Software Engineer (Active TS w/SCI eligibility)
ATSG is seeking resumes for a Software Engineer to join the Information and Technology Branch (ITB) Information Technology Infrastructure Division (ITID) at the Federal Bureau of Investigation in Washington, DC. The FBI ITB ITID mission includes the provision of comprehensive information technology services to all FBI personnel assigned to the FBI Headquarters, J. Edgar Hoover Building (FBIHQ) in Washington, D.C., Field Offices (FOs), Resident Agencies (RAs), and Legal Attach (LEGAT) located overseas.
In support of this mission, ITID is responsible for the management and support of the FBI's IT infrastructure. Part of this infrastructure includes systems operating on four (4) enclaves (BlackNet, Unclassified, Secret, and Top Secret/Sensitive Compartmented Information), as well as the underlying facilities and transports to support them.
The successful candidate will:
- Provide guidance regarding changes to the AD schema;
- Manage and maintain standardized Organizational Units (OU) in AD;
- Manage and maintain AD custom attributes and security groups;
- Manage AD sites and subnets, including site replication;
- Manage and maintain group policy, and scripts associated with group policy, to secure the IT infrastructure and grant necessary resources to staff, consistent with job requirements (i.e. workstation, server, common Microsoft products such as Exchange, SharePoint and other group policies as requested);
- Create and maintain a Group Policy Map to indicate what each group policy does, what resource(s) is (are) affected, and understand the effect of any change to group policy
- Manage the AD database, System Volume (SYSVOL).
- Monitor Domain Controllers to prevent outages and/or restore service in a timely manner, analyze the policies currently monitored, and make recommendations as needed to provide meaningful alerts for action.
- Audit changes to accounts, group policy, and other changes to AD with enterprise auditing tools (i.e Dell Active Administrator, Change Auditor, and Recovery Manager).
- Follow FBI Change Management Policy when changing the FBI IT infrastructure.
- Share knowledge with other members of the full AD team, regardless of whether other members are FBI employees or contractors of this or another contractor.
- Maintain a listing of all service accounts, the applications and servers which use them, and the unit responsible for the accounts.
- Provision, modify, and deprovision user and administrator accounts on the four (4) enclaves upon receipt of approved access or deprovisioning request, based upon location, role, or both. Accounts shall be provisioned/modified/deprovisioned within five (5) days of receipt or date specified in the request, whichever is later. MDSU is currently receiving an average of 165 requests daily. As part of this process, the Exchange mailboxes are also created.
- Make necessary adjustments to security controls to grant only that access to IT resources required for job performance.
- Manage user profiles, including access to share drives, OU assignment, password reset, and general directory cleanup at regular intervals.
- Support personnel moves by migrating user profiles and data to data stores associated with new location.
- Manage and maintain delegation of permissions.
- Follow FBI policy and procedures for account management to create, modify, or delete accounts and account permissions
- Essential Qualifications:
- Expert practical experience in creating, modifying and deleting group policy, troubleshoot group policy issues, determine the effect of all group policies on an account or account group, audit changes to group policy, and maintain a Group Policy Map;
- Expert practical experience using Microsoft Active Directory Services, PowerShell, and/or other scripting tools, understand logical representation and enterprise effects of implementation;
- Expert practical experience using automated tools or like products like Microsoft Advanced Group Management Policy (AGPM), Microsoft Resultant Set of Policy, Microsoft Forefront Identity Manager (FIM), Microsoft Identity Manager and attributes;
- Design and implement Directory Services that effectively reflect business needs, service level and availability requirements while being robust and scalable to support; including performance analysis and optimization, monitoring, problem resolution, upgrade planning and execution, and process creation and documentation;
- Function as SME for Directory Services including; Active Directory Domain Services (ADDS), Azure Active Directory, and Active Directory Certificate Services and as a technical expert on infrastructure projects pertaining to Directory Services, GPO's, authorization services along with their monitoring, security methodologies, management, capacity planning, environment failover and disaster recovery.
- Design and architect a global Active Directory Infrastructure, including design and implementation of Group Policy and domain consolidation for multiple large scale organizations;
- Ensure the proper systems and administration design. Utilize logical problem solving to find creative solutions to problems in the environment on a broad scale Troubleshoot and resolve Active Directory, GPO, Kerberos, Active Directory Federated Services, Microsoft Identity Manager and other password/identity management systems;
- Architect-level Domain Controller expertise--build, promote, replicate and patch advanced planning and implementation tasks;
- Ensure new Directory Service technologies are adequately tested and integrated with infrastructure and application services;
- Assist in management and support of internal and external DNS systems. Assist in management and support of internal DHCP architecture and scoping;
- Advanced knowledge related to installing and configuring Windows Server 2012 or Windows Server 2008 R2 equivalent (preferred);
- Advanced knowledge related to administering Windows Server 2012 or Windows Server 2000 R2equivalent (preferred):
- Advanced knowledge related to configuring Advanced Windows Server 2012 Services or Windows Server 2008 R2 equivalent(preferred);
- Advanced knowledge related to with Microsoft Windows Server (i.e. 2012 r2, 2008 r2, and 2003, including Active Directory);
- Provide quality/production methods to ensure existing group policies are not already in place to implement user request or change.
- Provide active follow-up with users and engineers to ensure actual change worked and did not cause of corrupt use profiles and permissions;
- Be able to identify impacts of AD, GPO, OU change;
- Ability to document order of applied change and criticality of sequenced process steps;
- Experience managing Domain replication;
- Expert practical experience applying Federal Information Services Management Act (FISMA) rules to the AD environment;
- Highly recommended have Microsoft Certified Technology Specialist (MCTS), Security Plus (CompTIA)); preferably Microsoft Certified Solutions Associate (MCSA) certifications;
- Experience with SQL; LDAP and Secure LDAP, and Dell Active Administrator;
- Able to administer PKI and certificate services (preferred);
- Able to administer RSA token as an RA or LRA (preferred);
- Minimum of five (5) years with AD group policy, including common Microsoft products such as SharePoint and Exchange for the listed server versions and their successors;
- Minimum of five (5) years of troubleshooting AD, especially group policy-related incidents;
- Bachelor's Degree in Engineering or in one of the disciplines within Information Technology
- Technical writing skills; and
- Ability to effectively share technical knowledge between government and contractor's personnel.
Candidates are encouraged to submit a .doc or .docx resume that explicitly addresses each of the requirements listed above.
As an Equal Opportunity Employer, our applicants and employees are protected from discrimination. Visit http://bit.ly/FederalEEO for more information.
This contractor and subcontractor shall abide by the requirements of 41 CFR 60-300.5(a) and 60-741.5(a). These regulations prohibit discrimination against qualified individuals on the basis of protected veteran status or disability, and require affirmative action by covered prime contractors and subcontractors to employ and advance in employment qualified protected veterans and individuals with disabilities.
We respectfully request not to be contacted by recruiters and/or staffing agencies.
ATSG (http://atsgcorp.com) delivers cutting edge technical solutions to federal and commercial clients through strategic partnerships, product development, and system integration services. ATSG specializes in working with our clients to maintain the readiness of current systems while transitioning to more advanced and cost-effective technologies.
Wed, 15 Mar 2017 08:33:25 PDT