Job description and details

Performance Area 1 – Engineering (6.
1) – (8 FTEs)
 Infrastructure (6.1.1)
 Client Solutions (6.1.2)
 Infrastructure Tools (6.1.3)
6.1 Task 1 – Engineering:
The contractor shall provide engineering support for all aspects of the Hybrid Cloud Infrastructure and the
associated infrastructure configurations of the managed environments. This support will be required 8 hours per
day, 5 days per week.
General Tasks include:
a) Designing client hosted solutions and upgrades to existing network infrastructure (physical
and virtual) as it relates to storage, infrastructure tools, and automation.
b) Supporting network services and products, such as routers, switches, firewalls, web
application firewalls, DNS, email gateways, proxy services, VPN, cryptographic devices,
associated device software and firmware, diagnostic tools, and automation systems.
c) Will provide training and knowledge transfer to the client's IT staff to ensure that
they are able to manage and maintain the network infrastructure. This may include
providing documentation, conducting training sessions, and answering questions.
Performance Standards:
a) STD: 8 (FTEs) will map to row 1 of the Minimum Qualifications Matrix in 6.6 and be based on contractors
GSA MSA Labor Categories.
6.1.1 Subtask 1 – Infrastructure Engineering
The Contractor Shall:
a) Provide network design and planning: This involves creating a network design that meets the IFLOB’s
requirements for functionality, performance, and security. The network engineer will need to consider the
current network infrastructure, as well as any future growth or expansion plans.
b) Provide network optimization support which involves reviewing network performance and capacity to
ensure that it can handle the demands placed on it by users and applications.
c) Provide network infrastructure documentation: Will create and maintain documentation for the network
infrastructure. This will involve creating network diagrams, policies, and procedures, and updating
documentation as changes are made to the network infrastructure. All documents and policies will be submitted
to the government for approval.
d) Ensure that all engineering efforts adhere to DISA and DoD policies, and directives from United States
Cyber Command (USCC) and Joint Force Headquarters DODIN (JFHQ-DODIN).
e) Provide technology evaluation: Will evaluate emerging technologies such as, but are not limited to,
SD-WAN, 5G, and IoT to determine their suitability for the organization's network infrastructure. This task will
involve researching and testing these technologies and providing a detailed analysis of their potential benefits
and drawbacks.
f) Ensure that emerging technologies are implemented in a secure manner. This task will involve
implementing security protocols, such as encryption and authentication, and ensuring that the network is
protected against emerging threats such as IoT-based attacks.
g) Provide pilot and prototype support: Will work with the project stakeholders to understand the network
requirements for the pilot or prototype project, to include but not limited to the number of users, the types of
devices, the expected bandwidth, and the security requirements. Based on the network requirements, the
network engineer will design a network solution that meets the needs of the pilot or prototype project.
6.1.2 Subtask 2 – Client Solutions Engineering
a) Conduct needs assessments and requirements gathering with clients pertaining to their infrastructure
requirements.
b) Design and develop customized infrastructure solutions for hosted client applications
c) Collaborating with other team members, such as project managers, developers, and architects, to ensure
successful solution delivery.
d) Provide guidance and support for network scaling and expansion as the client's network requirements
change. This may include planning for network capacity, selecting appropriate network hardware and software
components, and designing network upgrades.
e) Ensure high level government briefings are attended to attain situational awareness of government
efforts and mission priorities. The contractor needs to ensure that all projects they are supporting have the latest
updates on and that government leadership is tracking any priority efforts that are not expected to meet mission
timelines. The contract should be prepared to participate in high level briefings for workload they are
supporting.
f) Continuously monitor the government directed project management system for project support
requests, project assignments, project tasks/activities, project timelines and suspense, and project reporting.
g) Provide pilot and prototype support: Will work with the project stakeholders to understand the network
requirements for the pilot or prototype project, to include but not limited to the number of users, the types of
devices, the expected bandwidth, and the security requirements. Based on the network requirements, the
network engineer will design a network solution that meets the needs of the pilot or prototype project.
6.1.3 Subtask 3 – Infrastructure Tools Engineering
a) Define the requirements and specifications for infrastructure tools based on the organization's needs.
b) Research and evaluate available infrastructure tools and technologies.
c) Design and implement infrastructure tools, including configuration management, automation, and
monitoring tools.
d) Integrate infrastructure tools with existing systems and processes.
e) Monitor infrastructure tools to ensure they are functioning properly and meeting performance and
security requirements.
f) Maintain and update infrastructure tools as needed to ensure they continue to meet the organization's
needs.
6.2 Task 2 – Implementation
The contractor shall be responsible for implementing and deploying the engineering team provided client
solutions and infrastructure design packages for the Hybrid Cloud Infrastructure. This support will be required
8x5 weekly.
Implementation support includes client hosting integration & deployment in addition to transition the workload
to an operational status per J-9 HaC standards for declaring Full Operational Capability (FOC). Also includes
deploying and integrating all infrastructure hardware and configurations.
b) STD: 3 (FTEs) will map to row 2 of the Minimum Qualifications Matrix in 6.6 and be based on contractors
a) Have knowledge of computer networking concepts and protocols, and network security
methodologies.
b) Have knowledge of risk management processes (e.g., methods for assessing and mitigating
risk).
c) Have knowledge of national and international laws, regulations, policies, and ethics as they
relate to cybersecurity.
d) Have knowledge of cybersecurity principles.
e) Have knowledge of cyber threats and vulnerabilities.
f) Have knowledge of specific operational impacts of cybersecurity lapses.
g) Have knowledge of cloud computing service models Software as a Service (SaaS),

Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).
h) Have knowledge of cloud computing deployment models in private, public, and hybrid
environment and the difference between on-premises and off-premises environments.
6.2.1 Subtask 1 – Client Solution Integration & Deployment
a) Implement new infrastructure solutions for hosted client applications within the timeline
set for each assigned project.
b) Deploy the engineered solutions to any of the applicable hybrid cloud managed
infrastructure environments to include On-Premises, Private Cloud, Commercial Cloud,
and Government Cloud.
c) Integrate the new application solution with existing systems and applications. This
includes configuration and initial connectivity testing.
d) Collaborate with other team members, such as project managers, developers, and
architects, and engineers to ensure successful solution delivery.
e) Continuously monitor the government directed project management system for project
support requests, project assignments, project tasks/activities, project timelines and
suspense, and project reporting.
f) Provide pilot and prototype integration support: Will work with the project stakeholders
to understand the network requirements for the pilot or prototype project. Based on the
network requirements, the network engineer will deploy the engineered client solution
that meets the needs of the pilot or prototype project.
6.2.2 Subtask 2 – Infrastructure Integration & Deployment
a) Deploy the network infrastructure: This involves physically installing and configuring all the
infrastructure hardware and software components of the deployment project.
b) Integrate the new infrastructure with existing systems and applications. This might
include tasks like configuring interfaces, setting up data feeds, and testing connectivity
c) Update network infrastructure documentation. This will involve updating network

diagrams, procedures, and updating documentation as changes are made to the network
infrastructure. All documents and policies will be submitted to the government for
approval.
d) Provide pilot and prototype integration support: Will work with the project stakeholders to
understand the network requirements for the pilot or prototype project. Based on the network
requirements, the network engineer will deploy the engineered infrastructure solution that meets
the needs of the pilot or prototype project.
6.2.3 Subtask 3 – Client Solution transition
a) Provide client solution testing and validation: This involves testing the network engineering
application integration and deployment project to ensure that it is functioning as expected. This
might include tasks like performing load testing, testing failover and recovery procedures, and
validating security settings.
b) Ensure that any failed testing is resolved before transition the project over to the IFLOB
Operations team.
c) Collaborate with other team members, such as the client solutions engineer, operators,
and architects to ensure successful solution delivery and transition.
6.2.4 Subtask 4 – Infrastructure Transition
a) Provide infrastructure solution testing and validation: This involves testing the engineered
infrastructure solution to ensure that it is functioning as expected. This might include tasks like
performing load testing, testing failover and recovery procedures, and validating security settings.
b) Ensure that any failed testing is resolved before transitioning the newly deployed hardware over to
the IFLOB Operations team.
c) Collaborate with other team members, such as the infrastructure engineer, operators, and
architects to ensure successful solution delivery and transition.
6.3 Task 3 – Operations
The contractor shall be responsible for the global 365x24x7 Operations, Maintenance and Sustainment support
for the DISA IFLOB Hybrid Cloud Infrastructure managed environments.
Operations, Maintenance, and Sustainment support includes monitoring the production environments,
performing capacity and performance management, vulnerability management, and sustainment actions for
hosted mission partner services and managed service environments.
STD: On duty 365x24x7
a) Have knowledge of computer networking concepts and protocols, and network

security methodologies.
b) Have knowledge of risk management processes (e.g., methods for assessing and
mitigating risk).
c) Have knowledge of national and international laws, regulations, policies, and ethics as
they relate to cybersecurity.

h) Have knowledge of cloud computing deployment models in private, public, and

hybrid environment and the difference between on-premises and off-premises
environments.
i) Provide operations, maintenance & sustainment for the continued optimal systems
performance of the system.
j) Support all hybrid cloud managed infrastructure environments to include On-

Premises, Private Cloud, Commercial Cloud, and Government Cloud.
k) Store all documentation in accordance with government records management and

storage process.
l) The contractor shall attend all stakeholder meetings in support of the workload, or
effort, they are supporting.
m) Provide network design, configuration, implementation, and sustainment assistance in

accordance with IFLOB best practices, DISA STIGs
6.3.1 Subtask 1 – Operations

a) Diagnose and resolve infrastructure connectivity problems, working incident tickets,
and monitor and resolve events in a hybrid cloud infrastructure environment.
b) Diagnose and resolve client service issues.
c) Monitor and perform system modifications and upgrades to the production systems
because of preventive or corrective maintenance.
d) Monitor infrastructure capacity and performance.
e) Once a network wide outage is determined, notification to the Government within 10 minutes is
required. Any required design modifications shall be requested through the normal change
management process.
f) Participate in shift turnover processes for each of the shift changes occurring daily for which any
of their staff are working.
g) Contractor shall provide information or documentation to the turnover lead concerning the status
of any task completed or still in work, as well as any issues encountered during the shift.
h) Contractor shall escalate any issue occurring during a shift immediately and not wait until shift
turnover.
i) Develop a systematic approach and metrics for tracking defect rates, resolution times and release
cycles, and document and implement fixes.
j) Provide a daily System Status Report of all ASI’s, unscheduled outages, Hazardous Conditions
(HAZCONs), and other data as requested by the Government.
k) Work Return Material Authorization (RMA) of infrastructure equipment that has

failed.
l) Maintain a daily Incident report by using DISA approved ticket management system in
accordance with the DISA Incident Management process. All trouble calls shall be logged and
tracked through resolution. Upon notification of incidents the Contractor shall respond within 15
minutes to update actions and mark the ticket status to “In Progress”. All priority 1 and 2 tickets
shall be updated hourly, unless otherwise marked deferred or referred. All other tickets shall
follow DISA Incident Ticket processes for updates, unless otherwise marked deferred or
referred. Once the issue is resolved, immediate notification and ticket updates shall be made.
m) Conduct trend analysis on the system to aid in the prevention of network degradations and
outages as well as recommend configuration/administration changes to the Government based
on the continuous monitoring of the system. No updates or changes shall be made without CCB
approval.
n) Recommend and document corrective actions for system improvements to include security,
stability, capacity, throughput, and performance.
6.3.2 Subtask 2 – Maintenance
a) Manage and maintain approved patches and updates, as well as remediating infrastructure
vulnerabilities.
b) Perform and implement network backup recovery procedures.
c) Install and maintain infrastructure device operating system software (e.g., IOS,
Firmware)
d) Test and Maintain network infrastructure including software and hardware.
e) recommendations based on known bug findings.
f) Ensure application of security patches for commercial products integrated into system
design meet the timelines dictated by management authority for the intended
operational environment.
g) Test, implement, and assess the impact of software/hardware patches, upgrades, fixes,
and enhancements; software and hardware change verification and releases in
accordance with an established Configuration Management (CM) plan.
h) Prepare and manage maintenance releases IAW the DoD/DISA Release Management
Plan (RMP) and process.
i) Perform failover and redundancy testing of Hybrid Cloud Infrastructure environments annually.
j) Provide Life Cycle Support (LCS) for the system and document all security guideline
violations and incidents to the Government Leads via the Security Requirements
Report monthly.
k) Gather all necessary documentation (testing reports/procedures/baseline configuration

guides/lessons learned), organize all artifacts within the appropriate Government provided web
portal, and validate that the current/appropriate document version is in use.
6.3.3 Subtask 3 – Sustainment
a) Sustainment Support for Customer Service and Change Request, Continuity of

Operations, Operating Environment Technical Refresh, Migrations to/from hybrid
cloud environments, and Certificate Management, both DOD and Commercial.
b) Implement new system design procedures, test procedures, and quality standards.
c) Integrate new systems into existing hybrid cloud infrastructure.
d) Configure and optimize infrastructure equipment, both hardware based and

virtualized, to include routers, switches, firewalls, load balancers, application layer
gateways, email security appliances, and DNS appliances.
e) Work change request and maintain accurate configuration and documentation for all
changes, services, and applications.
f) Submit a Change Request (CR) prior to modification showing the purpose, background, detailed
scope, and recommended change. Change Requests require approval from peers and leads
before proceeding shall comply with the Configuration Control Board (CCB) processes.
g) Provide feedback on infrastructure requirements, including hybrid cloud architecture

and infrastructure.
h) Work to automate manual, labor intensive, repeatable processes.
i) Work to develop automated workflows, playbooks, scripts.
j) Ensure high level government briefings are attended to attain situational awareness of
government efforts and mission priorities.
k) Ensure changes follow government change management processes are properly categorized and
documented from start to completion.
l) Use government owned data to perform and provide change request audits, develop metrics, and
trend analysis to understand change implementation management workload, effectiveness,
efficiency, and service target performance.
m) Prepare technical documentation to include technical white papers, instructional, engineering

solutions, implementation guides, tactics techniques and procedures (TTP), standard operating
procedures (SOP) in accordance with government processes.
n) Provide IP assignment, VLAN design, configuration, implementation, and sustainment support.
6.4 Task 4 – Dedicated Labor – 27 FTEs
The contractor shall provide Subject Matter Expert (SME) support for specific workloads as required by mission
needs. To meet the needs of our Mission Partners, DISA offers a dedicated labor service. This service focuses
engineer’s actions on only specific mission partners’ requirements.
The current dedicated labor supporting Mission Partners are listed in subtasks below and may increase or
decrease in-scope based on Mission Partner services being procured or decommissioned.
Defense Health Agency (DHA) DHSS

United States Army (USA) Integrated Personnel and Pay Systems (IPPS-A)
United States Air Force (USAF) Defense Enterprise Accounting and Management System (DEAMS)
United States Space Force (USSF) Global Broadcast Service (GBS)
DISA STRATUS (Private Cloud)
DISA Zero Day Network Defense (ZND)
DISA Secure Cloud Computing (SCCA) Architecture Boundary Cloud Access Point (BCAP)
DISA Web Application Firewall (WAF)

b) Have knowledge of risk management processes (e.g., methods for assessing and
mitigating risk).
c) Have knowledge of national and international laws, regulations, policies, and ethics as
they relate to cybersecurity.
h) Have knowledge of cloud computing deployment models in private, public, and
hybrid environment and the difference between on-premises and off-premises
environments.
6.4.1 Subtask 1. Defense Health Agency (DHA)
a) Provide dedicated network engineering support to the DHA Mission Partner relating to
the architecture, infrastructure, design, configuration, implementation, sustainment,
performance, and operations of the DHA network infrastructure solutions.
b) Provide network infrastructure support for all DHA environments (Production,
Continuity of Operations (COOP), Development, and Test).
c) Configure and optimize infrastructure equipment, both hardware based and virtualized,
to include routers, switches, firewalls, load balancers, application layer gateways, email
security appliances, and DNS appliances.
d) Provide network design, configuration, implementation, and sustainment assistance in

accordance with IFLOB best practices, DISA STIGs and DHA requirements.
e) Provide IP assignment, VLAN design, configuration, implementation, and sustainment

support.
f) Provide Ethernet interface design, configuration, implementation, and sustainment

support.
g) Provide Load Balancer Operations and Maintenance to include Virtual Services, STIG,
Patching, Upgrades, DTOs, Certificate Lifecycle Support (DOD and Commercial SSL
Certs), and WAF
h) Provide Firewall design, configuration, implementation, and sustainment support.
i) Provide Cloud Migration Strategy Plan and Support
j) Maintain accurate configuration and documentation of DHA infrastructure

environment.
k) Manage, maintain, and publish approved patches, updates, changes, and new
capabilities/baselines to production.
l) Patch infrastructure vulnerabilities in accordance with DISA STIG, Scan Reports of

Cyber Vulnerabilities, Directives and Orders, IAVMs, and vendor recommendations
based on known bug findings.
m) Ensure application of security patches for commercial products integrated into system
design meet the timelines dictated by management authority for the intended
operational environment.
n) Test, implement, and assess the impact of software/hardware patches, upgrades, fixes,
and enhancements; software and hardware change verification and releases in
accordance with an established Configuration Management (CM) plan.
6.4.2 Subtask 2. United States Army (USA) Integrated Personnel and Pay Systems (IPPS-A)
a) Provide dedicated network engineering support to the IPPS-A System Implementer and
Program Management Office relating to the architecture, infrastructure, design,
configuration, implementation, sustainment, performance, and operations of the IPPS-A
network infrastructure solutions.
b) Provide network infrastructure support for all IPPS-A environments (Production, Continuity
of Operations (COOP), Development, and Test).
c) Configure and optimize infrastructure equipment, both hardware based and virtualized, to
include routers, switches, firewalls, load balancers, application layer gateways, email

accordance with Oracle and IFLOB best practices, DISA STIGs and IPPS-A requirements.

support.
f) Provide Oracle Super Cluster (OSC) design, configuration, implementation, and sustainment
support.
g) Provide Ethernet interface design, configuration, implementation, and sustainment support.
h) Provide Load Balancer Operations and Maintenance to include Virtual Services, STIG,
Certs), and WAF
i) Provide Firewall design, configuration, implementation, and sustainment support.
j) Provide Cloud Migration Strategy Plan and Support
k) Maintain accurate configuration and documentation of IPPS-A infrastructure environment.
l) Manage, maintain, and publish approved patches, updates, changes, and new
m) Patch infrastructure vulnerabilities in accordance with DISA STIG, Scan Reports of Cyber
Vulnerabilities, Directives and Orders, IAVMs, and vendor recommendations based on
known bug findings.
n) Ensure application of security patches for commercial products integrated into system design
meet the timelines dictated by management authority for the intended operational
environment.
o) Test, implement, and assess the impact of software/hardware patches, upgrades, fixes and
enhancements; software and hardware change verification and releases in accordance with an
established Configuration Management (CM) plan.
6.4.3 Subtask 3. United States Air Force (USAF) Defense Enterprise Accounting and Management
System (DEAMS)
a) STD: 1 (FTE) will map to row 1 of the Minimum Qualifications Matrix in 6.6 and be based on contractors
a) Provide dedicated network engineering support to the DEAMS System Implementer and
Program Management Office relating to the architecture, infrastructure, design,
configuration, implementation, sustainment, performance, and operations of the DEAMS
network infrastructure solutions.
b) Provide network infrastructure support for all DEAMS environments (Production,

c) Configure and optimize infrastructure equipment, both hardware based and virtualized, to
include routers, switches, firewalls, load balancers, application layer gateways, email

accordance with Oracle and IFLOB best practices, DISA STIGs and DEAMS requirements.

support.
f) Provide Oracle Super Cluster (OSC) design, configuration, implementation, and sustainment
support.
g) Provide Ethernet interface design, configuration, implementation, and sustainment support.
h) Provide Load Balancer Operations and Maintenance to include Virtual Services, STIG,
Certs), and WAF.
k) Maintain accurate configuration and documentation of DEAMS infrastructure environment.
m) Patch infrastructure vulnerabilities in accordance with DISA STIG, Scan Reports of Cyber
Vulnerabilities, Directives and Orders, IAVMs, and vendor recommendations based on
known bug findings.
n) Ensure application of security patches for commercial products integrated into system design
meet the timelines dictated by management authority for the intended operational
environment.
o) Test, implement, and assess the impact of software/hardware patches, upgrades, fixes and
enhancements; software and hardware change verification and releases in accordance with an
established Configuration Management (CM) plan.
6.4.4 Subtask 4. United States Space Force (USSF) Global Broadcast Service (GBS)
a) Provide dedicated network engineering support to the GBS Mission Partner relating
to the architecture, infrastructure, design, configuration, implementation, sustainment, performance,
and operations of the GBS network infrastructure solutions.
b) Provide network infrastructure support for all GBS environments (Production,

c) Configure and optimize infrastructure equipment, both hardware based and

virtualized, to include routers, switches, firewalls, load balancers, application layer gateways, email
d) Provide network design, configuration, implementation, and sustainment assistance

in accordance with IFLOB best practices, DISA STIGs and GBS requirements.
e) Provide IP assignment, VLAN design, configuration, implementation, and

sustainment support.

support.
g) Provide Load Balancer Operations and Maintenance to include Virtual Services,

STIG, Patching, Upgrades, DTOs, Certificate Lifecycle Support (DOD and Commercial SSL Certs),
and WAF
h) Provide support for GBS Route Reflection Routers, Collocated Routers, and
switches.
i) Provide Multicast Routing Support
j) Provide Full Motion Video Support
k) Provide Firewall design, configuration, implementation, and sustainment support.
l) Provide Cloud Migration Strategy Plan and Support
m) Provide GRE/IPSEC Virtual Private Network (VPN) support
n) Maintain accurate configuration and documentation of GBS infrastructure

environment.
o) Manage, maintain, and publish approved patches, updates, changes, and new
p) Patch infrastructure vulnerabilities in accordance with DISA STIG, Scan Reports of

Cyber Vulnerabilities, Directives and Orders, IAVMs, and vendor recommendations based on known
bug findings.
q) Ensure application of security patches for commercial products integrated into

system design meet the timelines dictated by management authority for the intended operational
environment.
r) Test, implement, and assess the impact of software/hardware patches, upgrades,

fixes, and enhancements; software and hardware change verification and releases in accordance with
an established Configuration Management (CM) plan.
6.4.5 Subtask 5. DISA STRATUS (Private Cloud)
a) Provide dedicated network engineering support to the STRATUS Program

Management Office relating to the architecture, infrastructure, design, configuration, implementation,
sustainment, performance, and operations of the STRATUS network infrastructure solutions.
b) Provide network infrastructure support for all STRATUS environments

(Production, Continuity of Operations (COOP), Development, and Test).


in accordance with IFLOB best practices, DISA STIGs and STRATUS requirements.

support.

and WAF
h) Provide support for STRATUS Firewalls, Forward Proxies, and Load Balancers.
i) Provide STRATUS Support for the Infrastructure as a Service (IaaS) Portal
j) Provide Firewall design, configuration, implementation, and sustainment support.
k) Provide Cloud Migration Strategy Plan and Support
l) Provide GRE/IPSEC Virtual Private Network (VPN) support
m) Maintain accurate configuration and documentation of STRATUS infrastructure

environment.
n) Manage, maintain, and publish approved patches, updates, changes, and new
o) Patch infrastructure vulnerabilities in accordance with DISA STIG, Scan Reports of

bug findings.
p) Ensure application of security patches for commercial products integrated into

environment.
q) Test, implement, and assess the impact of software/hardware patches, upgrades,

6.4.6 Subtask 6. DISA Zero Day Network Defense (ZND)
a) Provide dedicated network engineering support to the ZND Program Management

Office relating to the architecture, infrastructure, design, configuration, implementation, sustainment,
performance, and operations of the ZNDnetwork infrastructure solutions.
b) Provide network infrastructure support for all ZND environments (Production,



in accordance with IFLOB best practices, DISA STIGs and ZND requirements.

support.
g) Provide Load Balancers Operations and Maintenance to include Virtual Services,

and WAF
h) Provide support for ZND Firewalls, Load Balancers, switches, and email security
appliance.
k) Maintain accurate configuration and documentation of ZND infrastructure

environment.
m) Patch infrastructure vulnerabilities in accordance with DISA STIG, Scan Reports of

bug findings.
n) Ensure application of security patches for commercial products integrated into

environment.
o) Test, implement, and assess the impact of software/hardware patches, upgrades,

6.4.7 Subtask 7. DISA Secure Cloud Computing (SCCA) Architecture Boundary Cloud Access Point
(BCAP)
a) Provide dedicated network engineering support to the SCCA Program Management

Office relating to the architecture, infrastructure, design, configuration, implementation, sustainment,
performance, and operations of the SCCA Boundary Cloud Access Point network infrastructure
solutions.
b) Provide network infrastructure support for all SCCA BCAP Regions


in accordance with IFLOB best practices, DISA STIGs and SCCA BCAP requirements.


support.

and WAF
h) Provide support for SCCA BCAP Routers, Firewalls, and Load Balancers
j) Provide support for Mission Partner’s Sustainment Requirement through the DISA
SCCA BCAPs.
k) Provide support for SCCA Cloud Service Environments.
l) Provide Cloud Migration Strategy Plan and Support.
m) Maintain accurate configuration and documentation of SCCA BCAP infrastructure

environment.
n) Manage, maintain, and publish approved patches, updates, changes, and new
o) Patch infrastructure vulnerabilities in accordance with DISA STIG, Scan Reports of

bug findings.
p) Ensure application of security patches for commercial products integrated into

environment.
q) Test, implement, and assess the impact of software/hardware patches, upgrades,

6.4.8 Subtask 8. DISA Web Application Firewall (WAF)
a) Provide dedicated network engineering support to the DISA WAF Program

Management Office relating to the architecture, infrastructure, design, configuration, implementation,
sustainment, performance, and operations of the DISA DNS network infrastructure.
b) Provide design, engineering, implementation, migration, and sustainment support

for migrating and sustaining applications aligned behind the WAF.
c) Execute the WAF Design Solution and deployment per the WAF Design Guide.
d) Shall execute WAF program tasks in accordance with the most recent
OPORD/FRAGORD/TASKORD/STIG and other relevant issued DISA policy guidance, to include
the WAF Break and Inspect Framework.
e) Provide support to the DISA engineering peers and other DISA counterparts on
policies, procedures, and operational concerns regarding WAF configurations and supported
applications as well as future migrations for new and existing Business.
f) Recommend operational processes to ensure successful migration and maintenance

of applications behind the WAF.
g) Provide implementation solution documents and WAF subject matter expertise for
the configuration and maintenance of DISA hosted Application Delivery Controllers to include
software modules such as load Balancer BIG-IP Local Traffic Manager (LTM), Global Traffic
Manager (GTM), Access Policy Manager (APM), and Application Security Manager (ASM)
modules.
h) Provide design solution documents that out-line guidance on licensing, physical

architecture, logical configuration, eligibility, checklist, application inventory, security policy
protection phases, and basic administration to include system configuration baseline and security
policy configuration baseline.
i) Provide guidance regarding administration, optimization, and failover for the

production configurations. The contractor shall provide WAF subject matter expertise that will test
and optimize the Governments effort.
j) Provide engineering support for WAF technical documentation.
k) Maintain and update application and network discovery to include a WAF

Migration Checklist.
l) Update Technology Security Groups and Security Policies as new application

categories are discovered.
m) Develop an Authorized Service Interruption (ASI) migration guide detailing

configuration steps, migration details, and fail-back plan.
n) Follow current Government processes and assist in the development of new

processes for building WAF policies and detailed troubleshooting steps after implementation. The
contractor shall provide sustainment and engineering support during migration ASIs.
o) Provide engineering support for WAF Tier III Sustainment Activities.
p) Work with DISA engineers to provide engineering support for WAF standardization
settings, global settings, associating technology groups to applications, analyzing learning
suggestions, and aligning security policy.
q) Provide project direction, general guidance, and customer engagement for security
policy modifications.
r) Provide change ownership for security policy modifications, Attack Signature

analysis and recommendations, and policy exception processing.
s) Perform inventory control for applications, security policies, and policy groupings.
t) Provide resolution of operating issues including vendor engagement for problem

resolution.
u) Provide ASI support and maintenance of Security Policy.
v) Provide monitoring support and consult with CND or CSSP or like group to assist
with threat analysis and application correlation, to include attack signature analysis before
deployment by COL-NA.
w) Provide engineering support for WAF readiness and security policy readiness.
x) Provide engineering support onboarding activities for new WAF-eligible
applications through the WAF security lifecycle.
y) Provide engineering support for WAF security policy readiness activities including
creating and applying WAF security policy to the Virtual Server, reviewing learning suggestions,
producing, and reviewing Exception Readiness Report (ERR) with mission partner(s), and notifying
for blocking readiness.
z) Provide engineering support to implement WAF blocking security policy including

transitioning applications from Migration to Blocking, scheduling & executing ASIs, and monitoring
application(s) for unnecessary Blocking Events.
aa) Provide engineering support to sustain WAF blocking security policy including
completion of all steps involved in the security policy implementation process, monitoring exception
policy reports, maintaining Application Security Modules (ASMs), and configuring ASMs.
bb) Provide analysis, implementation, and monitoring for vendor released security
updates.
cc) Submit a Change Request (CR) prior to modification showing the purpose,
background, detailed scope, and recommended change. Change Requests require approval from peers
and leads before proceeding shall comply with the Configuration Control Board (CCB) processes.
dd) Maintain a daily Incident report by using DISA approved ticket management
system in accordance with the DISA WAF ticketing process. All trouble calls shall be logged and
tracked through resolution. Upon notification of incidents the Contractor shall respond within 15
minutes to update actions and mark the ticket status to “In Progress”. Once the issue is resolved,
immediate notification and ticket updates shall be made.
6.5 Task 5 – Automation
The contractor shall be responsible for developing and implementing automated solutions, monitoring, and
optimizing network performance, ensuring security and compliance, and collaborating with cross-functional
teams to streamline network operations, enhance efficiency and reliability, and ensure compliance with DoD
standards and policies using automation.

b) Have knowledge of Python and YAML Languages
c) Develop and Implement Infrastructure Automation Solutions

a) Design and develop automated scripts and tools to streamline network
operations, including provisioning, configuration management, and monitoring.
b) Perform Network Infrastructure Analysis: Conduct detailed analysis of the
current network infrastructure to identify areas where automation can enhance
efficiency and reliability.
c) Integrate Automation Tools with Existing Systems: Integrate new and existing
automation tools with current network management systems and workflows to
ensure seamless operations.
d) Create and Maintain Documentation: Develop and maintain comprehensive
documentation for all automation processes, including design documents, user
manuals, and operational guides.
d) Monitor and Optimize Infrastructure Automation Performance
a. Conduct Regular Network Audits: Perform regular audits of network configurations
and operations to ensure compliance with DoD standards and policies through
automated processes.
b. Monitor and Optimize Network Performance: Utilize automation and/or monitoring
tools to continuously monitor network performance and implement automated
solutions to optimize performance and reduce downtime.
e) Ensure Security and Compliance

a. Develop Custom Automation Solutions: Design and implement custom automation
solutions tailored to specific organizational requirements and network
environments.
b. Ensure Security and Compliance: Develop automated processes to ensure network
security and compliance with DoD requirements, including regular updates and
patches.
f) Collaborate with Cross-Functional Teams

a. Provide Training and Support: Train network operations staff on the use of
automation tools and scripts and provide ongoing support to resolve any issues that
arise.
b. Collaborate with Cross-Functional Teams: Work closely with other Lines of
Businesses (LOBs) to understand requirements, share knowledge, and ensure that
infrastructure automation aligns with overall organizational needs and objectives.
8. Place of Performance.
Primary Place of Performance. Work shall be performed on-site within any of the following listed DISA
facilities:
Mission Location:
DISA Gunter-Maxwell AFB, 01 East Moore Drive Bldg 857, Maxwell AFB Gunter Annex Montgomery, AL
36114
DISA Fort Meade, 6910 Cooper Ave, Fort Meade, MD 20755
DISA Columbus, Defense Supply Center, 3990 E Broad Street, Columbus, OH 43218
DISA at Tinker AFB, 8705 Industrial Blvd, BLDG 3900 Oklahoma City, OK
DISA at Naval Support Activity, 5450 Carlise Pike, Mechanicsburg, PA 17050
DISA at Joint Base San Antonio, 3326 General Hudnell Dr, San Antonio, TX 78226
DISA at Hill AFB, 7981 Georgia St, Hill AFB, UT 84056
SOW Task# FTEs Applicable GSA MAS Labor Applicable DISA Locations
Categories
6.1, 6.2, 6.3, 6.4 37 Enterprise Network Architect Gunter AFB, Alabama
Fort Meade, Maryland
Technical Architect Columbus, Ohio
Tinker AFB, Oklahoma
Senior Network Engineer Mechanicsburg,
Pennsylvania
San Antonio, Texas
Systems Security Engineer Hill AFB, Utah
and Network Engineer
System Engineer II
System Engineer 3
System Engineer IV
System Engineer 5
6.1, 6.2, 6.3, 6.4 26 IT Technician II Gunter AFB, Alabama
Network Engineer Columbus, Ohio
Network Engineer II Mechanicsburg,
Pennsylvania
San Antonio, Texas
Network Engineer – Hill AFB, Utah
Intermediate
Security Engineer
Cloud Network Engineer
System Administrator 1
System Administrator II
System Administrator III
System Administrator IV
System Administrator 5
Junior Network Engineer

6.5 4 Automation Engineer Gunter AFB, Alabama
Systems Engineer Columbus, Ohio
Application Programmer Mechanicsburg,
Pennsylvania
San Antonio, Texas
Hill AFB, Utah

Job description and details

Uploaded by

Copyright:

Available Formats

Job description and details

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Job description and details

Uploaded by

Copyright:

Available Formats

Performance Area 1 – Engineering (6.

General Tasks include:

The Contractor Shall:

The Contractor Shall:

6.1.3 Subtask 3 – Infrastructure Tools Engineering

The Contractor Shall:

d) Integrate infrastructure tools with existing systems and processes.

6.2 Task 2 – Implementation

The Contractor Shall:

d) Have knowledge of cybersecurity principles.

e) Have knowledge of cyber threats and vulnerabilities.

f) Have knowledge of specific operational impacts of cybersecurity lapses.

g) Have knowledge of cloud computing service models Software as a Service (SaaS),

6.2.1 Subtask 1 – Client Solution Integration & Deployment

The Contractor Shall:

6.2.2 Subtask 2 – Infrastructure Integration & Deployment

The Contractor Shall:

c) Update network infrastructure documentation. This will involve updating network

6.2.3 Subtask 3 – Client Solution transition

The Contractor Shall:

6.2.4 Subtask 4 – Infrastructure Transition

The Contractor Shall:

a) Have knowledge of computer networking concepts and protocols, and network

d) Have knowledge of cybersecurity principles.

e) Have knowledge of cyber threats and vulnerabilities.

f) Have knowledge of specific operational impacts of cybersecurity lapses.

g) Have knowledge of cloud computing service models Software as a Service (SaaS),

h) Have knowledge of cloud computing deployment models in private, public, and

j) Support all hybrid cloud managed infrastructure environments to include On-

k) Store all documentation in accordance with government records management and

m) Provide network design, configuration, implementation, and sustainment assistance in

6.3.1 Subtask 1 – Operations

The Contractor Shall:

b) Diagnose and resolve client service issues.

d) Monitor infrastructure capacity and performance.

k) Work Return Material Authorization (RMA) of infrastructure equipment that has

6.3.2 Subtask 2 – Maintenance

The Contractor Shall:

b) Perform and implement network backup recovery procedures.

e) recommendations based on known bug findings.

k) Gather all necessary documentation (testing reports/procedures/baseline configuration

6.3.3 Subtask 3 – Sustainment

The Contractor Shall:

a) Sustainment Support for Customer Service and Change Request, Continuity of

c) Integrate new systems into existing hybrid cloud infrastructure.

d) Configure and optimize infrastructure equipment, both hardware based and

g) Provide feedback on infrastructure requirements, including hybrid cloud architecture

h) Work to automate manual, labor intensive, repeatable processes.

i) Work to develop automated workflows, playbooks, scripts.

m) Prepare technical documentation to include technical white papers, instructional, engineering

n) Provide IP assignment, VLAN design, configuration, implementation, and sustainment support.

6.4 Task 4 – Dedicated Labor – 27 FTEs

Defense Health Agency (DHA) DHSS

The Contractor Shall:

a) Have knowledge of computer networking concepts and protocols, and network

6.4.1 Subtask 1. Defense Health Agency (DHA)

d) Provide network design, configuration, implementation, and sustainment assistance in

e) Provide IP assignment, VLAN design, configuration, implementation, and sustainment

f) Provide Ethernet interface design, configuration, implementation, and sustainment

h) Provide Firewall design, configuration, implementation, and sustainment support.