Pueo Business Solutions LLC
JCIP Expert HBS Technical Reviewer
Pueo Business Solutions LLC, Tysons Corner, Virginia, United States
Pueo is known for bringing the best talent and unique tools to every opportunity. Pueo's Parliament (aka workforce) is composed of professionals who are seeking the opportunity to work in a business organization that thrives on career development and independence. In support of mission and professional growth, our Parliament has supported the development of multiple patents, proprietary tools, and applications as well as trademarked processes.
Our organization emphasizes career development across multiple career environments (at the members own pace) and ensures those who contribute broadly are properly rewarded. Pueo has four career environments where every member of the parliament can participate. Each environment has opportunities available for all levels. Opportunities are framed by an employee's desires and capabilities, and we ensure challenges, growth, and unique experiences are available for employees at all levels.
Our Career Environments (Program, Functional, Service, and Leadership) provide numerous opportunities for employees to invest in their personal growth and those things that offer fulfillment. We invest in helping our members create and execute their career development plans. Our Pods (small teams of 5 or less) are comprised of personnel with similar skillsets to ensure mentorship, understanding, and peer support.
OVERVIEW Technical Reviewers play a pivotal role in evaluating the cybersecurity posture of enterprise environments across the Intelligence Community (IC). They conduct comprehensive technical assessments and perform detailed analysis of vulnerability scans to ensure compliance with Intelligence Community Directives (ICDs), IC Technical Implementation Guides (TIGs), Security Technical Implementation Guides (STIGs), Security Requirement Guides (SRGs), and NIST 800-53 rev 5 security controls.
GENERAL DUTIES
Conduct thorough technical assessments and manual audits of host-based security controls across enterprise endpoints, servers, and workstations within Intelligence Community (IC) environments.
Analyze system configurations, host-based firewalls, endpoint detection and response (EDR) tools, antivirus/antimalware solutions, and application whitelisting to ensure compliance with IC Directives and STIG requirements.
Evaluate compliance with IC Technical Implementation Guides (TIGs), Security Technical Implementation Guides (STIGs), Security Requirement Guides (SRGs), and applicable NIST 800-53 Rev 5 controls relevant to host-based security.
Independently perform manual checklist reviews of host security settings and controls; identify vulnerabilities, risks, and recommend mitigations.
Engage with system administrators, endpoint security teams, and leadership to clarify findings, provide risk assessments, and coordinate remediation efforts.
Lead and mentor Level 1 IDRs in host-based security tasks and inspections.
Stay current on emerging host security threats, vulnerabilities, and mitigation strategies including zero-day exploits, advanced persistent threats (APTs), and endpoint hardening techniques.
Participate in planning, execution, and reporting phases of inspections with minimal oversight; prepare clear and concise technical reports and presentations.
Travel as necessary to support onsite inspections at IC facilities. (8-12 weeks of travel avg, some international and passport required).
REQUIRED QUALIFICATIONS
Possess a master's degree, with 8+ years of total experience/equivalent certifications. Master's degree may be substituted with a bachelor's degree and 5+ years of additional experience/equivalent certifications, for a total of 13+ years.
Knowledge:
Deep understanding of endpoint security technologies including EDR, antivirus, host-based firewalls, application whitelisting, and system hardening best practices.
Familiarity with common host OS platforms (Windows, UNIX/Linux) and their security architectures.
Proficient in interpreting and applying STIGs, SRGs, and NIST 800-53/800-171 controls related to host security.
Awareness of host-based attack vectors such as privilege escalation, malware persistence, and lateral movement techniques.
Skills:
Strong analytical skills to assess host configurations, detect security gaps, and evaluate risks.
Excellent communication skills for briefing technical and leadership audiences on findings and recommendations.
Ability to lead inspections and mentor junior personnel.
Capable of working both independently and collaboratively within multidisciplinary teams.
Abilities:
Lead host-based security inspection initiatives, including risk analysis and reporting.
Translate technical findings into actionable security controls and risk mitigation strategies.
Adapt to evolving cybersecurity threats and emerging technologies in endpoint security.
Efficiently manage time and tasks during inspection cycles.
Certifications:
Obtain an IAT-III or Maintain IAT Level III Certification in compliance with DoD 8570.01-M and DoD Directive 8140 Cyberspace Workforce Management.
CASP+ CE
CCNP Security
CISA
CISSP (or Associate)
GCED
GCIH
CCSP
CLEARANCE
Top Secret minimum
Pueo is an equal employment opportunity employer and affirmative action employer. All interested individuals will receive consideration and will not be discriminated against on the basis of race, color, religion, sex, national origin, disability, age, sexual orientation, gender identity, genetic information, or protected veteran status. Pueo takes affirmative action in support of its policy to advance diversity and inclusion of individuals who are minorities, women, protected veterans, and individuals with disabilities.
#J-18808-Ljbffr
Our organization emphasizes career development across multiple career environments (at the members own pace) and ensures those who contribute broadly are properly rewarded. Pueo has four career environments where every member of the parliament can participate. Each environment has opportunities available for all levels. Opportunities are framed by an employee's desires and capabilities, and we ensure challenges, growth, and unique experiences are available for employees at all levels.
Our Career Environments (Program, Functional, Service, and Leadership) provide numerous opportunities for employees to invest in their personal growth and those things that offer fulfillment. We invest in helping our members create and execute their career development plans. Our Pods (small teams of 5 or less) are comprised of personnel with similar skillsets to ensure mentorship, understanding, and peer support.
OVERVIEW Technical Reviewers play a pivotal role in evaluating the cybersecurity posture of enterprise environments across the Intelligence Community (IC). They conduct comprehensive technical assessments and perform detailed analysis of vulnerability scans to ensure compliance with Intelligence Community Directives (ICDs), IC Technical Implementation Guides (TIGs), Security Technical Implementation Guides (STIGs), Security Requirement Guides (SRGs), and NIST 800-53 rev 5 security controls.
GENERAL DUTIES
Conduct thorough technical assessments and manual audits of host-based security controls across enterprise endpoints, servers, and workstations within Intelligence Community (IC) environments.
Analyze system configurations, host-based firewalls, endpoint detection and response (EDR) tools, antivirus/antimalware solutions, and application whitelisting to ensure compliance with IC Directives and STIG requirements.
Evaluate compliance with IC Technical Implementation Guides (TIGs), Security Technical Implementation Guides (STIGs), Security Requirement Guides (SRGs), and applicable NIST 800-53 Rev 5 controls relevant to host-based security.
Independently perform manual checklist reviews of host security settings and controls; identify vulnerabilities, risks, and recommend mitigations.
Engage with system administrators, endpoint security teams, and leadership to clarify findings, provide risk assessments, and coordinate remediation efforts.
Lead and mentor Level 1 IDRs in host-based security tasks and inspections.
Stay current on emerging host security threats, vulnerabilities, and mitigation strategies including zero-day exploits, advanced persistent threats (APTs), and endpoint hardening techniques.
Participate in planning, execution, and reporting phases of inspections with minimal oversight; prepare clear and concise technical reports and presentations.
Travel as necessary to support onsite inspections at IC facilities. (8-12 weeks of travel avg, some international and passport required).
REQUIRED QUALIFICATIONS
Possess a master's degree, with 8+ years of total experience/equivalent certifications. Master's degree may be substituted with a bachelor's degree and 5+ years of additional experience/equivalent certifications, for a total of 13+ years.
Knowledge:
Deep understanding of endpoint security technologies including EDR, antivirus, host-based firewalls, application whitelisting, and system hardening best practices.
Familiarity with common host OS platforms (Windows, UNIX/Linux) and their security architectures.
Proficient in interpreting and applying STIGs, SRGs, and NIST 800-53/800-171 controls related to host security.
Awareness of host-based attack vectors such as privilege escalation, malware persistence, and lateral movement techniques.
Skills:
Strong analytical skills to assess host configurations, detect security gaps, and evaluate risks.
Excellent communication skills for briefing technical and leadership audiences on findings and recommendations.
Ability to lead inspections and mentor junior personnel.
Capable of working both independently and collaboratively within multidisciplinary teams.
Abilities:
Lead host-based security inspection initiatives, including risk analysis and reporting.
Translate technical findings into actionable security controls and risk mitigation strategies.
Adapt to evolving cybersecurity threats and emerging technologies in endpoint security.
Efficiently manage time and tasks during inspection cycles.
Certifications:
Obtain an IAT-III or Maintain IAT Level III Certification in compliance with DoD 8570.01-M and DoD Directive 8140 Cyberspace Workforce Management.
CASP+ CE
CCNP Security
CISA
CISSP (or Associate)
GCED
GCIH
CCSP
CLEARANCE
Top Secret minimum
Pueo is an equal employment opportunity employer and affirmative action employer. All interested individuals will receive consideration and will not be discriminated against on the basis of race, color, religion, sex, national origin, disability, age, sexual orientation, gender identity, genetic information, or protected veteran status. Pueo takes affirmative action in support of its policy to advance diversity and inclusion of individuals who are minorities, women, protected veterans, and individuals with disabilities.
#J-18808-Ljbffr