, age, sexual orientation, gender identity, genetic information, or protected veteran status. Pueo takes affirmative action in support of its policy to advance diversity and inclusion of individuals who are minorities, women, protected veterans, and individuals with disabilities.
#J-18808-Ljbffr
Our organization emphasizes career development across multiple career environments (at the members own pace) and ensures those who contribute broadly are properly rewarded. Pueo has four career environments where every member of the parliament can participate. Each environment has opportunities available for all levels. Opportunities are framed by an employee's desires and capabilities, and we ensure challenges, growth, and unique experiences are available for employees at all levels.
Our Career Environments (Program, Functional, Service, and Leadership) provide numerous opportunities for employees to invest in their personal growth and those things that offer fulfillment. We invest in helping our members create and execute their career development plans. Our Pods (small teams of 5 or less) are comprised of personnel with similar skillsets to ensure mentorship, understanding, and peer support.
OVERVIEW Technical Reviewers play a pivotal role in evaluating the cybersecurity posture of enterprise environments across the Intelligence Community (IC). They conduct comprehensive technical assessments and perform detailed analysis of vulnerability scans to ensure compliance with Intelligence Community Directives (ICDs), IC Technical Implementation Guides (TIGs), Security Technical Implementation Guides (STIGs), Security Requirement Guides (SRGs), and NIST 800-53 rev 5 security controls.
GENERAL DUTIES
Conduct comprehensive technical assessments and manual audits of virtualized infrastructure platforms and network-attached storage (NAS) environments in Intelligence Community (IC) settings.
Evaluate compliance with IC Directives, Security Technical Implementation Guides (STIGs), Security Requirement Guides (SRGs), and NIST 800-53 Rev 5 and 800-171 security controls relevant to virtualization and storage systems.
Perform independent manual STIG checklist reviews for leading virtualization platforms including VMware ESXi, Microsoft Hyper‑V, and KVM, as well as NAS/SAN devices such as NetApp and Dell EMC systems.
Analyze risks and attack vectors associated with virtualized environments and storage architectures; assess controls including encryption, authentication, access management, and FIPS compliance.
Provide technical recommendations and architectural guidance to improve virtual infrastructure security posture.
Liaise with virtualization system administrators, storage teams, and leadership to communicate findings, risk assessments, and remediation strategies.
Lead and mentor Level 1 IDRs in conducting IV&S inspections and risk analysis.
Stay current with emerging virtualization and storage security threats, industry trends, and vendor hardening best practices.
Participate in inspection planning, execution, reporting, and deliver clear, concise written and oral assessments.
Travel as necessary to support onsite inspections. (8-12 weeks of travel avg, some international and passport required).
REQUIRED QUALIFICATIONS
Knowledge:
Strong understanding of virtualization platforms: VMware ESXi, Microsoft Hyper‑V, and KVM architectures and security features.
Familiarity with common NAS/SAN systems (NetApp, Dell EMC) and their security considerations.
Ability to interpret and apply STIGs, SRGs, and NIST 800-53/800-171 controls related to virtualized infrastructure and storage.
Knowledge of encryption standards, including FIPS, and their application in storage security.
Awareness of virtualization and storage‑related attack vectors and mitigation strategies.
Skills:
Proficient in performing manual checklist audits and functional risk assessments for virtualized and storage environments.
Strong analytical skills to evaluate complex system configurations and security controls.
Effective communication skills to present findings and recommendations to technical teams and leadership.
Ability to mentor junior inspectors and lead technical discussions.
Abilities:
Lead IV&S inspection efforts independently with minimal oversight.
Provide actionable security architecture recommendations to enhance virtual and storage infrastructure defenses.
Manage inspection activities and deliverables efficiently within tight schedules.
Adapt quickly to vendor‑specific nuances while maintaining a vendor‑agnostic security focus.
Certifications:
Obtain an IAT-III or Maintain IAT Level III Certification in compliance with DoD 8570.01-M and DoD Directive 8140 Cyberspace Workforce Management.
CASP+ CE
CCNP Security
CISA
CISSP (or Associate)
GCED
GCIH
CCSP
CLEARANCE
Top Secret minimum
Pueo is an equal employment opportunity employer and affirmative action employer. All interested individuals will receive consideration and will not be discriminated against on the basis of race, color, religion, sex, national origin, disability, age, sexual orientation, gender identity, genetic information, or protected veteran status. Pueo takes affirmative action in support of its policy to advance diversity and inclusion of individuals who are minorities, women, protected veterans, and individuals with disabilities.
#J-18808-Ljbffr