INFORMATION FOR ALL ORDERING ACTIVITIES - GSA …



AUTHORIZED MULTIPLE AWARD SCHEDULE PRICELISTGENERAL PURPOSE COMMERCIAL INFORMATION TECHNOLOGY EQUIPMENT, SOFTWARE AND SERVICESTechnical and Management Resources, Inc.10511 Braddock Rd., Ste BFairfax, VA 22032Tel: 703-323-1700Fax: 703-323-4953Email: Contracts@Contract Number: 47QTCA19D0092Price List current through Modification PO-0001, dated March 29, 2019Period Covered by Contract: March 29, 2019 through March 28, 2024General Services AdministrationFederal Supply ServiceProducts and ordering information in this Authorized FSS Multiple Award Schedule Pricelist are also available on the GSA Advantage! System. Agencies can browse GSA Advantage! by accessing the Federal Supply Service’s Home Page via the Internet at FOR ALL ORDERING ACTIVITIES1a. Table of awarded Special Item Numbers:SINs 54151HACS, 54151S, ANCILLARY, OLM1b. Identification of the lowest priced model number and lowest unit price for that model for each special item number awarded in the contract. See Attached Pricelist1c. If the Contractor is proposing hourly rates, a description of all corresponding commercial job titles, experience, functional responsibility and education for those types of employees or subcontractors who will perform services shall be provided: See Attached Pricelist2. Maximum order: SIN 54151S: $500,000.00 SIN 54151HACS: $500,000.00 SIN OLM: $100,000SIN ANCILLARY: $250,0003. Minimum order: $100.004. Geographic coverage: The Geographic Scope of the Contract will be domestic (50 states, D.C., Puerto Rico).5. Points of production: N/A6. Discount from list prices or statement of net price: All pricing represents net prices, discount deducted. 7. Quantity discounts, single shipment to single location: None8. Prompt payment terms: Net 309a. The Government purchase cards are accepted at and below the micro-purchase threshold.9b. The Government purchase cards are accepted above the micro-purchase threshold.10. Foreign items: N/A11b. Expedited Delivery: As negotiated on the task order level11c. Overnight and 2-day delivery: As negotiated on the task order level11d. Urgent Requirements: As negotiated on the task order level12. F.O.B. point: Destination 13a. Ordering address: Same as contractor13b. Ordering procedures: For supplies and services, the ordering procedures, information on Blanket Purchase Agreements (BPA’s) are found in Federal Acquisition Regulation (FAR) 8.405-3.14. Payment address: Same as contractor15. Warranty provision: Standard Commercial Warranty 16. Export packing charges: N/A17. Terms and conditions of Government purchase card acceptance: None18. Terms and conditions of rental, maintenance, and repair: N/A19. Terms and conditions of installation: N/A20. Terms and conditions of repair parts indicating date of parts price lists and any discounts from list prices: N/A20a. Terms and conditions for any other services: N/A21. List of service and distribution points: N/A22. List of participating dealers: N/A23. Preventive maintenance: N/A24a. Special attributes such as environmental attributes: N/A24b. If applicable, indicate that Section 508 compliance information is available on Electronic and Information Technology (EIT) supplies and services and show where full details can be found (e.g. contractor’s website or other location.) The EIT standards can be found at: 25. Data Universal Number System (DUNS) number: 04131651926. Technical and Management Resources, Inc. is registered in the System for Award Management (SAM) database. Cage Code: 1RC96TERMS AND CONDITIONS APPLICABLE TO INFORMATION TECHNOLOGY (IT) PROFESSIONAL SERVICES (SPECIAL ITEM NUMBER 54151S & ANCILLARY)Note 1: All non-professional labor categories must be incidental to and used solely to support hardware, software and, or professional services, and cannot be purchased separately.Note 2: Offerors and Agencies are advised that the Multiple Award Schedule is not to be used as a means to procure services which properly fall under the Brooks Act. These services include, but are not limited to, architectural, engineering, mapping, cartographic production, remote sensing, geographic information systems, and related services. FAR36.6 distinguishes between mapping services of an A/E nature and mapping services which are not connected nor incidental to the traditionally accepted A/E Services.1.SCOPEa.The prices, terms and conditions stated under Special Item Number 54151S & ANCILLARY Information Technology Professional Services apply exclusively to IT Services within the scope of this Information Technology Schedule.b.The Contractor shall provide services at the Contractor’s facility and/or at the ordering activity location, as agreed to by the Contractor and the ordering activity.2.PERFORMANCE INCENTIVESa.Performance incentives may be agreed upon between the Contractor and the ordering activity on individual fixed price orders or Blanket Purchase Agreements under this contract in accordance with this clause.b.The ordering activity must establish a maximum performance incentive price for these services and/or total solutions on individual orders or Blanket Purchase Agreements.c.Incentives should be designed to relate results achieved by the contractor to specified targets. To the maximum extent practicable, ordering activities shall consider establishing incentives where performance is critical to the ordering activity’s mission and incentives are likely to motivate the contractor. Incentives shall be based on objectively measurable tasks.3.ORDERa.Agencies may use written orders, EDI orders, blanket purchase agreements, individual purchase orders, or task orders for ordering services under this contract. Blanket Purchase Agreements shall not extend beyond the end of the contract period; all services and delivery shall be made and the contract terms and conditions shall continue in effect until the completion of the order. Orders for tasks which extend beyond the fiscal year for which funds are available shall include FAR 52.232-19 (Deviation – May 2003) Availability of Funds for the Next Fiscal Year. The purchase order shall specify the availability of funds and the period for which funds are available.b.All task orders are subject to the terms and conditions of the contract. In the event of conflict between a task order and the contract, the contract will take precedence.4.PERFORMANCE OF SERVICESa.The Contractor shall commence performance of services on the date agreed to by the Contractor and the ordering activity. b.The Contractor agrees to render services only during normal working hours, unless otherwise agreed to by the Contractor and the ordering activity. c.The ordering activity should include the criteria for satisfactory completion for each task in the Statement of Work or Delivery Order. Services shall be completed in a good and workmanlike manner.d.Any Contractor travel required in the performance of IT/EC Services must comply with the Federal Travel Regulation or Joint Travel Regulations, as applicable, in effect on the date(s) the travel is performed. Established Federal Government per diem rates will apply to all Contractor travel. Contractors cannot use GSA city pair contracts.5.STOP-WORK ORDER (FAR 52.242-15) (AUG 1989)a.The Contracting Officer may, at any time, by written order to the Contractor, require the Contractor to stop all, or any part, of the work called for by this contract for a period of 90 days after the order is delivered to the Contractor, and for any further period to which the parties may agree. The order shall be specifically identified as a stop-work order issued under this clause. Upon receipt of the order, the Contractor shall immediately comply with its terms and take all reasonable steps to minimize the incurrence of costs allocable to the work covered by the order during the period of work stoppage. Within a period of 90?days after a stop-work is delivered to the Contractor, or within any extension of that period to which the parties shall have agreed, the Contracting Officer shall either- (1)Cancel the stop-work order; or (2)Terminate the work covered by the order as provided in the Default, or the Termination for Convenience of the Government, clause of this contract. b.If a stop-work order issued under this clause is canceled or the period of the order or any extension thereof expires, the Contractor shall resume work. The Contracting Officer shall make an equitable adjustment in the delivery schedule or contract price, or both, and the contract shall be modified, in writing, accordingly, if- (1)The stop-work order results in an increase in the time required for, or in the Contractor's cost properly allocable to, the performance of any part of this contract; and (2) The Contractor asserts its right to the adjustment within 30 days after the end of the period of work stoppage; provided, that, if the Contracting Officer decides the facts justify the action, the Contracting Officer may receive and act upon the claim submitted at any time before final payment under this contract. c.If a stop-work order is not canceled and the work covered by the order is terminated for the convenience of the Government, the Contracting Officer shall allow reasonable costs resulting from the stop-work order in arriving at the termination settlement. d. If a stop-work order is not canceled and the work covered by the order is terminated for default, the Contracting Officer shall allow, by equitable adjustment or otherwise, reasonable costs resulting from the stop-work order. 6.INSPECTION OF SERVICESThe Inspection of Services–Fixed Price (AUG 1996) (Deviation – May 2003) clause at FAR 52.246-4 applies to firm-fixed price orders placed under this contract. The Inspection–TimeandMaterials and Labor-Hour (JAN 1986) (Deviation – May 2003) clause at FAR 52.246-6 applies to timeandmaterials and laborhour orders placed under this contract. 7.RESPONSIBILITIES OF THE CONTRACTORThe Contractor shall comply with all laws, ordinances, and regulations (Federal, State, City, or otherwise) covering work of this character. If the end product of a task order is software, then FAR 52.227-14 (Deviation – May 2003) Rights in Data – General, may apply.8.RESPONSIBILITIES OF THE ORDERING ACTIVITYSubject to security regulations, the ordering activity shall permit Contractor access to all facilities necessary to perform the requisite IT/EC Services.9.INDEPENDENT CONTRACTORAll IT Services performed by the Contractor under the terms of this contract shall be as an independent Contractor, and not as an agent or employee of the ordering activity.ANIZATIONAL CONFLICTS OF INTERESTa.Definitions.“Contractor” means the person, firm, unincorporated association, joint venture, partnership, or corporation that is a party to this contract.“Contractor and its affiliates” and “Contractor or its affiliates” refers to the Contractor, its chief executives, directors, officers, subsidiaries, affiliates, subcontractors at any tier, and consultants and any joint venture involving the Contractor, any entity into or with which the Contractor subsequently merges or affiliates, or any other successor or assignee of the Contractor.An “Organizational conflict of interest” exists when the nature of the work to be performed under a proposed ordering activity contract, without some restriction on ordering activities by the Contractor and its affiliates, may either (i) result in an unfair competitive advantage to the Contractor or its affiliates or (ii) impair the Contractor’s or its affiliates’ objectivity in performing contract work.b.To avoid an organizational or financial conflict of interest and to avoid prejudicing the best interests of the ordering activity, ordering activities may place restrictions on the Contractors, its affiliates, chief executives, directors, subsidiaries and subcontractors at any tier when placing orders against schedule contracts. Such restrictions shall be consistent with FAR 9.505 and shall be designed to avoid, neutralize, or mitigate organizational conflicts of interest that might otherwise exist in situations related to individual orders placed against the schedule contract. Examples of situations, which may require restrictions, are provided at FAR 9.508.11.INVOICESThe Contractor, upon completion of the work ordered, shall submit invoices for IT services. Progress payments may be authorized by the ordering activity on individual orders if appropriate. Progress payments shall be based upon completion of defined milestones or interim products. Invoices shall be submitted monthly for recurring services performed during the preceding month. 12.PAYMENTS For firm-fixed price orders the ordering activity shall pay the Contractor, upon submission of proper invoices or vouchers, the prices stipulated in this contract for service rendered and accepted. Progress payments shall be made only when authorized by the order. For timeandmaterials orders, the Payments under TimeandMaterials and LaborHour Contracts at FAR 52.232-7 (DEC 2002), (Alternate II – Feb 2002) (Deviation – May 2003) applies to timeandmaterials orders placed under this contract. For laborhour orders, the Payment under TimeandMaterials and LaborHour Contracts at FAR 52.232-7 (DEC 2002), (Alternate II – Feb 2002) (Deviation – May 2003)) applies to laborhour orders placed under this contract. 52.216-31(Feb 2007)??Time-and-Materials/Labor-Hour Proposal Requirements—Commercial Item Acquisition. As prescribed in 16.601(e)(3), insert the following provision: a. The Government contemplates award of a Time-and-Materials or Labor-Hour type of contract resulting from this solicitation. b. The offeror must specify fixed hourly rates in its offer that include wages, overhead, general and administrative expenses, and profit. The offeror must specify whether the fixed hourly rate for each labor category applies to labor performed by— (1) The offeror; (2) Subcontractors; and/or (3) Divisions, subsidiaries, or affiliates of the offeror under a common control. 13.RESUMESResumes shall be provided to the GSA Contracting Officer or the user ordering activity upon request.14.INCIDENTAL SUPPORT COSTSIncidental support costs are available outside the scope of this contract. The costs will be negotiated separately with the ordering activity in accordance with the guidelines set forth in the FAR.15.APPROVAL OF SUBCONTRACTSThe ordering activity may require that the Contractor receive, from the ordering activity's Contracting Officer, written consent before placing any subcontract for furnishing any of the work called for in a task order.16.DESCRIPTION OF IT SERVICES AND PRICING a.The Contractor shall provide a description of each type of IT Service offered under Special Item Numbers 54151S. IT Services should be presented in the same manner as the Contractor sells to its commercial and other ordering activity customers. If the Contractor is proposing hourly rates, a description of all corresponding commercial job titles (labor categories) for those individuals who will perform the service should be provided.b.Pricing for all IT Services shall be in accordance with the Contractor’s customary commercial practices; e.g., hourly rates, monthly rates, term rates, and/or fixed prices. The following is an example of the manner in which the description of a commercial job title should be presented: EXAMPLE: Commercial Job Title: System EngineerMinimum/General Experience: Three (3) years of technical experience which applies to systems analysis and design techniques for complex computer systems. Requires competence in all phases of systems analysis techniques, concepts and methods; also requires knowledge of available hardware, system software, input/output devices, structure and management practices.Functional Responsibility: Guides users in formulating requirements, advises alternative approaches, conducts feasibility studies.Minimum Education: Bachelor’s Degree in Computer ScienceTERMS AND CONDITIONS APPLICABLE TO HIGHLY ADAPTIVE CYBERSECURITY SERVICES (HACS) (SPECIAL ITEM NUMBER 54151HACS)Vendor suitability for offering services through the Highly Adaptive Cybersecurity Services (HACS) SINs must be in accordance with the following laws and standards when applicable to the specific task orders, including but not limited to:●Federal Acquisition Regulation (FAR) Part 52.204-21●OMB Memorandum M-06-19 - Reporting Incidents Involving Personally Identifiable Information and Incorporating the Cost for Security in Agency Information Technology Investments●OMB Memorandum M -07-16 - Safeguarding Against and Responding to the Breach of Personally Identifiable Information●OMB Memorandum M-16-03 - Fiscal Year 2015-2016 Guidance on Federal Information Security and Privacy Management Requirements●OMB Memorandum M-16-04 – Cybersecurity Implementation Plan (CSIP) for Federal CivilianGovernment●The Cybersecurity National Action Plan (CNAP)●NIST SP 800-14 - Generally Accepted Principles and Practices for Securing Information Technology Systems●NIST SP 800-27A - Engineering Principles for Information Technology Security (A Baseline for Achieving Security)●NIST SP 800-30 - Guide for Conducting Risk Assessments●NIST SP 800-35 - Guide to Information Technology Security Services●NIST SP 800-37 - Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach●NIST SP 800-39 - Managing Information Security Risk: Organization, Mission, and Information System View●NIST SP 800-44 - Guidelines on Securing Public Web Servers●NIST SP 800-48 - Guide to Securing Legacy IEEE 802.11 Wireless Networks●NIST SP 800-53 – Security and Privacy Controls for Federal Information Systems and Organizations●NIST SP 800-61 - Computer Security Incident Handling Guide●NIST SP 800-64 - Security Considerations in the System Development Life Cycle●NIST SP 800-82 - Guide to Industrial Control Systems (ICS) Security●NIST SP 800-86 - Guide to Integrating Forensic Techniques into Incident Response●NIST SP 800-115 - Technical Guide to Information Security Testing and Assessment●NIST SP 800-128 - Guide for Security-Focused Configuration Management of Information Systems●NIST SP 800-137 - Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations●NIST SP 800-153 - Guidelines for Securing Wireless Local Area Networks (WLANs)●NIST SP 800-171 - Protecting Controlled Unclassified Information in non-federal Information Systems and Organizations1.SCOPEThe labor categories, prices, terms and conditions stated under Special Item Numbers 54151HACS High Adaptive Cybersecurity Services apply exclusively to High Adaptive Cybersecurity Services within the scope of this Information Technology Schedule.Services under these SINs are limited to Highly Adaptive Cybersecurity Services only. Software and hardware products are under different Special Item Numbers on IT Schedule 70 (e.g. 132-32, 132-33, 132-8), and may be quoted along with services to provide a total solution.These SINs provide ordering activities with access to Highly Adaptive Cybersecurity services only.Highly Adaptive Cybersecurity Services provided under these SINs shall comply with all Cybersecurity certifications and industry standards as applicable pertaining to the type of services as specified by ordering agency.Scope: 54151HACS Highly Adaptive Cybersecurity Services (HACS) - SUBJECT TO COOPERATIVE PURCHASING - includes proactive and reactive cybersecurity services that improve the customer’s enterprise-level security posture. The scope of this category encompasses a wide range of fields that include, but are not limited to, Risk Management Framework (RMF) services, information assurance (IA), virus detection, network management, situational awareness and incident response, secure web hosting, and backup and security services. The seven-step RMF includes preparation, information security categorization; control selection, implementation, and assessment; system and common control authorizations; and continuous monitoring. RMF activities may also include Information Security Continuous Monitoring Assessment (ISCMA) which evaluate organization-wide ISCM implementations, and also Federal Incident Response Evaluations (FIREs), which assess an organization’s incident management functions. The scope of this category also includes Security Operations Center (SOC) services. The SOC scope includes services such as: 24x7x365 monitoring and analysis, traffic analysis, incident response and coordination, penetration testing, anti-virus management, intrusion detection and prevention, and information sharing. HACS vendors are able to identify and protect a customer’s information resources, detect and respond to cybersecurity events or incidents, and recover capabilities or services impaired by any incidents that emerge. Sub-Categories - (not all vendors have been placed within the following subcategories. To view a complete list of vendors, click on the SIN)High Value Asset (HVA) Assessments include Risk and Vulnerability Assessment (RVA) which assesses threats and vulnerabilities, determines deviations from acceptable configurations, enterprise or local policy, assesses the level of risk, and develops and/or recommends appropriate mitigation countermeasures in operational and non-operational situations. The services offered in the RVA subcategory include Network Mapping, Vulnerability Scanning, Phishing Assessment, Wireless Assessment, Web Application Assessment, Operating System Security Assessment (OSSA), Database Assessment, and Penetration Testing. Security Architecture Review (SAR) evaluates a subset of the agency’s HVA security posture to determine whether the agency has properly architected its cybersecurity solutions and ensures that agency leadership fully understands the risks inherent in the implemented cybersecurity solution. The SAR process utilizes in-person interviews, documentation reviews, and leading practice evaluations of the HVA environment and supporting systems. SAR provides a holistic analysis of how an HVA’s individual security components integrate and operate, including how data is protected during operations. Systems Security Engineering (SSE) identifies security vulnerabilities and minimizes or contains risks associated with these vulnerabilities spanning the Systems Development Life Cycle. SSE focuses on but is not limited to the following security areas: perimeter security, network security, endpoint security, application security, physical security, and data security.Risk and Vulnerability Assessment (RVA) assesses threats and vulnerabilities, determines deviations from acceptable configurations, enterprise or local policy, assesses the level of risk, and develops and/or recommends appropriate mitigation countermeasures in operational and non-operational situations. The services offered in the RVA sub-category include Network Mapping, Vulnerability Scanning, Phishing Assessment, Wireless Assessment, Web Application Assessment, Operating System Security Assessment (OSSA), Database Assessment, and Penetration Testing. Cyber Hunt activities respond to crises or urgent situations within the pertinent domain to mitigate immediate and potential threats. Cyber Hunts start with the premise that threat actors known to target some organizations in a specific industry or with specific systems are likely to also target other organizations in the same industry or with the same systems.Incident Response services help organizations impacted by a cybersecurity compromise determine the extent of the incident, remove the adversary from their systems, and restore their networks to a more secure state. Penetration Testing is security testing in which assessors mimic real-world attacks to identify methods for circumventing the security features of an application, system, or network. f. The Contractor shall provide services at the Contractor’s facility and/or at the ordering activity location, as agreed to by the Contractor and the ordering activityThe Contractor shall provide services at the Contractor’s facility and/or at the ordering activity location, as agreed to by the Contractor and the ordering activity 2. ORDERAgencies may use written orders, Electronic Data Interchange (EDI) orders, Blanket Purchase Agreements, individual purchase orders, or task orders for ordering services under this contract. Blanket Purchase Agreements shall not extend beyond the end of the contract period; all services and delivery shall be made and the contract terms and conditions shall continue in effect until the completion of the order. Orders for tasks which extend beyond the fiscal year for which funds are available shall include FAR 52.232-19 (Deviation – May 2003) Availability of Funds for the Next Fiscal Year. The purchase order shall specify the availability of funds and the period for which funds are available.All task orders are subject to the terms and conditions of the contract. In the event of conflict between a task order and the contract, the contract will take precedence.3. PERFORMANCE OF SERVICESThe Contractor shall commence performance of services on the date agreed to by the Contractor and the ordering activity. All Contracts will be fully funded.The Contractor agrees to render services during normal working hours, unless otherwise agreed to by the Contractor and the ordering activity.The ordering activity should include the criteria for satisfactory completion for each task in the Statement of Work or Delivery Order. Services shall be completed in a good and workmanlike manner.Any Contractor travel required in the performance of Highly Adaptive Cybersecurity Services must comply with the Federal Travel Regulation or Joint Travel Regulations, as applicable, in effect on the date(s) the travel is performed. Established Federal Government per diem rates will apply to all Contractor travel. Contractors cannot use GSA city pair contracts. All travel will be agreed upon with the client prior to the Contractor’s travel.4. INSPECTION OF SERVICESInspection of services is in accordance with 552.212-4 - CONTRACT TERMS AND CONDITIONS – COMMERCIAL ITEMS (Jan 2017) & (ALTERNATE I-Jan 2017) for Time-and-Materials and Labor-Hour orders placed under this contract.5. RESPONSIBILITIES OF THE CONTRACTORThe Contractor shall comply with all laws, ordinances, and regulations (Federal, State, City, or otherwise)covering work of this character. If the end product of a task order is software, then FAR 52.227-14 (MAY 2014) Rights in Data – General, may apply.The Contractor shall comply with contract clause (52.204-21) to the Federal Acquisition Regulation (FAR) for the basic safeguarding of contractor information systems that process, store, or transmit Federal data received by the contract in performance of the contract. This includes contract documents and all information generated in the performance of the contract.6. RESPONSIBILITIES OF THE ORDERING ACTIVITYSubject to the ordering activity’s security regulations, the ordering activity shall permit Contractor access to all facilities necessary to perform the requisite Highly Adaptive Cybersecurity Services.7. INDEPENDENT CONTRACTORAll Highly Adaptive Cybersecurity Services performed by the Contractor under the terms of this contract shall be as an independent Contractor, and not as an agent or employee of the ordering activity.8. ORGANIZATIONAL CONFLICTS OF INTERESTDefinitions.“Contractor” means the person, firm, unincorporated association, joint venture, partnership, or corporation that is a party to this contract. “Contractor and its affiliates” and “Contractor or its affiliates” refers to the Contractor, its chief executives, directors, officers, subsidiaries, affiliates, subcontractors at any tier, and consultants and any joint venture involving the Contractor, any entity into or with which the Contractor subsequently merges or affiliates, or any other successor or assignee of the Contractor. An “Organizational conflict of interest” exists when the nature of the work to be performed under a proposed ordering activity contract, without some restriction on ordering activities by the Contractor and its affiliates, may either (i) result in an unfair competitive advantage to the Contractor or its affiliates or (ii) impair the Contractor’s or its affiliates’ objectivity in performing contract work.To avoid an organizational or financial conflict of interest and to avoid prejudicing the best interests of the ordering activity, ordering activities may place restrictions on the Contractors, its affiliates, chief executives, directors, subsidiaries and subcontractors at any tier when placing orders against schedule contracts. Such restrictions shall be consistent with FAR 9.505 and shall be designed to avoid, neutralize, or mitigate organizational conflicts of interest that might otherwise exist in situations related to individual orders placed against the schedule contract. Examples of situations, which may require restrictions, are provided at FAR 9.508.9. INVOICESThe Contractor, upon completion of the work ordered, shall submit invoices for Highly Adaptive Cybersecurity Services. Progress payments may be authorized by the ordering activity on individual orders if appropriate. Progress payments shall be based upon completion of defined milestones or interim products. Invoices shall be submitted monthly for recurring services performed during the preceding month.10. RESUMESResumes shall be provided to the GSA Contracting Officer or the user ordering activity upon request.11. APPROVAL OF SUBCONTRACTSThe ordering activity may require that the Contractor receive, from the ordering activity's Contracting Officer, written consent before placing any subcontract for furnishing any of the work called for in a task order.12. DESCRIPTION OF HIGHLY ADAPTIVE CYBERSECURITY SERVICES AND PRICINGThe Contractor shall provide a description of each type of Highly Adaptive Cybersecurity Service offered under Special Item Number 54151HACS for Highly Adaptive Cybersecurity Services and it should be presented in the same manner as the Contractor sells to its commercial and other ordering activity customers. If the Contractor is proposing hourly rates, a description of all corresponding commercial job titles (labor categories) for those individuals who will perform the service should be provided.Pricing for all Highly Adaptive Cybersecurity Services shall be in accordance with the Contractor’s customary commercial practices; e.g., hourly rates, minimum general experience and minimum education.Labor Category DescriptionsJob Title: Cybersecurity Accreditation and Certification AnalystFunction Responsibility: Serves as a Cybersecurity Subject Matter Expert (SME) with regards to Risk Management of information systems and all associated cybersecurity policies and procedures. Fully versed in the general tenets supporting the overall implementation of incident management and re incident management and response processes, to include supporting cybersecurity policy, procedures and processes. Performs cybersecurity process while serving as a SME for an information system. Must possess an understanding of how security controls identified in the NIST 800-53 apply to the process of assessing and authorizing a large organization’s IT infrastructure, and AIS applications and outsourced IT processes. Reviews audit trail logs and scans. Ensures systems maintenance by providing weekly Vulnerability Remediation Asset management (VRAM) compliance reports. Familiar with performing automated security scans with the following tools: assured compliance assessment solutions, center for internet security benchmarks, security content automation protocol, and retina. Accurately analyze and document scan results and familiarity with following framework: DIACAO, DCID 6/3, ICD 503, NIST. Knowledgeable about IC tools, systems and reporting mechanisms. Knowledgeable of DoD, IC and National Level system security initiative and LAN/WAN technologies. Ability to Identify and classify attack vectors, malware, IDS/IPS rule writing development. Working knowledge of MS Office Suite. Must possess one of the following certifications: CISSP, CAP, GIAC, GSLC, CISM or Security +.Minimum Education: Bachelor’s DegreeMinimum/General Experience: Minimum of four (4) years of experience performing C&A responsibilities including acting as a POC for matters of cybersecurityJob Title: Cybersecurity Auditor – IntermediateFunction Responsibility: Performs incident response and complex security analysis of classified and unclassified applications, systems and enclaves for compliance with security requirements. Performs Command Cyber Readiness Inspections and cybersecurity vulnerability evaluations. Uses a variety of security techniques, technologies, and tools to evaluate security posture in highly complex computer systems and networks. Probes the safety and effectiveness of computer systems and their related security components. After conducting a security audit, issues a detailed report that outlines the effectiveness of the system, explains any security issues and suggests changes and improvements. Plan, execute, and lead security audits across an organization. Inspect and evaluate financial and information systems, management procedures and security controls. Evaluate the efficiency, effectiveness and compliance of operation processes with corporate security policies and related government regulations. Develop and administer risk-focused exams for IT systems. Review or interview personnel to establish security risks and complications. Execute and properly document the audit process on a variety of computing environments and computer applications. Assess the exposures resulting from ineffective or missing control practices. Accurately interpret audit results against defined criteria and weigh the relevancy, accuracy and perspective of conclusions against audit evidence. Provide a written and verbal report of audit findings. Develops rigorous “best practice” recommendations to improve security on all levels and works with management to ensure security recommendations comply with companyMinimum Education: Bachelor's degree in Information Technology, Computer Science or an applicable technical field.Minimum/General Experience: Minimum three (3) years of experience in ITJob Title: Cybersecurity Auditor – SeniorFunction Responsibility: Senior SME. Leads a team of Cyber Security auditors as that team performs complex security analysis of classified and unclassified applications, systems and enclaves for compliance with security requirements. Performs Command Cyber Readiness Inspections and cybersecurity vulnerability evaluations. Uses a variety of security techniques, technologies, and tools to evaluate security posture in highly complex computer systems and networks. Probes the safety and effectiveness of computer systems and their related security components. After conducting a security audit, issues a detailed report that outlines the effectiveness of the system, explains any security issues and suggests changes and improvements. Plan, execute and lead security audits across an organization. Inspect and evaluate financial and information systems, management procedures and security controls. Evaluate the efficiency, effectiveness and compliance of operation processes with corporate security policies and related government regulations. Develop and administer risk-focused exams for IT systems. Review or interview personnel to establish security risks and complications. Execute and properly document the audit process on a variety of computing environments and computer applications. Assess the exposures resulting from ineffective or missing control practices. Accurately interpret audit results against defined criteria and weigh the relevancy, accuracy and perspective of conclusions against audit evidence. Provide a written and verbal report of audit findings. Develops rigorous “best practice” recommendations to improve security on all levels and works with management to ensure security recommendations comply with company procedure.Minimum Education: Bachelor's degree in Information Technology, Computer Science or an applicable technical field.Minimum/General Experience: Minimum of five (5) years of experience in ITJob Title: Cybersecurity Compliance AnalystFunction Responsibility: Evaluates, reviews, analyzes and recommends available products to support cyber security solutions. Performs a variety of Cybersecurity analysis tasks, independently, which are broad in nature and are concerned with the design, analysis and implementation, including personnel, hardware, software and support facilities and/or equipment. Perform security research, analysis, and design for the clients’ computing systems and network infrastructure. Facilitate security vulnerability assessments and support penetration tests. Work on security alerts, events, and security incidents, including forensics analysis. Contribute general consulting (risk analysis) and project support in the area of information security to IT infrastructure and projects as needed to support new business requirements. Participate in internal security audits and investigations. Manage and maintain a library of security audit tools and corresponding processes. Monitor trends in information technology and security. Research emerging technologies and maintain awareness of current security risks in support of security enhancement and development efforts. Monitor security systems for anomalies and respond to potential security events. Perform periodic policy compliance reviews, risk assessments, and control testing. Assist in the investigation of security incidents as required, and recommend corrective actions and process improvements. A deep knowledge of NIST and ISO standards as well as industry-specific regulatory requirements (e.g., financial, healthcare and manufacturing). Ability to research solutions where required.Minimum Education: Bachelor's degree in Information Technology, Computer Science or an applicable technical field.Minimum/General Experience: Three (3) years relevant experienceJob Title: Cybersecurity EngineerFunction Responsibility: Works on various network types of equipment and related devices from a security protection emphasis to include installing; troubleshooting; modifying; testing. Can independently build test network or system prototypes, performing equipment set-up, testing, and participating in test report writing. Has the ability to develop attack programs to verify security assurance and weakness capability. Gathers and organizes technical information about an organization's missions, goals, and requirements, existing security products, and ongoing programs in the IA arena. Performs command and control functions in response to incidents. Aids and helps transform Federal Government cybersecurity risk management through effective collaboration, operational governance and training. Provides meaningful metrics and assessments in support of agency decision making. Assist in the development of innovative approaches to drive change in cybersecurity risk management across the federal government to prevent or minimize disruptions to critical information infrastructure. Works as a team member and contributes to the assessment of current cybersecurity systems, policies, and processes to enforce standards and identify vulnerabilities and capability gaps, and to synthesize this data to reduce cybersecurity risk of customer networks. Analyzes user needs to determine functional requirements and define problems. Develop plans and requirements in the subject matter area for moderately complex to complex systems related to information systems architecture, networking; telecommunications, automation, communications protocols, risk management/electronic analysis, software, lifecycle management, software development methodologies, and modeling and simulation.Minimum Education: Bachelor's DegreeMinimum/General Experience: Three (3) years relevant experienceJob Title: Cybersecurity Subject Matter Expert Function Responsibility: Provide expert advice to senior leaders and stakeholders on the extent of an incident, impact analysis, recommends eradication strategies and plans to restore networks to a more secure state to resolve Cybersecurity related incidents. Ensures that all systems and data repositories maintain appropriate levels of confidentiality, security, and integrity. Works with cybersecurity specialists to provide expert consultation across a wide range of cross-functional areas of cyber security. Provides project planning, guidance and technical expertise in the following areas: cyber security engineering program, policy, process, and planning; risk management, auditing, and assessments; Assessment and Authorization (A&A) using the NIST Risk Management Framework (RMF) guidelines; and quality control. Leads and manages cyber security team in an operations and maintenance environment. Uses industry best practices in cyber security and security engineering related to vulnerability management, intrusion. Assist with development and maintain Operational Level Agreements (OLAs) and end-to- end Standard Operating Procedures (SOPs) to identify collaborative responsibilities and support process interaction with other Government and contractor IT groups. Advises system owners on all matters, technical and otherwise, involving the security of assigned IT systems. Perform continuous monitoring of security controls to ensure that they continue to be implemented correctly, operating as intended and producing the desired outcome with respect for meeting the cyber security requirements for assigned IT systems. Work with technical teams to mitigate security control deficiencies for assigned IT systems. Assess the cybersecurity impact of changes to assigned IT systems. Develop, update and maintain the System Security Plan (SSP) for assigned systems.Minimum Education: Master’s degree in a related discipline or equivalent experience in a discipline related to the nature of the contract work or in a business- related field.Minimum/General Experience: Six (6) years of demonstrated cybersecurity engineering experience; verifiable IAM Level III Certification (CISSP, CISM, or GSLC); ITIL v3Foundation Certification; and three (3) years of RMF experienceJob Title: Cybersecurity Technical WriterFunction Responsibility: Works in collaboration with the Incident Management and Cyber Risk Team and Federal Government clients to document cyber risk and threats. Conduct relevant research, data analysis, and create reports. Maintain responsibility for completion and accuracy of work products. Design and develop documentation of highly technical IT products and deployments. Serves as the lead author for risk management and security focused documents. Collaborates with infrastructure SMEs to define documentation requirements. Supports the development of cybersecurity presentation and policy guidance based on recommended eradication strategies and plans to restore networks to a more secure state. Knowledge of the Risk Management Framework (RMF) or NIST standards. Experience developing documents: IT Service Management (ITSM), IT Infrastructure Library (ITIL), or COBIT. Supports the development of cybersecurity presentation and policy guidance based on recommended eradication strategies and plans to restore networks to a more secure state.Minimum Education: Bachelor's degree in Information Technology, Computer Science or an applicable technical field.Minimum/General Experience: One (1) year of technical writing experienceJob Title: Data Control ClerkFunction Responsibility: Performs analysis, development, and review of program administrative operating procedures. Support tasks requiring the collecting, compiling, evaluating, and publishing of information and statistical data included in documents, records, forms, reports, plans, policies, and regulations. Also supports the technical, business, and administrative aspects of the program.Minimum Education: A high school diploma. College level study in Computer Science or a related field will be considered in place of general experience.Minimum/General Experience: Minimum of 2 years of experienceJob Title: DR/COOP SMEFunction Responsibility: Supports development, testing, and maintenance of Continuity of Support/IT Contingency, Cyber Incident Response, and Information Technology Disaster Recovery Plans, develops Contingency Planning Guides for IT Systems. Drafts contingency planning policy statements; conducts the business impact analysis (BIA); identifies preventive controls; develops recovery strategies; develops the IT Contingency Plan; conducts testing, training, and exercises of the plans; and updates plans as changes to the IT environment occur. Minimum Education: B.A. or B.S. degree.Minimum/General Experience: Must have 12 years of experience in the IT field. At least 10 years of combined new and related older technical experience in the IT field directly related to the required area of expertise. Top Secret Clearance, clearable up to Top Secret with Sensitive Compartmented Information TS/SCI.Job Title: Enterprise ArchitectFunction Responsibility: This Senior Level Architect will design, build and implement enterprise-class security solutions within a multi-tenant cloud environment to support federal agencies. This individual must be versatile and articulate with the ability to successfully convey Cyber Security risks and effectively position our solutions and delivery capabilities that address the cyber security challenges. Provides guidance on government architectures, lines of business, the Technical Reference Model (TRM) and threat intelligence specifically focused on incidents to identify attacks. Works with stakeholders to build a holistic view of the organization's strategy, processes, information, and IT assets. Ensures business and IT are in alignment and protected from cyber threats. Assesses and links the business mission, strategy, and processes of the organization to its IT strategy, including security, and documents this using multiple architectural models or views that show how the current and future needs of an organization will be met.Minimum Education: Bachelor’s degreeMinimum/General Experience: Three (3) years of experience defining and implementing enterprise architecture strategies. Extensive experience with enterprise architecture best practices and goals. Federated Enterprise Architecture Certification (FEAC) required.Job Title: Functional AnalystFunction Responsibility: Analyzes user needs to determine functional requirements, tasks and their interrelationships. Identifies resources required for each task, Identifies technical problems, and risk areas. Develops solutions and risk mitigation strategy. Prepares reports and presents interim and final task order results to all concerned. Document procedures and processes for improvement. Provides daily supervision and direction to staff. Minimum Education: A Bachelor’s degree in a related scientific or technical discipline.Minimum/General Experience: Over five (5) years’ experience as a consultant or manager in a specific functional area (such as strategic business and action planning, systems alignments, organization assessments, etc.).Job Title: Information Assurance (IA) Management AnalystFunction Responsibility: Responsible for responding to all information systems incidents to restore them to be functional and secure; recommends information security assurance/security solutions. Performs scanning analysis. Provides technical planning and systems engineering for NIST compliance. Serves as the primary customer engagement point of contact. Provides onsite/remote offsite services and support during hours of operations. Provides Technical Knowledge Transfer. Perform security updates. Develop/Review/Maintain artifacts and documentation. Documents and maintains system configurations. Instructs on security policies and procedures. Monitors network activity and ensures data is protected from unauthorized users. Identifies, reports and resolves security violations. Relies on knowledge and professional discretion to plan and achieve goals. Advises and assists Federal Government clients on incident response, security and privacy policy, trusted product assessment, enterprise security engineering, secure systems management, penetration and exploitation, insider threat analysis and protection, cyber situation awareness, attack sensing and warning, secure wireless networking and mobile computing, secure operating systems, secure workstations, secure data management, secure web technology, and secure protocols, authentication. Performs Incident Response analysis.Minimum Education: Bachelor's degree in Computer Science, Information Systems or related field.Minimum/General Experience: Three (3) years of experience.Job Title: Information Assurance (IA) Project EngineerFunction Responsibility: Provides Information Assurance, Cyber Security, and Systems Engineering support for critical processes and projects; Performs command and Control functions in response to incidents. Assesses and mitigates system security threats/risks throughout the program life cycle; validates system security requirements definition and analysis; establishes system security designs; implements security designs in hardware, software, data, and procedures; verifies security requirements; performs system certification and accreditation planning and testing and liaison activities and supports secure systems operations and maintenance. Responsible for safeguarding Government organization’s computer networks and systems by planning and carrying out security measures to monitor and protect sensitive data and systems from infiltration and cyber-attacks. Works in concert with a larger IT team. Developing Information Security plans and policies. Develops a set of security standards and best practices for the organization and recommends security enhancements to management as needed. Develops strategies to respond to and recover from a security breach. Information Assurance Security Engineers are also responsible for educating the workforce on information security through training and building awareness. Implement protections, installs and uses software, such as firewalls and data encryption programs, to protect organizations’ sensitive information, while also assisting computer users with installation or processing of new security products and procedures. Test for vulnerabilities; conducts periodic scans of networks to find any vulnerability; and conducts penetration testing. Monitor for security breaches. Constantly monitors networks and systems for security breaches or intrusions. Installs software to notify of intrusions and watches out for irregular system behavior. Investigate security breaches; if a breach occurs, leads incident response activities to minimize the impact. Leads a post-incident technical and forensic investigation into how the breach happened and the extent of the damage. Prepares reports of findings to be reported to management.Minimum Education: Bachelor's degree in Computer Science, Information Systems or related field.Minimum/General Experience: Four (4) years of experienceJob Title: Information Assurance Security EngineerFunction Responsibility: Provides guidance on IA artifacts in the area of Cybersecurity and tooling to include vulnerability testing and related network and system test tools; e.g., Retina, NMap, Nessus, STIG compliance checker, ACAS, Klocwork, WASSP, SECSCN, Security Content Automation Protocol (SCAP). Responsible for safeguarding Government organization’s computer networks and systems by planning and carrying out security measures to monitor and protect sensitive data and systems from infiltration and cyber-attacks. Works in concert with a larger IT team. Developing Information Security plans and policies. Develops a set of security standards and best practices for the organization and recommends security enhancements to management as needed. Develops strategies to respond to and recover from a security breach. Information Assurance Security Engineers are also responsible for educating the workforce on information security through training and building awareness. Implement protections, installs and uses software, such as firewalls and data encryption programs, to protect organizations’ sensitive information, while also assisting computer users with installation or processing of new security products and procedures. Test for vulnerabilities; conducts periodic scans of networks to find any vulnerability; and conducts penetration testing. Monitor for security breaches. Constantly monitors networks and systems for security breaches or intrusions. Installs software to notify of intrusions and watches out for irregular system behavior. Investigate security breaches; if a breach occurs, leads incident response activities to minimize the impact. Leads a post-incident technical and forensic investigation into how the breach happened and the extent of the damage. Prepares reports of findings to be reported to managementMinimum Education: Bachelor's degree in Computer Science or a similar fieldMinimum/General Experience: Two (2) years of experience in cyber technology or a related area, with appropriate cyber security certifications.Job Title: Intermediate Administrative SpecialistFunction Responsibility: Responsible for developing, drafting, writing and editing reports, briefs, proposals, and other documents in an IT professional environment. Interfaces with personnel to coordinate meetings, maintain logs, records and files, provides end-user support, and performs general administrative duties. Assists in budgetary, billing, and financial management. Responsible for preparing and/or maintaining systems, programming and operations documentation, procedures and methods, including user reference manualsMinimum Education: High School Diploma or equivalent. There is no experience substitution for a High School degree, however a G.E.D., other degree equivalency program, or a technical trade school certificate is acceptable. With a bachelor’s degree no experience is required.Minimum/General Experience: Two years related work experience.Job Title: Intermediate Communication EngineerFunction Responsibility: Performs systems engineering planning; performance management; capacity planning, testing and validation; benchmarking; information engineering. Develops and staffs a systems engineering management plan. Supports a Sr. Systems Engineer, as required. Analyzes and develops technical documentation detailing the integration and system performance. Coordinates the activities of Systems Engineers and Jr. Systems Engineers assigned to specific systems engineering projects.Minimum Education: Bachelor's degree or equivalent.Minimum/General Experience: Five (5) years’ experience. With a master’s degree, three (3) years of experience is acceptable.Job Title: Intermediate Information EngineerFunction Responsibility: Applies business process improvement practices to re-engineer methodologies/principles and business process modernization projects. Applies, as appropriate, activity and data modeling, transaction flow analysis, internal control and risk analysis and modern business methods and performance measurement techniques. Assist in establishing standards for information systems procedures. Develops and applies organization wide information models for use in designing and building integrated, shared software and database management systems. Constructs logical business improvement opportunities consistent with corporate information management guiding principles, cost savings, and open system architecture objectives.Minimum Education: A Bachelor's degree in Computer Science, Information Systems, Engineering, Business, or other related scientific or technical discipline.Minimum/General Experience: Five (5) years’ experience which is specialized experience, in information systems development, functional and data requirements analysis, systems analysis and design, programming, program design and documentation preparation. The following experience is also required demonstrated experience in the implementation of information engineering projects; systems analysis, design and programming using CASE and IE tools and methods, systems planning, business information planning, and business analysis.Job Title: Lead Business Systems AnalystFunction Responsibility: Top level technical contributor supporting Penetration Testing and other cybersecurity and Information Assurance tasks with expertise in Information Technology and Cybersecurity cradle to grave processes related to applications and infrastructure. Responsible for analyzing and documenting existing operations and practices and developing test plans to circumvent the security and features of applications, systems, networks, and processes. Acts as a member of the team responsible for providing technical guidance concerning the “business”. Supports analyzing site/enterprise Computer Network Defense policies and evaluates compliance with regulations and Enterprise Directives; Assists with the selection of cost-effective security controls to mitigate risks (e.g., protection of business information and processes.) Plans, designs, develops, and launches exercises to circumvent security features. Gathers and analyzes data in support of business cases, proposed projects, and systems requirements. Responsible for generating and compiling reports based on the findings, complete with probable causes and possible solutions. Meets with decision makers, systems owners, and end users to define business, financial, and operations requirements and systems goals, and identify and resolve systems issues. Reviews and analyzes the effectiveness and efficiency of existing systems and develops strategies for improvement. Identifies and establishes scope and parameters of systems analysis to define outcome criteria and measure-taking actions. Supports Red and Blue Team activities.Minimum Education: Bachelor’s degreeMinimum/General Experience: Five (5) years of business analysis experienceJob Title: Lead Sr. Security EngineerFunction Responsibility: Provides technical, managerial, and administrative direction for problem definition, analysis, requirements development and implementation for complex to extremely complex systems in the subject matter area. Makes recommendations and advises on organization-wide system improvements, optimization or maintenance efforts in the following specialties: information systems architecture; networking; telecommunications; automation; communications protocols; risk management/electronic analysis; software; life-cycle management; software development methodologies; and modeling and simulation.Minimum Education: B.A. or B.S. degree.Minimum/General Experience: Must have 15 years of experience in the IT field. At least 10 years of combined new and related technical experience in the IT field directly related to the required area of expertise. Top Secret Clearance, clearable up to Top Secret with Sensitive Compartmented Information TS/SCI.Job Title: Mid-Level Security EngineeringFunction Responsibility: Develops requirements from a project’s inception to its conclusion in the subject matter area for simple to moderately complex systems. Assists other senior consultants with analysis and evaluation and with the preparation of recommendations for system improvements, optimization, development, and/or maintenance efforts in the following specialties: information systems architecture; networking; telecommunications; automation; communications protocols; risk management/electronic analysis; software; life-cycle management; software development methodologies; and modeling and simulation.Minimum Education: B.A. or B.S. degree.Minimum/General Experience: Must have 8 years of experience in the IT field. At least 5 years of combined new and related technical experience in the IT field directly related to the required area of expertise. Top Secret Clearance, clearable up to Top Secret with Sensitive Compartmented Information TS/SCI.Job Title: Network Engineer IFunction Responsibility: Provides support monitoring the networks and systems for cyber threats and cyber vulnerabilities. Identifies security risks, threats and vulnerabilities of networks, systems, applications and other technologies. Design, support and troubleshoot for the client’s network within a team environment. Performs product evaluations, recommends and implements services for network security. Responsible for validating and testing complex security architecture. Performs Network Mapping including Wireless Access Point (WAP) detection to support penetration testing. Ascertains user needs and system requirements to design, monitor, and maintain computer networks. Utilizes prior experience with years of direct experience in hands on implementation of network backbone technology (Cisco routers, switches, and firewalls), experience creating cyber security architecture guidelines for multiple instances of technology, capability to explain and design technology on an engineering and management level, and concise understanding of complete technology requirements and underlying technology fundamentals. Provides thought leadership in the design of cyber network infrastructure services to meet business requirements and operational objectives. Delegate tasking to the network engineering team staff. Provides architect engineering and supervisory services in support of emerging technology integration into network backbone systems. Monitor and maintains computer systems. This may include troubleshooting wide area networks, servers and routers, local area networks, and switches. Installs or upgrades software and hardware.Minimum Education: Bachelor's degree in Computer Science, Information Systems, or EngineeringMinimum/General Experience: One (1) year of experience with CompTIA Network+ credentialJob Title: Network Engineer, Sr.Function Responsibility: Conducts assessments of threats and vulnerabilities, determines deviations from acceptable network configurations, network policies, and develops recommendations of mitigation countermeasure in operational and non-operational situations. Provides high level support monitoring the networks and systems for cyber threats and works with leadership and stakeholders to mitigate and remediate the cyber vulnerabilities. Identifies security risks, threats and vulnerabilities of networks, systems, applications and other technologies. Performs highly complex product evaluations, recommends and implements services for network security. Responsible for validating and testing complex security architecture. Determines deviations from acceptable network configurations, network policies, and develops recommendations of mitigation countermeasure in operational and non-operational situations. Supports Ethical Hacking and Compliance Management on network appliances. Defines the problems and analyzes and develops plans and requirements in the subject matter area for moderately complex to complex systems. Coordinates and manages the preparation of analysis, evaluations, and recommendations for proper implementation of programs and systems specifications in the following specialties: information systems architecture, networking, telecommunications; automation, communications protocols, risk management/electronic analysis, software, life-cycle management, software development methodologies, and modeling and simulation, leads network tech and design engineers. Minimum Education: Bachelor's degree in Computer Science or a similar fieldMinimum/General Experience: Six (6) years of experience in the IT field.Job Title: Network Security Analyst Function Responsibility: Provides continued operation of network and security enabled solutions. Strong knowledge of cyber security network monitoring principals, including vulnerability management, incident response, computer security forensics and vulnerability/penetration testing. Use various tools, techniques, and procedures. Supports end point security, penetration testing, vulnerability assessments, and forensics. Provides security assessments and architecture recommendations to management. Supports analyzing site/enterprise Computer Network Defense configurations and evaluates compliance with regulations and Enterprise Directives; Assists with the selection of cost-effective security controls to mitigate risks (e.g., systems and networks).Minimum Education: Bachelor's degree in Computer Science or a similar fieldMinimum/General Experience: Three (3) years of experience in Computer Science or a similar fieldJob Title: Penetration Tester – IIFunction Responsibility: In furtherance of cyber security objectives, conducts and /or supports authorized manual penetration tests of networks, applications, web applications, servers, endpoints, wireless, mobile technologies and on enterprise network assets. Develops custom exploits. Utilizes automated tools to conduct penetration testing. Analyze results to mitigate the risk of false positives. Finds security vulnerabilities in target systems, networks, and applications to help enterprises improve their security; identification of flaws to cause business risk, provides crucial insights into the most pressing issues and suggests how to prioritize security resources; Works under general supervision and usually reports to a supervisor, though some ingenuity and flexibility is required. Conducting and/or supporting authorized penetration testing on enterprise network assets. Analyzing site/enterprise Computer Network Defense (CND) policies, configurations, and evaluate compliance with regulations and enterprise directives. Assisting with the selection of cost-effective security controls to mitigate risk.Minimum Education: Bachelor's degree in Computer Science, Information Systems or related fieldMinimum/General Experience: Three (3) years of experience; Knowledge of general attack stages; ability to identify systemic security issues based on the analysis of vulnerability and configuration data. Job Title: Penetration Tester – IIIFunction Responsibility: Possesses knowledge of industry-standard penetration testing components and processes including: reconnaissance, scanning, ranking/scoring vulnerabilities, selecting targets for exploit, escalation of privilege, removal of exploits/restoration of exploited targets, and reporting. Has knowledge of penetration testing applications or processes. Performs penetration testing activities and prepares “Rules of Engagement” document, plans all activities, and provides direction to junior level penetration testers. Performs final analysis of testing results and prepares technical reports. Leads the effort to find cyber security vulnerabilities in target systems, networks, and applications in order to help enterprises improve their security; leads the identifying of which key flaws can be exploited to cause business risk, provides crucial insights into the most pressing issues and suggests how to prioritize security resources. Conducts and/or supports authorized penetration testing on enterprise network assets. Analyzes site/enterprise Computer Network Defense (CND) policies, configurations, and evaluates compliance with regulations and enterprise directives. Assist with the selection of cost-effective security controls to help mitigate risk.Minimum Education: Bachelor's degree in Computer Science, Information Systems or related fieldMinimum/General Experience: Six (6) years of experience; Knowledge of general attack stages; Ability to identify systemic security issues based on the analysis of vulnerability and configuration data. Job Title: Program Manger Function Responsibility: Organizes, directs, and manages large contract operation support functions, involving multiple, complex, and inter-related IT project tasks. Manages teams of contract support personnel at multiple locations. Maintains and manages the client interface at the senior levels of the client organization. Meets with customer and contractor personnel to formulate and review task plans and deliverable items. Ensures conformance with program task schedules and costs.. Performs other duties as assignedMinimum Education: Bachelor's in a recognized technical, engineering, scientific, managerial, business, or other discipline related to area of expertise. Minimum/General Experience: Ten (10) years’ experience within program development and management.Job Title: Project ManagerFunction Responsibility: Leads team on projects or significant segment of large complex projects. Analyzes new and complex project related problems and creates innovative solutions involving finance, scheduling, technology, methodology, tools, and solution components. Provides applications systems analysis and programming activities for a Government site, facility or multiple locations. Prepares long and short-range plans for application selection, systems development, systems maintenance, and production activities and for necessary support resources. Oversees all aspects of projects. Minimum Education: Bachelor’s Degree in a recognized technical, engineering, scientific, managerial,business, or other discipline related to area of expertise.Minimum/General Experience: Five (5) years of Project Management or Contract Administration for Federal and Civilian Government ContractsJob Title: Risk Vulnerability Assessment Analyst/Specialist Function Responsibility: Conducts vulnerability assessments and penetration tests for application (e.g., Web, application services, databases, etc.) and articulates security issues to technical and non-technical audience. Provide support by leveraging analytic and technical skills to discover cyber risks, assess vulnerabilities, prioritize assets and remediate/mitigate. Management of daily assessment of vulnerabilities, evaluate, rate and perform risk assessments of assets. Provide advice and assistance to the client and leadership to ensure that the policies and procedures established by the client are met. Provide Cybersecurity and consulting throughout the security assessment and compliance life cycle process. Performs data gathering, research, and analysis while conducting threat, vulnerability, risk, and maturity assessments; works under the direct supervision of manager/supervisor. Works under general supervision and usually reports to a supervisor, though some ingenuity and flexibility is required. Maintaining applicable Computer Network Defense (CND) policies, regulations, and compliance documents specifically related to Computer Network Defense auditing.Minimum Education: Bachelor's degree in Computer Science, Information Systems or related fieldMinimum/General Experience: Four years of experienceJob Title: Risk Vulnerability Assessment Analyst/Specialist (Infrastructure)Function Responsibility: Conduct vulnerability assessments and penetration tests for infrastructure and articulate security issues to technical and non-technical audience. Provide support by leveraging analytic and technical skills to discover cyber risks, assess vulnerabilities, prioritize assets and remediate/mitigate. Management of daily assessment of vulnerabilities, evaluate, rate and perform risk assessments of assets. Provide advice and assistance to the client and leadership to ensure that the policies and procedures established by the client are met. Provide Cybersecurity and consulting throughout the security assessment and compliance life cycle process. Performs data gathering, research, and analysis while conducting threat, vulnerability, risk, and maturity assessments. May apply critical thinking, conduct gap analysis, and develop implementation plans for the improvement of the risk management-related program and contribute to constant innovation and improvement; Works under general supervision and usually reports to a supervisor, though some ingenuity and flexibility is required. Maintaining applicable Computer Network Defense (CND) policies, regulations, and compliance documents specifically related to Computer Network Defense auditing.Minimum Education: Bachelor's degree in Computer Science, Information Systems or related fieldMinimum/General Experience: Three years of experience; knowledge of how traffic flows across the network and Internet Protocol (IP), Open System Interconnection Model (OSI), and Information Technology Infrastructure Library, v3 (ITIL); knowledge of network protocol; knowledge of IA principles and organizational requirements; knowledge of network security architecture concepts. Knowledge of network access, identity and access management. Job Title: Security Specialist JourneymanFunction Responsibility: Provide security liaison support that includes, but is not limited to developing, implementing, overseeing, and enforcing Cybersecurity policies and procedures; supports incident handling and incident response coordination. Develops capabilities that support the cyber mission at multiple levels through the use of technology demonstration, integration of existing solutions, and development of new tactics to employ solutions. Provide Information Assurance (IA), computer network defense (CND), and technical review support to the government and contract operations to include: Reviews of requirements for security related capabilities. Working CND and IA background and skills, analysis, correlation, and prioritization of vulnerabilities discovered in scans and vendor bulletins. Monitors intrusion detection systems and other CND tools. Provides vulnerability tracking and status reporting on vendor provided or DoD mandated patches. Contributes to the development of innovative principles and ideas. Routinely exercise independent judgment in developing methods, techniques, and criteria for achieving cybersecurity objectives.Minimum Education: Bachelor's degree in Computer Information Systems, Computer Science, Information Technology or related disciplineMinimum/General Experience: Three (3) years of relative industry experience and active currentJob Title: Senior Network Design EngineerFunction Responsibility: Defines the problems and analyzes and develops plans and requirements in the subject matter area for moderately complex to complex systems. Coordinates and manages the preparation of analysis, evaluations, and recommendations for proper implementation of programs and systems specifications in the following specialties: information systems architecture; networking; telecommunications; automation; communications protocols; risk management/electronic analysis; software; life-cycle management; software development methodologies; and modeling and simulation, leads network tech and design engineers.Minimum Education: B.A. or B.S. degree.Minimum/General Experience: Must have 12 years of experience in the IT field. At least 8 years of combined new and related technical experience in the IT field directly related to the required area of expertise.Job Title: Senior Program ManagerFunction Responsibility: Experience leading and providing technical direction of programs/projects. Demonstrated ability to provide guidance and direction for multiple programs/projects and in designing, implementing and managing of programs/projects. Capabilities to manage multitask projects of high complexity. Provides primary interface with client management personnel regarding strategic issues. Directs the completion of projects within estimated time frames and budget constraints. Coordinates all parties to tasks, reviews work products for completeness and adherence to customer requirements. Delivers presentation and leads strategic level client meetings.Minimum Education: A Master’s degree in a related discipline or equivalent experience in a discipline related to the nature of the contract work or in a business related field.Minimum/General Experience: Twelve (12) years’ experience, (Fewer years of experience may be acceptable, at the company’s discretion, if the candidate has a graduate degree).Job Title: Senior Systems AnalystFunction Responsibility: Performs systems engineering planning; performance management; capacity planning, testing and validation; benchmarking; information engineering. Develops and staffs a systems engineering management plan. Supports a Sr. Systems Engineer, as required. Analyzes and develops technical documentation detailing the integration and system performance. Coordinates the activities of Systems Engineers and Jr. Systems Engineers assigned to specific systems engineering projects.Minimum Education: Bachelor's degree or equivalent.Minimum/General Experience: Eight (8) years related work experience. With a Master's degree, six (6) years of experience is acceptable.Job Title: Senior Systems ConsultantFunction Responsibility: Supports of program management and familiarity with client system issues, assistance with design issues, analysis of important project data, and development of appropriate deliverables. Has full technical knowledge of all phases of applications systems analysis and programming. Also has duties instructing, directing, and checking the work of other systems analysis and programming personnel. Responsible for quality assurance review. Identifies best practices and develops methodologies for change management and process reengineering. Proficient in the use of vendor tools and helps to ensure projects meet overall program objectives by performing status reports, verifying work plan completeness, and communicating with team members. Applies data modeling, process modeling, and software design techniques. Conducts analysis of appropriate consulting tools to satisfy program requirements and creates project deliverables. Formulates diagnoses through financial or statistical modeling, assesses appropriate alternatives, and offers conclusions to Project Manager.Minimum Education: A Bachelor’s degree in a related discipline or equivalent experience.Minimum/General Experience: Twelve (12) years of direct experience in management of government business and technical operations. Must have demonstrated program, deliverables, and staff management experienceJob Title: Senior Systems EngineerFunction Responsibility: Performs systems engineering planning; performance management; capacity planning, testing and validation; benchmarking; information engineering. Develops and staffs a systems engineering management plan. Supports a Sr. Systems Engineer, as required. Analyzes and develops technical documentation detailing the integration and system performance. Coordinates the activities of Systems Engineers and Jr. Systems Engineers assigned to specific systems engineering projects.Minimum Education: Bachelor’s degree or equivalent.Minimum/General Experience: Eight (8) years related work experience. With a Master’s degree, six (6) years of experience is acceptable.Job Title: Senior Technical DirectorFunction Responsibility: Demonstrates full technical knowledge of all phases of applications systems analysis and programming. Duties include instructing, directing, and checking the work of other systems analysis and programming personnel. Provides guidance and direction to junior team members. Performs and oversees rigorous peer reviews and testing on applicable work products to meet specifications/requirements of quality review process. Identifies and articulates requirements and requirement gaps/defects early in project lifecycle. Develops and executes change management strategies and manages all change activities. Utilizes industry best-practices and methodologies. Effectively works with clients and end users. Engages in work plan management by establishing and tracking assignments for individuals and small teams in a multi-workforce environment. Understands project cost, schedule, and quality measures by using methodologies and tools. Develops and maintains change management artifacts and communication strategies to support customers at varying skill levels and positions. Proactively raises issues and risks and proposes appropriate resolutions.Minimum Education: Bachelor's Degree and/or master’s degreeMinimum/General Experience: Eight (8) or more years of experience. (Fewer years of experience may be acceptable, at the company’s discretion, if the candidate has a graduate degree.)Job Title: Subject Matter Expert (SME) IIFunction Responsibility: Responds to crisis and/or urgent situations to mitigate cyber security threats and attacks with an in-depth understanding of cybersecurity architecture and technologies. Provides technical knowledge and analysis of highly specialized applications and operational environment, high-level functional systems analysis, design, integration, documentation and implementation advice on exceptionally complex problems that require graduate level knowledge of the subject matter for effective implementation. Ensures that the all systems and data repositories maintain appropriate levels of confidentiality, integrity, authentication, non-repudiation, and availability, balancing the importance and sensitivity of the information assets and the information itself. Watch for potential threats; develops threat vectors identifying potential threat actors, vulnerabilities, and risks. Coordinates and provides expert technical support to enterprise wide Computer Network Defense Technicians. Provides cyber threat analysis and mitigation recommendations and reports regarding cyber and information security related risks, threats, and vulnerabilities. Designing, configuring, integration, and deployment of open source and commercial applications and tools to support the cybersecurity role and mission. Perform customary cyber support functions, including: intrusion detection, penetration testing, incident response, and forensic analysis. Assist in the development, management, and operation of processes to support analysis of log files from a variety systems and sensors to include individual host logs, network traffic logs, firewall logs, and intrusion detection/prevention system logs. Investigate tools, technologies, and techniques appropriate to the examination and mitigation of potential cyber threats or risks. Recommend and utilize metrics to capture, measure and report potential cybersecurity risks and threats. Examine (audit), evaluate and report potential system / architecture vulnerabilities and propose mitigation strategies. Assess, interpret, and applying cybersecurity and Information Assurance (IA) guidance, regulations, and related documentation. Must be proficient in the evaluation and application of a variety of cybersecurity concepts, practices, and proceduresMinimum Education: Bachelor’s DegreeMinimum/General Experience: Three (3) years of experience in cyber technology /cybersecurity or a closely related area. Must meet the requirements for DoD 8570.01-M IAT Level II by possessing one of the following certifications: CCNA Security, CySA+, GICSP, GSEC, Security+ CE, and SSCPJob Title: Subject Matter Expert (SME) IIIFunction Responsibility: Responds to crisis and/or urgent situations to mitigate cyber security threats and attacks with an in-depth understanding of cybersecurity architecture and technologies. Provides technical knowledge and analysis of highly specialized applications and operational environment, high-level functional systems analysis, design, integration, documentation and implementation advice on exceptionally complex problems that require graduate level knowledge of the subject matter for effective implementation. Ensures that the all systems and data repositories maintain appropriate levels of confidentiality, integrity, authentication, non-repudiation, and availability, balancing the importance and sensitivity of the information assets and the information itself. Watch for potential threats; develops threat vectors identifying potential threat actors, vulnerabilities, and risks. Coordinates and provides expert technical support to enterprise wide Computer Network Defense Technicians. Responsible for applying knowledge and experience of a variety of cyber concepts, practices, and procedures to evaluate technical and operational cybersecurity alternatives for various systems and environments. Must possess the proper knowledge and technical expertise for the and possess the baseline skill sets, certifications, and experience as needed for the specific cybersecurity SME level and Cyber Network Defense (CND) / Cybersecurity Service Provider (CSSP) specialty, as required to meet U.S. Department of Defense (DoD) Information Assurance Workforce Improvement Program (DoD 8570.01-M) standards for IAT Level III. Providing cyber threat analysis and mitigation recommendations and reports regarding cyber and information security related risks, threats, and vulnerabilities. Designing, configuring, integration, and deployment of open source and commercial applications and tools to support the cybersecurity role and mission. Perform customary cyber support functions, including: intrusion detection, penetration testing, incident response, and forensic analysis. Assist in the development, management, and operation of processes to support analysis of log files from a variety systems and sensors to include individual host logs, network traffic logs, firewall logs, and intrusion detection/prevention system logs. Investigate tools, technologies, and techniques appropriate to the examination and mitigation of potential cyber threats or risks. Recommend and utilize metrics to capture, measure and report potential cybersecurity risks and threats. Examine (audit), evaluate and report potential system / architecture vulnerabilities and propose mitigation strategies. Assess, interpret, and applying cybersecurity and Information Assurance (IA) guidance, regulations, and related documentation. Must be proficient in the evaluation and application of a variety of cybersecurity concepts, practices, and procedures.Minimum Education: Bachelor’s DegreeMinimum/General Experience: Five (5) years relevant experience highly preferred with Network Security / Information Security / Cybersecurity experience, and an appropriate level of college degree.Job Title: Systems ArchitectFunction Responsibility: Plans and performs systems and networking engineering research, design, development, and other assignments in conformance with system and network design, engineering, and customer specifications. Supervises team of Sr. Systems Engineers, Systems Engineers, Sr. Network Engineers, and Network Engineers. Responsible for highly complex technical/engineering projects. Coordinates the activities of Sr. Systems Engineers, Systems Engineers, Sr. Network Engineers, and Network Engineers assigned to specific system and network engineering projects. Is the lead technical authority on the project.Minimum Education: Bachelor's degree or equivalent. Minimum/General Experience: Ten (10) years related work experience.Job Title: Task Lead Function Responsibility: Supports the task manager or project manager in completing subtasks and coordinating flow of information across the team. Makes arrangement for task completion based on specifications of the project manager. Suggest strategies for achieving task goals to the project manager. Makes the arrangements for task documentation on the recommendation and specification of the project manager and ensures specifications are met.Minimum Education: A Bachelor’s Degree in computer science, information systems, mathematics, engineering, business or related field. Minimum/General Experience: Six (6) years’ experience including complete project development from inception to deployment with a demonstrated ability to provide guidance and direction in tasks of similar scope and complexity.Job Title: Task ManagerFunction Responsibility: Serves as the central point of contact for a particular delivery/task order andinterfaces with the Government’s Technical Representative. Establishes and enforces procedures to assurethat the task is performed in accordance with applicable standards, quality requirements, estimated costs,and schedules. Coordinates development, quality assurance, configuration management, documentationsupport, software maintenance, and daily supervision of subordinates. Prepares reports and deliversbriefings on the status of task assignments to contract management personnel and technical points of contact. Reviews work of subordinates, resolves discrepancies, prioritizes work, and accommodateschanges.Minimum Education: Bachelor's degree or equivalentMinimum/General Experience: Five years’ including complete project development from inception todeployment with a demonstrated ability to provide guidance and direction in tasks of similar scope and complexity.Job Title: Technical WriterFunction Responsibility: Writes a variety of technical articles, reports, brochures, and/or manuals fordocumentation for a wide range of uses. Coordinates the display of graphics and the production of thedocument. Ensures content is of high quality and conforms to standards.Minimum Education: Bachelor's Degree in in computer science, information systems,mathematics, engineering, business or related field or equivalent experience.Minimum/General Experience: Four years’ professional experience in a position requiring development ofstructured written materials and visual aids.Job Title: UNIX SpecialistFunction Responsibility: Providing support for systems operating under UNIX, including monitoring performance, performing system rebuilds/disk allocation, identifying system failures, and executing diagnostic routines. Understanding of UNIX file systems, UNIX communication software and protocols including TCP/IP and X.25. Experience with system accounting and system security. Detailed knowledge required maintaining the System 5 Version 4 operating system and succeeding versions. Working knowledge of current versions of software packages. Ability to provide assistance with questions on the use of special features, report formatting, graphics capability, and communication network.Minimum Education: Bachelor's degree or equivalentMinimum/General Experience: Five (5) years’ experienceJob Title: Web Design/DeveloperFunction Responsibility: Web Development. Responsible for enhancing the image and communicating the mission, goals, and achievements of the Government organizations using the World-Wide-Web with stunning graphics and creative communication. The ability to design and develop a comprehensive site plan and style guidelines. Experience with the development of Intranet(s) that increase the efficiency and effectiveness of operations. Working knowledge of: computers for drawing, word processing (MS Word), graphing, photo manipulation, painting (Photoshop), and Web page layout (e.g. Page Mill) software; graphics file formats and color palettes for web applications (e.g. GIF, JPG); World Wide Web (WWW) applications (Netscape, MS Explorer) and languages (e.g. HTML, JavaScript, and/or Java); a variety of computing platforms; and knowledge of web-database interaction. Minimum Education: Associates Degree, Certification Training in relevant discipline, or equivalent experienceMinimum/General Experience: Three years’ experience. Minimum of two years of web development experienceEducation/Experience Substitutions4 years of additional relevant experienceEqualsBachelor’s Degrees6 years of additional relevant experienceEqualsMaster’s Degree8 years of additional relevant experienceEqualsPh.DSubstitution Methodology: Due to the availability or limitation of education, occasionally substitution of experience as referenced below for a professional labor type with additional years of experience will be provided to the Federal Agency when responding to their IT requirements and it is solely the acquiring agency’s determination, if the substitution is considered acceptable prior to an award.?GSA Pricing SINLABOR CATEGORYGSA PRICE March 29, 2019 – March 28, 2020GSA PRICE March 29, 2020 – March 28, 2021GSA PRICE March 29, 2021 – March 28, 2022GSA PRICE March 29, 2022 – March 28, 2023GSA PRICE March 29, 2023 – March 28, 202454151HACSCybersecurity Accreditation and Certification Analyst$111.88$114.68$117.55$120.49$123.5054151HACSCybersecurity Auditor - Intermediate$103.60$106.19$108.84$111.56$114.3554151HACSCybersecurity Auditor - Senior$120.17$123.17$126.25$129.41$132.6454151HACSCybersecurity Compliance Analyst$70.16$71.91$73.71$75.55$77.4454151HACSCybersecurity Engineer$95.60$97.99$100.44$102.95$105.5354151HACSCybersecurity Subject Matter Expert $165.76$169.90$174.15$178.50$182.9654151HACSCybersecurity Technical Writer$68.34$70.05$71.80$73.59$75.43ANCILLARYData Control Clerk$73.12$74.95$76.83$78.75$80.7254151SDR/COOP SME$125.06$128.18$131.39$134.67$138.0454151HACSEnterprise Architect$118.74$121.70$124.75$127.87$131.0654151SFunctional Analyst$140.61$144.12$147.73$151.42$155.2154151HACSInformation Assurance (IA) Management Analyst$85.88$88.03$90.23$92.49$94.8054151HACSInformation Assurance (IA) Project Engineer$97.20$99.63$102.12$104.67$107.2954151HACSInformation Assurance Security Engineer$75.85$77.75$79.69$81.68$83.73ANCILLARYIntermediate Administrative Specialist$74.75$76.61$78.53$80.49$82.5154151SIntermediate Communication Engineer$116.24$119.15$122.12$125.18$128.3154151SIntermediate Information Engineer$116.24$119.15$122.12$125.18$128.3154151HACSLead Business Systems Analyst$120.17$123.17$126.25$129.41$132.6454151SLead Sr. Security Engineer$224.62$230.24$235.99$241.89$247.9454151SMid-Level Security Engineering$110.44$113.20$116.03$118.93$121.9054151HACSNetwork Engineer I$59.54$61.02$62.55$64.11$65.7254151HACSNetwork Engineer, Sr.$98.04$100.49$103.00$105.58$108.2254151HACSNetwork Security Analyst $95.30$97.69$100.13$102.63$105.2054151HACSPenetration Tester - II$103.60$106.19$108.84$111.56$114.3554151HACSPenetration Tester - III$128.46$131.67$134.96$138.34$141.8054151SProgram Manger $156.13$160.03$164.03$168.13$172.3354151SProject Manager$144.49$148.10$151.80$155.60$159.4954151HACSRisk Vulnerability Assessment Analyst/Specialist $100.07$102.57$105.13$107.76$110.4654151HACSRisk Vulnerability Assessment Analyst/Specialist (Infrastructure)$91.33$93.61$95.95$98.35$100.8154151HACSSecurity Specialist Journeyman$62.59$64.16$65.76$67.41$69.0954151SSenior Network Design Engineer$136.36$139.77$143.27$146.85$150.5254151SSenior Program Manager$328.05$336.26$344.66$353.28$362.1154151SSenior Systems Analyst$141.18$144.71$148.33$152.04$155.8454151SSenior Systems Consultant$285.33$292.46$299.77$307.26$314.9554151SSenior Systems Engineer$147.81$151.50$155.29$159.17$163.1554151SSenior Technical Director$277.42$284.35$291.46$298.75$306.2254151HACSSubject Matter Expert (SME) II$188.72$193.44$198.28$203.23$208.3154151HACSSubject Matter Expert (SME) III$192.72$197.54$202.48$207.54$212.7354151SSystems Architect$147.81$151.50$155.29$159.17$163.1554151STask Lead $177.60$182.04$186.59$191.25$196.0354151STask Manager$131.21$134.49$137.85$141.30$144.8354151STechnical Writer$84.70$86.82$88.99$91.21$93.4954151SUNIX Specialist$116.24$119.15$122.12$125.18$128.3154151SWeb Design/Developer$109.63$112.37$115.18$118.05$121.01 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download