Enterprise Cybersecurity Engineer I

Summary: NASA Jet Propulsion Laboratory is focused on seeking out answers that bring us closer to understanding the universe. The Enterprise Cybersecurity Engineer I will assist in developing and designing system solutions for identity management and directory access requirements, while ensuring the security and integrity of directory authentication. Responsibilities: - Be a member of the Cybersecurity Services Operations and Identity, Credential, and Access Management (ICAM) Office and will report to 6250 Office Manager - Assist in the development and design of conceptual and detailed system and process solutions to meet Identify Management and Directory access requirements for Business systems, flight/mission systems and Institutional network needs and user requirements - Assist in analyzing and creating design concepts and architecture diagrams, plus functional/technical requirements as needed for single sign-on solutions, light directory access protocol, Kerberos authentication and other authentication methods as required - Work with internal organizations to understand internal technical and business processes, participate in focus groups to document requirements, present system concepts, demos, and provide implementation support - Support analysis of system enhancements, maintenance, and upgrades for Identify Management of functional applications including interfaces to business systems, human resources, institutional and flight/mission systems - Document and track development changes and fixes using configuration management systems - Support system problem identification and resolution, including requirements for and functional testing authentication solutions prior to roll-out to production systems - Perform functional validation testing for identity management and directory access solutions - Gathers complex and critical requirements; analyzes, plans, designs, configures, tests, deploys, rolls out and maintains major enterprise identity management solutions - Serves as key interface with customers to facilitate, negotiate and capture requirements for highly critical and complex enterprise directory services for integration of single or reduced sign-on capabilities; advises customer and management - Modifies sets up, and/or configures complex software that integrates with the enterprise suite of applications and/or standalone applications, leveraging identity management for single sign-of custom applications and enterprise network users - Assist in managing JPL’s Active Directory infrastructure - Support design, upgrade and maintenance of the Active Directory environment to ensure the security, integrity, and availability of directory authentication - Design and implement Active Directory Group Policies in compliance with JPL Cybersecurity policies - Integrate NASA’s PIV smart card authentication with JPL’s Active Directory to comply with Homeland Security Presidential Directive 12 (HSPD-12) - Develop and implement Visual Basic and PowerShell scripts for managing Active Directory data - Perform domain rename and migration of Active Directory for reconstruction of the directory infrastructure - Manage Windows DNS servers for Active Directory zones and Windows Internet Name Service servers for NetBIOS records in support of NTLM, Kerberos and LDAP authentication to Active Directory - Design and implement Windows Certificate Service for integration of PKI to Active Directory - Implement Active Directory Federation Services (ADFS) and IIS servers in support of enabling Web Single Sign On (SSO) to SAML compliant applications - Provide technical support for Samba servers integration with Active Directory - Provide support for configuration of Oracle Access Manager (OAM) WebGate for integration of Web Single Sign On (SSO) to the JPLIT directory service - Provide level 3 support to developers and customers for Windows directory related issues - Document implementation processes and procedures Required Qualifications: - Typically requires a bachelor's degree with a minimum of 1 year of experience in a Computer Science or related technical Information Technology career field; master's degree in computer science or related technical Information Technology career field with a minimum of 0 years of related experience - Experience and knowledge in one or more of the following areas: Cybersecurity Operations, Identity Management Systems, Network and Systems Architecture, UNIX and Windows systems administration - Understanding and knowledge of the application of advanced principles, theories, concepts and techniques in securing networked computer systems - Knowledge and direct working experience with the following log aggregation technologies which may include Splunk, Syslog and Windows Event Manager - Experience architecting scalable systems and applications - Excellent teaming skills, capable of following team leadership guidance while leading aspects of highly technical project developments - Excellent written and verbal communication skills, capable of effectively capturing and communicating technical information at all levels - Experience and advanced knowledge in one or more of the following areas: Active Directory design, functional requirements, and implementation of Identity Management system/process improvements - Knowledge of capturing business process requirements leading to integrated system architecture and design - Working knowledge of system development lifecycle methods, authentication for relational database concepts (Oracle), data flow diagrams, data dictionaries, requirements documentation - Excellent system analysis, design, analytical, problem solving and communication skills ranging from concepts to detail requirements to user guides and tutorials - Significant understanding of HR reporting and analytics design and implementation Preferred Qualifications: - Knowledge of Laboratory policies and procedures, NASA policies and procedures, and government regulations across a range of applications - Experience working with Oracle programmers to communicate requirements, in support of Oracle authentication management, Oracle Interface functionality, documenting/testing bug fixes, and partnering on implementing security related enhancements - Understanding of internal business processes in a high-tech environment such as project management and designing system enhancements with positive productivity improvements by enhancing functionality of user requirements Required Skills: Cybersecurity Operations, Identity Management Systems, Network Architecture, Systems Architecture, UNIX systems administration, Windows systems administration, Splunk, Syslog, Windows Event Manager, Active Directory design, Active Directory implementation, Active Directory Group Policy, Kerberos authentication, LDAP authentication, Visual Basic scripting, PowerShell scripting, Windows DNS server management, Windows Internet Name Service, Windows Certificate Service, Public Key Infrastructure (PKI), Active Directory Federation Services (ADFS), Internet Information Services (IIS), SAML, Samba server integration, Oracle Access Manager (OAM), Web Single Sign-On (SSO), Oracle authentication, System development lifecycle, Data flow diagrams, Data dictionaries, Requirements documentation, HR reporting, Teaming Benefits: A variety of health, dental, vision, wellbeing, and retirement plans, Paid time off, Learning, Rideshare, Childcare, Flexible schedule, Parental leave