Tygart Technology, Inc. is currently seeking a versatile Windows Engineer with experience creating and deploying desktop images and application packages using Microsoft System Center Configuration Manager (SCCM) to support the Pension Benefit Guaranty Corporation (PBGC).  The PBGC is a Federal corporation created by the Employee Retirement Income Security Act of 1974. It currently protects the pensions of more than 44 million American workers and retirees in more than 29,000 private single-employer and multiemployer defined benefit pension plans. This position requires that the candidate either have, or be able to obtain, a Public Trust clearance within the Federal Government. Tygart is helping modernize and secure PBGC’s infrastructure, and requires a technical engineer to support various security initiatives identified below, however the immediate, absolute requirement is for a resource who has in-depth experience managing SCCM infrastructure and developing/deploying desktop images.

Desired Skills and Experience

  • Develop workstation images and task sequences within SCCM – accounting for diverse makes and models of desktops, laptops, and Surface Pros
  • Schedule, deploy, and validate updated images to end-user community – migrating from the Windows 7 to the Windows 10 operating system
  • Leverage the User State Migration tool to transfer account settings, preferences, etc.
  • Validate and enforce compliance with Federal configuration standards (USGCB/NIST) by creating GPO templates and creating / updating GPOs
  • Monitor and report on compliance of deployed images with configuration standards
  • Create and execute scripts with Windows PowerShell to perform various administrative functions
  • Update / upgrade SCCM components and clients
  • Create and deploy [desktop] application packages through SCCM  In addition to supporting PBGC’s SCCM infrastructure and workstation deployments, the Windows engineer is expected to lead or provide significant contributions to a myriad of other engineering efforts. Examples include:
  • Must be able to communicate effectively – especially in writing.  Need to be able to develop detailed instructions on how to perform application upgrades, migrations, and deployments
  • Upgrading, securing, and standardizing MS SQL databases to latest versions.  Coordinate with, and provide technical support to, applications utilizing the databases.  Establish Secure Configuration Baselines for current and emerging versions MS SQL Server commensurate with Federal guidance and industry standards – and plan, coordinate, and implement configuration changes to improve compliance with configuration standards and improve security.
  • Migration of COTS and Internal applications to Windows Server 2012 R2 or future versions of Windows
  • Creation and maintenance of Secure Configuration Baselines for both Windows workstation and server operating systems commensurate with Federal guidance and industry standards.  The engineer should be intimately familiar with DISA STIGs and USGCB SCAP content, how to enforce checks via GPOs, and the implication of updated policies.
  • Installation, evaluation, and use of various security-related software products.  The engineer should be conversant on a myriad of security-related products that could be implemented, or enhanced to improve the security posture of the Corporation.  Examples include:

Web application code scanning products such as Acunetix Database configuration verification products such as Trustwave AppDetective, Tenable Security Center, and DISA STIG viewer Network device configuration verification products such as Cisco Prime Privileged Account Management products such as CyberArk Identity Management products such as SailPoint IndentityIQ

  • Web application code scanning products such as Acunetix
  • Database configuration verification products such as Trustwave AppDetective, Tenable Security Center, and DISA STIG viewer
  • Network device configuration verification products such as Cisco Prime
  • Privileged Account Management products such as CyberArk
  • Identity Management products such as SailPoint IndentityIQ
  • Active Directory upgrade and standardization.  The Engineer should be able to plan, perform impact evaluation, communicate, and execute on AD upgrades.  Must be able to effectively standardize and simplify (clean up) AD structure and GPOs. 
  • Security engineering and solution development.  The Engineer should be able to provide subject matter expertise and guidance to identify general and specific deficiencies related to desktop, server, and network architecture and configuration.  The Engineer will perform alternatives or vendor product analyses, and make recommendations for remediation based upon analyses results, best practices, Federal guidance, and professional experience.
  • The Engineer must be self-motivated and able/willing lead engineering efforts – leveraging diverse windows experience and foundation in fundamentals such as AD, PowerShell, etc.  Absolutely must be able and willing to develop documentation (Work Instructions, Design Documents, Requirements Specifications, etc.) per Government standards, templates, and requirements. 
  • A bachelor’s degree in Computer Science, Engineering, Mathematics or related field is preferred.  5+ years of professional experience with network engineering and security required.  MCSE, CISSP, or other security / engineering certifications are a bonus.