Cyber Security Specialist

About The Position

Requirements

• 5 years experience in cyber security and information assurance with at least 3 years of experience in systems administration for server and infrastructure support.
• Bachelor’s degree in a related field desired.
• Must be certified at IAT Level III (e.g., CASP+ CE/SecurityX, CISA, CCNP Security, CISSP, or equivalent certification satisfying DoD 8570/8140 certification requirements).
• Experience with RMF, STIGs, GRC, PPSM, event log audit.
• Working knowledge of firewall functionality.
• Knowledge of analyzing the result of a security risk assessment.
• Experience with the RMF steps to include categorization, security control selection, implementation plan development, assessment, and continuous monitoring.
• Knowledge of the Information Assurance Vulnerability Management (IAVM) process and Common Vulnerabilities and Exposures (CVE) framework.
• Experience with PowerShell scripting to automate repetitive tasks and gather security information.
• Experience creating, reviewing, and revising security documentation and artifacts.
• Experience with Vulnerability Management tools, such as ACAS, including the ability to read and analyze automated vulnerability reports.
• Must possess analytical skills to troubleshoot cybersecurity issues and the ability to conceptualize server infrastructures and configurations.
• Must have strong communication skills and be able to work comfortably with all levels of an organization.
• Must be a US citizen and hold a current Top Secret clearance with SCI access (TS/SCI). Applicants selected will be subject to a U.S. government security investigation and must meet eligibility requirements for access to classified information.

Nice To Haves

• Experience with Fortify Static Code analyzer, or another code scanner, desired.
• Experience with security information and event management (SIEM) software, such as Splunk or ArcSight.
• Experience with Asset Management software, such as Lansweeper or SolarWinds desired.
• Experience configuring and troubleshooting firewalls, and using protocol analyzers desired.
• Experience participating in cyber security inspections and in Computer Network Defense (CND) actions such as incident response desired.
• Experience with DoD IT environment and networks.

Responsibilities

• Assist in building, coordinating, maintaining, changing, and updating, the RMF A&A packages for the five enclaves administered by AFOSI.
• Implement security controls and assist AFOSI customers with the implementation of controls.
• Continuously monitor control compliance and remediate or POA&M systems as required.
• Collaborate with enterprise operations and development teams to ensure the infrastructure and application are configured within DoD requirements.
• Develop and maintain System Security Documents in accordance with the RMF Process to include policies, plans and procedures.
• Ensure that all application deliverables and systems comply with applicable DISA STIGs or Security Requirements Guidance.
• Assist in maintaining and updating HQ's AFOSI Governance, Risk and Compliance (GRC) application for assessing/managing risk, and authorizations for all AFOSI data networks.
• Implement security controls and assist AFOSI customers with the implementation of controls.
• Continuously monitor control compliance and take immediate actions to bring systems into compliance.
• Audit security log information using Splunk Enterprise, track firewall rule activity to create security baselines, and create alerts and reports.
• Utilize the ACAS vulnerability scanning suite to identify configuration problems and missing patches.
• Track and analyze Plan of Action & Milestones (POA&Ms) reports to conduct risks assessments.
• Assist in the review of current Cyber Operational Readiness Assessment (CORA) requirements and ensure systems and their operations are compliant.