Lead Risk Management Specialist (Cyber Network Analysis Tech 3) - 28773

About The Position

Requirements

• 5 years relevant experience with Bachelors in related field; 3 years relevant experience with Masters in related field; 0 years experience with PhD or Juris Doctorate in related field; or High School Diploma or equivalent and 9 years relevant experience.
• Candidate must be able to obtain and maintain US Top Secret security clearance.
• Candidate must have experience using DISA ACAS.
• Candidate must have advanced knowledge of Microsoft Excel.
• Candidate must comply with the DoD Cyber IT/CSWF Program requirements of DoD 8570.1-M and SECNAV M-5239.2 at the Intermediate (IAT-II) level.
• Candidate must have a CompTIA Security+ CE certification.

Nice To Haves

• A current DISA ACAS Administrator Training certificate.

Responsibilities

• Lead the team in conducting security testing and evaluation of servers, workstations, databases, and network infrastructure devices (e.g. firewalls, switches, routers, load balancers) to identify security vulnerabilities and weaknesses, and produce detailed findings reports that support the security authorization process.
• Develop customized scanning and testing configurations within cybersecurity tools to meet specific security and configuration requirements.
• Map identified findings whether discovered through manual assessment, automated scanning, or associated with CVEs to the appropriate NIST SP 800-53 security controls, DoD policies, and relevant technical standards.
• Analyze and interpret cybersecurity directives, policies, and instructions, including CTOs, FRAG/TASK/OPORDs, IAVMs, PKI guidance, and STIG requirements, to assess applicability and required actions.
• Create or Update eMASS artifacts to support Assessments and Authorizations and Annual Security Reviews.
• Evaluate the adequacy of current security testing and assessment toolsets; identify capability gaps and recommend new tools or enhancements to improve assessment coverage and effectiveness.
• Serve as a subject matter expert on known and emerging vulnerabilities, providing analysis of exploitation methods, mitigation and remediation strategies, severity impacts, and operational considerations.
• Review Assessment & Authorization (A&A) documentation to ensure compliance with applicable DoD and RMF cybersecurity policies and standards.
• Perform risk analyses and recommend mitigating controls.
• Assist in drafting, updating, and maintaining cybersecurity policies, procedures, and technical guidance for systems and emerging technologies.
• Provide critical written and oral analysis of security architecture documentation and vulnerability and risk assessments.
• Support the creation, management, and tracking of Plans of Action and Milestones (POA&Ms), ensuring accurate status reporting and alignment with cybersecurity requirements.
• Advise Government in all aspects of Cybersecurity and Risk Management Framework (RMF).
• Track and report cybersecurity compliance status in VRAM and other applicable vulnerability tracking or reporting platforms.
• Conduct independent verification and risk analysis of security configurations, STIG findings, and POA&M entries for systems and devices across the enterprise.
• Demonstrate the ability to work independently with minimal oversight as well as collaboratively in a team environment.

Benefits

• best-in-class medical, dental and vision plan choices
• wellness resources
• employee assistance programs
• Savings Plan Options (401(k))
• financial planning tools
• life insurance
• employee discounts
• paid holidays and paid time off
• tuition reimbursement
• early childhood and post-secondary education scholarships