Cybersecurity Senior, (SCAR)

About The Position

Requirements

• U.S. Citizenship
• Master’s or Doctorate Degree in a related field and ten years of experience in the respective technical/professional discipline being performed, five years of which must be in the DoW OR Bachelor’s degree in a related field and 12 years of experience in the respective technical/professional discipline being performed, five of which must be in the DoW OR 15 years of directly related experience with proper certifications, and eight of which must be in the DoW.
• 5+ years Information Technology (IT) Cybersecurity experience in RMF control implementation, testing, validation, and risk assessments.
• 3+ years of Information System Security Manager, Information System Security Engineering or Security Control Assessor Representative experience
• Experience using eMASS to review and assess artifacts and DISA STIG Viewer to review and analyze STIG results, ACAS scans, and SCAP scans.
• Knowledge and experience with NIST SP 800-53 for security control interpretation and validation of control implementation and inheritance model
• Knowledge with NIST SP 800-30 to determine likelihood of exploitation based on security vulnerabilities, mitigations, predisposing conditions, and compensating controls.
• Knowledge with AWS, Azure, Oracle OCI, or google cloud hosting environments and control inheritance models.
• Critical thinking and analysis skills to review Security Test Plan, System Security Plan, and Information Security Continuous Monitoring Plans to provide constructive feedback and corrective actions to Program Management Offices to define required RMF control testing and required artifacts.
• Ability to communicate effectively to lead meetings for security impact analysis, security control requirements and security assessment out-briefs with Program Management Offices and Authorizing Official Designated Representatives.
• Effective writing skills to develop clearly defined technical reports such as Security Assessment Reports and Information Security Continuous Monitoring Audit Reports.
• Hold and maintain a personnel certification associated with the DCWF Security Control Assessor work role (612) at an advanced (senior) proficiency level as outlined in DoWI 8510.01, AFMAN 17-1305 and AFI 17-101 for assigned systems/applications.
• Must hold CISM or CISSO or CPTE or CySA+ or FITSP-A or GCSA or CISA or CISSP or CISSP-ISSEP or GSLC or GSNA
• Must hold and maintain an active Secret security clearance.

Nice To Haves

• Specific knowledge of applications, system, and network security, technologies, processes, and practices designed for prevention of damage to, protection of, and restoration of computers, electronic communications systems, electronic communication services, wire communication, and electronic communication, including information contained therein, to ensure its availability, integrity, authentication, confidentiality, and non-repudiation. The scope is not limited to information security; it includes the entire field of Cyber Security (availability, identification and authentication, confidentiality, integrity, and non-repudiation) to include Cyber Security techniques, processes, and industry trends. It also includes Information Operations (IO) (e.g. operational security of Information Technology (IT), the use of the electromagnetic spectrum for IT purposes and computer network operations).

Responsibilities

• Ensure that system and application policies and procedures for the network are followed
• Review applications and systems plan, instructions, guidance, and standard operating procedures for the security of network systems operations
• Participating in the Information System Assessment Process (SAR)
• Assess security requirements for hardware, software, and services acquisitions specific to network environment/system cybersecurity programs
• Ensure that cybersecurity-enabled software, hardware, and firmware comply with appropriate network system security configuration guidelines, policies, and procedures
• Test and validation controls
• Use eMASS to review controls
• Review Plan of Actions and Milestones (POA&M) entries
• Ensure that cybersecurity inspections, tests and reviews are coordinated for the network system
• Review the selected security safeguards to determine that security concerns identified in the approved plan have been fully addressed
• Advise the AO, AODR, and application/system owner of any risks or vulnerabilities discovered
• Prepare Security Assessment Reports
• Provide risk assessments IAW NIST Special Publication 800-30 for authorization decisions and configuration changes.
• Participate in technical interchanges, security impact assessments and security assessment meetings with CDMs, ISSOs/lSSMs and AODR.
• Develop Security Assessment Report to document security vulnerabilities, mitigations, and overall risk determination.
• Validate eMASS controls or returns to submitter for re-testing.
• Perform automated and manual security testing; and, Support technical assessments of IT systems to include web applications, application servers, web servers, access control, and databases.

Benefits

• ESOP participation
• 401(k) match and safe-harbor contribution
• medical
• dental
• vision
• life insurance
• short-term disability
• long-term disability
• flexible spending accounts
• Health Saving Accounts
• Health Reimbursement Accounts
• EAP
• education assistance
• paid time off
• holidays