DoD Contracting Opportunities

baghdaddy19

There are A LOT of posts on infor sec related subreddits, forums similar to infosecinstitute, etc.  that inquire about how to enter into information security as a career. The typical response is basically to get a entry level IT job and work your way up, at the same time get some security certs, get your bachelors (maybe), do ctfs, and practice, practice, practice. Not bad advice in my opinion, especially for a beginner.

But a lot of the times i see almost an equal number of posts from people with many years of experience in IT who are now looking to enter cyber security but are having a difficult time getting past the interview phase. These people have the education, the certs, and years of experience in IT but still find it difficult to enter the industry. And the typical response to these posts seeking advice is to "look for DoD contracting jobs". They do not go into much detail about how or where to apply or even look for these DoD contracting opportunities. And i have yet to find a post giving advice on how to find and get DoD contract jobs anywhere.
 
To that end, can anyone with experience in these roles provide assistance in where to find these DoD contracting jobs?
Where to look (USAJOBS (?), private contractors like Lockheed Martin (?), etc.) ?
Things to know about as a cyber security professional in the government workspace (NIST (?), DFARS (?), RMF (?), security clearance (?), etc.) ?

Honestly any guidance would help.

LordQarlyn

The contractor companies' websites would be a good source, that can get tedious looking at all the many different contracting companies out there. USAJobs is a good site though I believe that is for civil servant jobs - not bad or anything but if you're looking for contractor jobs that's just not the place.

Clearancejobs.com is a website for jobs requiring security clearances, contracting companies post jobs there, and in addition to the usual criteria, you can specifically search for jobs based on required clearance level.

DEjobs.org is a job aggregate website pulls jobs directly from company websites. This includes jobs from contracting companies. You can't search by clearance level (though if a clearance is required it's listed in the job description) and sometimes you get irrelevant job hits when you search by job titles. You can search by city and state, and even international jobs. When you apply you go directly to the company's website to complete the application.

Of course there are the usual career websites (indeed, glassdoor, monster, etc).

These are the ones I am familiar with. There are probably other sources, and hopefully others will share them here.

mikey88

Security+ at a minimum but MCSA wouldn't hurt as well. Afterwards go apply. Vectrus probably the easiest to get into.

baghdaddy19

LordQarlyn said:

The contractor companies' websites would be a good source, that can get tedious looking at all the many different contracting companies out there. USAJobs is a good site though I believe that is for civil servant jobs - not bad or anything but if you're looking for contractor jobs that's just not the place.

Clearancejobs.com is a website for jobs requiring security clearances, contracting companies post jobs there, and in addition to the usual criteria, you can specifically search for jobs based on required clearance level.

DEjobs.org is a job aggregate website pulls jobs directly from company websites. This includes jobs from contracting companies. You can't search by clearance level (though if a clearance is required it's listed in the job description) and sometimes you get irrelevant job hits when you search by job titles. You can search by city and state, and even international jobs. When you apply you go directly to the company's website to complete the application.

Of course there are the usual career websites (indeed, glassdoor, monster, etc).

These are the ones I am familiar with. There are probably other sources, and hopefully others will share them here.

thanks man! i was looking for a simple answer like this. Do you have any experience with working at a DoD contractor?

baghdaddy19

mikey88 said:

Security+ at a minimum but MCSA wouldn't hurt as well. Afterwards go apply. Vectrus probably the easiest to get into.

Right, I knew a Sec+ is neccasy at the very minimum. Would you suggest a MCSA Server cert?
I saw the Vectrus DE page and i think you may be right. Thanks man, this is golden advice!

LordQarlyn

baghdaddy19 said:

thanks man! i was looking for a simple answer like this. Do you have any experience with working at a DoD contractor?

Happy to help. Yep, since 1996, though those jobs were telecommunication jobs and not IT. After quite a few years in the private sector, again in telecom jobs, I got into IT in 2009 on DoD contracts because that was my easiest option. And actually that was more of a mixed IT/telecoms. Been in IT since then, all DoD contracting except my current job which is DoS, in Baghdad, BTW. I agree Vectrus is an excellent company to get your foot in the door. While they may not pay the most, they are willing to sponsor clearances and take on people new to IT. And there you have a chance to learn and gain full on IT experience, whether you pursue systems admin, network admin, enterprise solutions, and so on. I personally know two people who worked on Vectrus contracts for years, and gained enough experience and expertise that one went to work for Amazon Japan, and the other got an infosec job with Google.
Which certs you choose to get depends on which path you pursue. Microsoft path for system admin, or Cisco path for network. For system admin jobs I have seen job descriptions where Redhat certs were accepted too.

roninkai

To get to the top of the list for DoD gigs, the following will make you stand out, top of the list:

• Clearance (Secret or TS)
• BS or MS with IT focus
• Prior Military Service
• DoD 8140 Certification (Security+ at min)
• Knowledge of RMF (800-37) and Security Controls (800-53v4), CNSS
• Working knowledge of STIGs, SCAP, POAM, and writing Risk Mitigations
• Using tools such as ASAS, HBSS, Wireshark
• OS skills/certs in Windows 10/RHEL 7/ESX
• Softskills (be able to write an email to upper management without sounding like a total jackass, seen it too many times)

I say all this because I've been working DoD since I was 19, and now I'm 40. 

If you want to contract, try to determine who the customer is (ie: Navy/Airforce, etc), and work backwards. Try to also know something about the program or project, at least so you can speak to it at an interview. They like domain experience if you have it.

roninkai

Also, to find the gigs, you might reach out to your network (LinkedIN) if you have it. I have friends who contract, who often have a nice rolodex of companies they can tell me about, that you'll never find on the job boards. The larger companies like HP, Microsoft will sometimes contract out work to the small business veteran owned companies since those guys often act as body shops for people with the creds I mentioned above. You can talk to the recruiters of the larger companies working with the DoD and ask if any of their open positions are contract eligible.

baghdaddy19

Thanks for the advice everyone. This has helped tremendously!

Z0sickx

roninkai said:

To get to the top of the list for DoD gigs, the following will make you stand out, top of the list:

• Clearance (Secret or TS)
• BS or MS with IT focus
• Prior Military Service
• DoD 8140 Certification (Security+ at min)
• Knowledge of RMF (800-37) and Security Controls (800-53v4), CNSS
• Working knowledge of STIGs, SCAP, POAM, and writing Risk Mitigations
• Using tools such as ASAS, HBSS, Wireshark
• OS skills/certs in Windows 10/RHEL 7/ESX
• Softskills (be able to write an email to upper management without sounding like a total jackass, seen it too many times)

I say all this because I've been working DoD since I was 19, and now I'm 40. 

If you want to contract, try to determine who the customer is (ie: Navy/Airforce, etc), and work backwards. Try to also know something about the program or project, at least so you can speak to it at an interview. They like domain experience if you have it.

this is a good summary, to get past the HR machines with these contractors you need Sec+ a minimum but ideally you have your CISSP(or CASP) + CEH and that well cover your IAM/IAT/CND role qualification for most contracts. 

as far as tools go ACAS is the gold standard for now... you'll be quite valuable if you know how to Engineer/architect ACAS into the environment/maintain it, analyst are dime and dozen. HBSS though a specialized skill as well...i wouldn't invest any time trying to learn or get into that in the DoD world