Functional requirement:

 

Provide analysis and security assessments to ensure client information systems are compliant with National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 guidance as well as client-specific guidance and policies. Assist with the preparation, development, modification, and management of the documentation required to complete ICD 503 and DoDI 8510.01 RMF processes.

 

• Conduct applicable NIST Risk Management Framework (RMF) processes and procedures for client information systems and coordinate with various shareholders and system engineers who test, implement, and install the systems to implement an adequate security infrastructure.

• Identify, implement and assess appropriate security controls to provide mitigation strategies to reduce risk and improve the security of the system. Prepare, review and coordinate documentation required to complete ICD 503 and DoDi RMF processes.

• Analyze security policies, plans, and other relevant documents to ensure RMF accreditation packages are complete.

• Address specific actions taken or planned to correct deficiencies in the security controls and to reduce or eliminate known vulnerabilities in the information system; 

• Develop and coordinate for review all documentation associated with an A&A package

• Develop Plans of Action and Milestones for addressing vulnerabilities in target information systems. These may include, as example, contingency plans, rules of behavior, incidence response plans, etc.

• Ensure all A&A documentation support conforms to the Government-approved Standard Operating Procedure (SOP)/annual work plan or individual work requests agreed to with the Contracting Officer's Representative (COR) or designee and is consistent with the NIST guidance; and

• Maintain proficiency with appropriate guidance related to securing and accrediting information systems

• Establish sufficient technical proficiency with the target information system(s) to properly advise clients on strategies for effectively securing information systems

 

Education Desired:

Bachelor’s Degree in Engineering, Telecommunications, Cybersecurity, Information Technology or other computer science related discipline

 

Experience Desired:

7-10 years of related experience

 

Key Skills:

• Bachelor's degree Engineering, Telecommunications, Cybersecurity, Information Technology or other computer science related discipline and 5-7 years’ experience with information networks and related security concerns; or a Master’s degree with 3-5 years’ experience

• Experience in cybersecurity with a focus in RMF, A&A processing, and POA&M Management

• Ability to perform IAVA analysis and resolution, document POA&Ms and create security documents necessary for assessments

• Knowledge of control frameworks and external compliance regulations/standards such as ICD 503, NIST 800-53, DoDI8510.01, NIST 800-82, ISO 27001, COBIT, etc.

• Familiar with system and application STIGs

• Must have and maintain at least one of the following certification: CISSP, CISA, SICCP, CEH, CRISC or equivalent designation.

• Experience implementing and using various IA tools including vulnerability assessment, patch management, audit collection, audit review, audit management, and end point protection 

• Experience in working with a GRC tool (Xacta or eMASS preferred)

• Knowledge of vulnerability scan analyses, lien tracking and remediation

• Strong analytical, organizational, and time management skills

• Ability to drive action to achieve results with minimal direction and lead others.

• Must maintain DoD Top Secret clearance with SCI eligibility

• Must be able to effectively articulate complex, security concepts to clients, non-technical management and other team members 

• Willingness to travel CONUS and OCONUS for site visits and assessments as required

 

Applicants must have an active US Government Top Secret security clearance and have been granted access to Sensitive Compartmented Information (SCI) within the last two years, based on a Single Scope Background Investigation (SSBI)