Must Be A US Citizen
Active TS/SCI w/Poly required
Duties and Responsibilities:
• Implement Information Assurance (IA) processes, provide guidance, and develop documentation throughout the system development life-cycle via the RMF tool in ServiceNOW.
• Develop, implement, and document formal security policies and System Security Plans (SSP) throughout the program and monitor compliance to these policies during all phases of the Risk Management Framework (RMF) process.
• Utilize Enterprise Security Services to provide analysis of vulnerabilities and compliance risks in ACAS, Enterprise IT audit logs in ArcSight and Splunk, McAfee Host-Based Security Services (HBSS), User Activity Monitoring (UAM), and Cyber Terrain Mapping (CTM) on 100+ nodes.
• Monitor Heat Map Score matrix and evaluate cyber risk data, keeping the score at acceptable risk levels for the security categorization of the asset(s) and their Risk Evaluation Lanes (REL).
• Manage and deliver system authorization and accreditation packages, for 4 assets that span 3 different classification levels.
• Review and make recommendations on program-level documentation (e.g., requirements specification, system architecture, design documents, test plans, security plans, etc.).
• Assess/calculate risk based on threats, vulnerabilities, and shortfalls uncovered in routine analyzation of Continuous Monitoring (ConMon) controls and provide those results as Body of Evidence (BoE) to be evaluated in 7, 30, 90 and 365 day increments as the control metrics require.
• Direct activities required to remediate system-level information security weaknesses tracked via the FISMA (POA&M) process. Document the elements of the plans, milestones for correcting the weaknesses, and scheduled completion dates for the milestones, periodically reporting remediation progress as necessary.
• Brief leadership, as needed, on the status of action items and/or results of activities affecting the security posture of the program.
• Able to collaborate and communicate effectively with other system engineers, system administrators, software developers, and information assurance professionals.
Education & Qualifications:
• Bachelor's Degree in Information Technology, Information Systems Security, Cybersecurity, or related field. • DoD 8570.01 IAT level 2 or greater cybersecurity certification per DoD 8570.01
• Minimum of 10 years' related experience in Cybersecurity, Systems or Software Engineering, for the government or government contractor, if other than IC position.