Job Title: Network Engineer Job Location: Boulder, CO Clearance: Secret (Top Secret preferred, will accept up to a TS/SCI) Schedule: 9/80 Onsite Labor Grade: E1 or E2 Level (12+ years of experience minimum) Salary: $130k – $160k Certification Requirement: Current Security+ (CompTIA)
Company Overview: Cornerstone Defense is the Employer of Choice within the Intelligence, Defense, and Space communities of the U.S. Government. Realizing early on that our most prized assets are our employees, we continually focus our attention on improving the overall work/life experience they have supporting the mission. Our Team is pushed every day to use their industry leading knowledge to provide end-to-end solutions to combat our nation’s toughest and most secure problems. If you are looking for a place to not only be professionally challenged, but encouraged and supported by a company that cares, don’t look any further than Cornerstone Defense.
Position Summary: We are seeking a skilled and motivated Network Engineer to support the implementation, integration, and sustainment of a secure, multi-site network infrastructure. This position involves hands-on network engineering tasks supporting a classified environment and requires collaboration across system administration, hardware, and software teams.
Key Responsibilities:
Configure, deploy, and maintain Juniper and Cisco routers, switches, and firewalls across multiple sites
Collaborate with system administrators on the deployment of secure network solutions
Participate in the design, testing, and troubleshooting of LAN/WAN network infrastructures
Perform routine system maintenance and resolve network-related issues
Install, build, and maintain rack-mounted network hardware and systems
Support workstation and server configuration in classified environments
Document network configurations and architecture using tools such as Visio
Basic Qualifications:
U.S. Citizenship with the ability to obtain a TS/SCI security clearance
Ability to obtain CompTIA Security+ certification within 6 months of hire
Hands-on experience with LAN/WAN network design and management
Experience with Juniper and/or Cisco hardware and configurations
Familiarity with Linux-based systems, especially RHEL
Preferred Qualifications:
Active TS/SCI clearance
Certifications such as Cisco CCNA/CCNP or Juniper JNCIA/JNCIS
Experience with Department of Defense (DoD) secure environments
Knowledge of network architecture, topologies, and implementation best practices
Familiarity with communication technologies (DNS, encryption products, etc.)
Understanding of DoD security standards (e.g., STIG, RMF)
Experience using monitoring and diagnostic tools for network health and performance
Automation experience using Ansible for network or system management
Familiarity with virtualization platforms such as VMware
Proficiency with network documentation tools like Microsoft Visio
Company Benefits: Cornerstone Defense offers a comprehensive list of benefits, designed to give employees and their families several options to choose from when selecting benefits that best fit their needs. These offerings include not only a full suite of the traditional Medical/Dental/Vision insurances, but also a number of other benefits and perks to include, but not limited to: A 401(K) plan with a company match, tuition and training assistances, paid vacation/leave, a fitness reimbursement program, college savings plan, commuter benefits, financial advisory services, flex spending accounts, health savings accounts, STD/LTD coverage, life and AD&D insurance, employee assistance programs, life financial planning assistance, and legal resources.
Company Overview: Cornerstone Defense is the Employer of Choice within the Intelligence, Defense, and Space communities of the U.S. Government. Realizing early on that our most prized assets are our employees, we continually focus our attention on improving the overall work/life experience they have supporting the mission. Our Team is pushed every day to use their industry leading knowledge to provide end-to-end solutions to combat our nation’s toughest and most secure problems. If you are looking for a place to not only be professionally challenged, but encouraged and supported by a company that cares, don’t look any further than Cornerstone Defense.
Program Overview: We are seeking a Cyber Systems Security Engineer (CSSE) to support a MILSATCOM program. This position plays a critical role in protecting space and ground assets from cyber threats and ensuring mission continuity through proactive cybersecurity engineering, monitoring, and risk mitigation. This role involves a blend of systems engineering, cyber threat analysis, vulnerability remediation, and compliance support. You will operate in a highly secure, mission-critical DoD environment with direct involvement in the cyber defense of national space communication systems.
Job Responsibilities:
Maintain continuous awareness of current and emerging cyber threats relevant to space and ground systems.
Analyze threat intelligence to assess potential system impacts and recommend mitigation strategies.
Develop and recommend Courses of Action (COAs) to address and prioritize cybersecurity risks.
Create and maintain cyber incident response and mission recovery procedures.
Support the development of Tactics, Techniques, and Procedures (TTPs) for cyber event response and mission continuity.
Support the integration and operation of intrusion detection/protection systems (HIDS, NIDS, IPS) within MILSATCOM environments.
Analyze and report data from tools such as DISA Endpoint Security Solution (ESS) and ACAS.
Serve as the operational point of contact for the cybersecurity tool suite (Cybersecurity Subsystem – CSS).
Administer access and monitoring for CSS tools such as Splunk, ACAS, and ESS.
Conduct Tier 1 troubleshooting of cybersecurity tools and services.
Prepare and maintain RMF artifact delivery schedules and submission tracking.
Develop and update system documentation, including hardware/software baselines, PPSM, and network diagrams.
Coordinate directly with Information System Security Officers (ISSOs) and ISSMs to ensure RMF compliance.
Perform network vulnerability scans, analyze findings, and prioritize remediation efforts.
Execute STIG scanning and baseline hardening activities across operating systems and applications.
Deliver fully tested vulnerability patches and virus signature updates on a regular and emergency basis, with Government approval.
Support creation and updates of Security Assessment Plans (SAPs) and related artifacts.
Provide cybersecurity engineering expertise in technical meetings and working groups.
Collaborate with government personnel and other engineering teams to support ongoing system sustainment and cybersecurity posture improvements.
Required Skills:
Minimum 7+ years of experience in cybersecurity engineering, preferably supporting DoD or space-related systems
Experience with RMF, DISA STIGs, and system accreditation processes
Proficiency with vulnerability management tools such as ACAS, Splunk, and ESS
Experience with network and host-based intrusion detection/prevention systems (HIDS/NIDS/IPS)
Strong knowledge of DoD cybersecurity frameworks and best practices
Bachelor’s degree in Computer Science, Information Systems, Engineering, or a related technical field (or equivalent experience)
Preferred Qualifications:
CISSP, CASP+, or CEH certification
Familiarity with satellite communications (SATCOM) systems and mission ground segments
Experience supporting MILSATCOM or other protected tactical communications systems
Knowledge of Agile and DevSecOps methodologies
Familiarity with scripting languages (PowerShell, Python, etc.)
Company Benefits: Cornerstone Defense offers a comprehensive list of benefits, designed to give employees and their families several options to choose from when selecting benefits that best fit their needs. These offerings include not only a full suite of the traditional Medical/Dental/Vision insurances, but also a number of other benefits and perks to include, but not limited to: A 401(K) plan with a company match, tuition and training assistances, paid vacation/leave, a fitness reimbursement program, college savings plan, commuter benefits, financial advisory services, flex spending accounts, health savings accounts, STD/LTD coverage, life and AD&D insurance, employee assistance programs, life financial planning assistance, and legal resources.
Type:Contract
Job#3699
Senior Linux Systems Administrator Aurora, CO Active TS/SCI with Poly Compensation Range: $125,000 – $145,000
Company Overview: Cornerstone Defense is the Employer of Choice within the Intelligence, Defense, and Space communities of the U.S. Government. Realizing early on that our most prized assets are our employees, we continually focus our attention on improving the overall work/life experience they have supporting the mission. Our Team is pushed every day to use their industry leading knowledge to provide end-to-end solutions to combat our nation’s toughest and most secure problems. If you are looking for a place to not only be professionally challenged, but encouraged and supported by a company that cares, don’t look any further than Cornerstone Defense.
Job Responsibilities:
Supporting a Raytheon program in a classified environment as a Linux System Administrator.
Responsibilities include building, maintaining, and securing Information Technology systems and directly supporting customer mission-critical capabilities.
You will work closely with program developers and system engineers to research issues, determine root causes and implement solutions to system problems.
Must be able to support occasional after hour maintenance and on-call support and must be able to lift up to 35 pounds in support of hardware installations.
Occasional travel may be required for installation support. This position is an onsite role.
Basic Qualifications:
Typically requires a Bachelor’s degree and a minimum of 5 years of prior relevant experience or a master’s degree and minimum of 3 years of prior relevant experience.
Active and transferable U.S. government issued TS/SCI with poly security clearance is required prior to start date. U.S. citizenship is required, as only U.S. citizens are eligible for a security clearance.
Must have an active DoD 8570 IAT Level 2 certification (or higher) on start date. IAT Level 2 requires one or more of the following Professional Certifications: Security+ CE, CCNA Security, GICSP, GSEC, SSCP, CySA+, CND.
Experience administering Red Hat Linux based systems with minimal support, to include patching, creating/maintaining RPM packages, performance tuning, networking, user management (LDAP), and security hardening
Preferred Qualifications:
Using and developing with automation tools/frameworks such as Terraform, Ansible, and Chef as well as scripting – particularly in Bash and Python
Experience administering Windows based systems
Experience with pipeline tools such as Jenkins and Artifactory
Demonstrated ability to work independently and troubleshoot problems with efficiency
Deployment and administration of systems in Amazon WebServices (AWS)
Company Benefits: Cornerstone Defense offers a comprehensive list of benefits, designed to give employees and their families several options to choose from when selecting benefits that best fit their needs. These offerings include not only a full suite of the traditional Medical/Dental/Vision insurances, but also a number of other benefits and perks to include, but not limited to: A 401(K) plan with a company match, tuition and training assistances, paid vacation/leave, a fitness reimbursement program, college savings plan, commuter benefits, financial advisory services, flex spending accounts, health savings accounts, STD/LTD coverage, life and AD&D insurance, employee assistance programs, life financial planning assistance, and legal resources.
Type:Contract
Job#3698
Software Engineer Aurora, CO Active TS/SCI w/ Poly Compensation Range: $125,000 – $140,000
Company Overview: Cornerstone Defense is the Employer of Choice within the Intelligence, Defense, and Space communities of the U.S. Government. Realizing early on that our most prized assets are our employees, we continually focus our attention on improving the overall work/life experience they have supporting the mission. Our Team is pushed every day to use their industry leading knowledge to provide end-to-end solutions to combat our nation’s toughest and most secure problems. If you are looking for a place to not only be professionally challenged, but encouraged and supported by a company that cares, don’t look any further than Cornerstone Defense.
Job Responsibilities:
Create both the front end for user to interface and the back end for processing and data storage
Create solutions for continuous integration/continuous deployment pipeline and for scalability to meet surge demands
Conduct exploratory data analysis on new sources of ISR data, creating discovery opportunities for optimization of AI and ML applications
Create, maintain, and track the design of data pipelines utilized to streamline OPIR data ingestion, scale data streams, and develop predictive analytic products
Standardize process, scalability with local teams, and monitoring and maintenance of operational metrics.
Facilitate data collection, cyber security compliance, and communication
Collaborate with cross-functional teams including data scientists, analysts, network engineers, and software engineers to understand data requirements and develop scalable data solutions
Develop, maintain, and optimize ELT processes to ensure the timely and accurate movement of data from source systems to data warehouses and other storage solutions
Oversee and maintain the day-to-day operation of Linux-based network servers, cloud-based environments, and virtual environments
Implement, administer, and troubleshoot security, data recovery, and network infrastructure solutions
Required Skills:
BS degree or six years applicable software experience.
Demonstrated experience creating, implementing, and maintaining scripts for process automation, infrastructure monitoring, and proactive reporting (JavaScript/Python/Perl, etc.).
Software development in JAVA and/or C++ within the context of the full software development lifecycle.
Experience in a DevOps role and environment. Prior knowledge and implementation of Kubernetes.
Prior experience supporting design, development, integration, and maintenance of new software functionality.
Location:Reston, Virginia
Type:Contract
Job#3429
DevSecOps Engineer III Reston, VA Active TS/SCI with Polygraph
Company Overview: Cornerstone Defense is the Employer of Choice within the Intelligence, Defense, and Space communities of the U.S. Government. Realizing early on that our most prized assets are our employees, we continually focus our attention on improving the overall work/life experience they have supporting the mission. Our Team is pushed every day to use their industry leading knowledge to provide end-to-end solutions to combat our nation’s toughest and most secure problems. If you are looking for a place to not only be professionally challenged, but encouraged and supported by a company that cares, don’t look any further than Cornerstone Defense.
Job Responsibilities:
As a Sr. DevSecOps Engineer III, you’ll play a critical role in designing, implementing, and maintaining secure and efficient software development and deployment pipelines.
You will collaborate with cross-functional teams to integrate security practices seamlessly into the development and operations lifecycle, ensuring the delivery of high-quality, secure, and reliable software solutions.
Collaborate with development, operations, and security teams to integrate security practices into the software development lifecycle.
Design, implement, and maintain CI/CD pipelines that incorporate automated security testing, vulnerability scanning, and compliance checks.
Develop and maintain infrastructure as code (IaC) templates and configurations, ensuring security best practices are applied to cloud resources and infrastructure components.
Perform regular security assessments, code reviews, and penetration testing to identify and address vulnerabilities and weaknesses in applications, code, and infrastructure.
Monitor and analyze system and application logs to detect and respond to security incidents.
Implement and manage identity and access management (IAM) solutions, ensuring appropriate authentication and authorization mechanisms are in place.
Collaborate with software engineers to provide guidance on secure coding practices and assist in remediation of security findings.
Participate in incident response activities, helping to investigate and mitigate security incidents in a timely manner.
Contribute to the development and maintenance of security policies, procedures, and documentation.
Required Skills:
At least 10 years of experience as a DevSecOps Engineer or similar role, with a focus on integrating security into the software development lifecycle.
Expert experience with DevOps practices, CI/CD pipelines, and automation tools (e.g., Jenkins, GitLab CI/CD, Artifactory, SonarQube, Selenium, Fortify, Acunetix, and Prisma Cloud).
Expert experience building DevSecOps solutions at scale across IL5 to IL6+ classification domains
Expert understanding of AWS and familiarity with other cloud platforms (e.g., Azure, GCP) and securing cloud-based applications and services.
Strong experience with infrastructure as code (IaC) tools such as Terraform, CloudFormation, or Ansible.
Strong experience in scripting languages (e.g., Python, Bash) for automation and tool integration.
Hands-on experience with security tools for static code analysis, dynamic application security testing (DAST), and vulnerability scanning, using tools such as Fortify, Acunetix, and Prisma Cloud
Knowledge of security best practices, common vulnerabilities, and exposure to security frameworks (e.g., OWASP, NIST).
Company Benefits: Cornerstone Defense offers a comprehensive list of benefits, designed to give employees and their families several options to choose from when selecting benefits that best fit their needs. These offerings include not only a full suite of the traditional Medical/Dental/Vision insurances, but also a number of other benefits and perks to include, but not limited to: A 401(K) plan with a company match, tuition and training assistances, paid vacation/leave, a fitness reimbursement program, college savings plan, commuter benefits, financial advisory services, flex spending accounts, health savings accounts, STD/LTD coverage, life and AD&D insurance, employee assistance programs, life financial planning assistance, and legal resources.
Location:Reston, Virginia
Type:Contract
Job#3428
DevSecOps Engineer I Reston, VA Active TS/SCI with Polygraph
Company Overview: Cornerstone Defense is the Employer of Choice within the Intelligence, Defense, and Space communities of the U.S. Government. Realizing early on that our most prized assets are our employees, we continually focus our attention on improving the overall work/life experience they have supporting the mission. Our Team is pushed every day to use their industry leading knowledge to provide end-to-end solutions to combat our nation’s toughest and most secure problems. If you are looking for a place to not only be professionally challenged, but encouraged and supported by a company that cares, don’t look any further than Cornerstone Defense.
Job Responsibilities:
As a DevSecOps Engineer I, you’ll play a critical role in designing, implementing, and maintaining secure and efficient software development and deployment pipelines.
You will collaborate with cross-functional teams to integrate security practices seamlessly into the development and operations lifecycle, ensuring the delivery of high-quality, secure, and reliable software solutions.
Collaborate with development, operations, and security teams to integrate security practices into the software development lifecycle.
Design, implement, and maintain CI/CD pipelines that incorporate automated security testing, vulnerability scanning, and compliance checks.
Develop and maintain infrastructure as code (IaC) templates and configurations, ensuring security best practices are applied to cloud resources and infrastructure components.
Perform regular security assessments, code reviews, and penetration testing to identify and address vulnerabilities and weaknesses in applications, code, and infrastructure.
Monitor and analyze system and application logs to detect and respond to security incidents.
Implement and manage identity and access management (IAM) solutions, ensuring appropriate authentication and authorization mechanisms are in place.
Collaborate with software engineers to provide guidance on secure coding practices and assist in remediation of security findings.
Participate in incident response activities, helping to investigate and mitigate security incidents in a timely manner.
Contribute to the development and maintenance of security policies, procedures, and documentation.
Required Skills:
At least 6 years of experience as a DevSecOps Engineer or similar role, with a focus on integrating security into the software development lifecycle.
Strong experience with DevOps practices, CI/CD pipelines, and automation tools (e.g., Jenkins, GitLab CI/CD, Artifactory, SonarQube, Selenium, Fortify, Acunetix, and Prisma Cloud).
Strong Experience building DevSecOps solutions at scale across IL5 to IL6+ classification domains
Experience with infrastructure as code (IaC) tools such as Terraform, CloudFormation, or Ansible.
Experience with cloud platforms (e.g., AWS, Azure, GCP) and securing cloud-based applications and services.
Experience with scripting languages (e.g., Python, Bash) for automation and tool integration.
Knowledge of security best practices, common vulnerabilities, and exposure to security frameworks (e.g., OWASP, NIST).
Company Benefits: Cornerstone Defense offers a comprehensive list of benefits, designed to give employees and their families several options to choose from when selecting benefits that best fit their needs. These offerings include not only a full suite of the traditional Medical/Dental/Vision insurances, but also a number of other benefits and perks to include, but not limited to: A 401(K) plan with a company match, tuition and training assistances, paid vacation/leave, a fitness reimbursement program, college savings plan, commuter benefits, financial advisory services, flex spending accounts, health savings accounts, STD/LTD coverage, life and AD&D insurance, employee assistance programs, life financial planning assistance, and legal resources.
Location:College Park, Maryland
Type:Contract
Job#3427
DevSecOps Engineer III College Park, MD Active TS/SCI with Polygraph Compensation Range: $145,000 – $185,000
Company Overview: Cornerstone Defense is the Employer of Choice within the Intelligence, Defense, and Space communities of the U.S. Government. Realizing early on that our most prized assets are our employees, we continually focus our attention on improving the overall work/life experience they have supporting the mission. Our Team is pushed every day to use their industry leading knowledge to provide end-to-end solutions to combat our nation’s toughest and most secure problems. If you are looking for a place to not only be professionally challenged, but encouraged and supported by a company that cares, don’t look any further than Cornerstone Defense.
Job Responsibilities:
As a Sr. DevSecOps Engineer III, you’ll play a critical role in designing, implementing, and maintaining secure and efficient software development and deployment pipelines.
You will collaborate with cross-functional teams to integrate security practices seamlessly into the development and operations lifecycle, ensuring the delivery of high-quality, secure, and reliable software solutions.
Collaborate with development, operations, and security teams to integrate security practices into the software development lifecycle.
Design, implement, and maintain CI/CD pipelines that incorporate automated security testing, vulnerability scanning, and compliance checks.
Develop and maintain infrastructure as code (IaC) templates and configurations, ensuring security best practices are applied to cloud resources and infrastructure components.
Perform regular security assessments, code reviews, and penetration testing to identify and address vulnerabilities and weaknesses in applications, code, and infrastructure.
Monitor and analyze system and application logs to detect and respond to security incidents.
Implement and manage identity and access management (IAM) solutions, ensuring appropriate authentication and authorization mechanisms are in place.
Collaborate with software engineers to provide guidance on secure coding practices and assist in remediation of security findings.
Participate in incident response activities, helping to investigate and mitigate security incidents in a timely manner.
Contribute to the development and maintenance of security policies, procedures, and documentation.
Required Skills:
At least 10 years of experience as a DevSecOps Engineer or similar role, with a focus on integrating security into the software development lifecycle.
Expert experience with DevOps practices, CI/CD pipelines, and automation tools (e.g., Jenkins, GitLab CI/CD, Artifactory, SonarQube, Selenium, Fortify, Acunetix, and Prisma Cloud).
Expert experience building DevSecOps solutions at scale across IL5 to IL6+ classification domains
Expert understanding of AWS and familiarity with other cloud platforms (e.g., Azure, GCP) and securing cloud-based applications and services.
Strong experience with infrastructure as code (IaC) tools such as Terraform, CloudFormation, or Ansible.
Strong experience in scripting languages (e.g., Python, Bash) for automation and tool integration.
Hands-on experience with security tools for static code analysis, dynamic application security testing (DAST), and vulnerability scanning, using tools such as Fortify, Acunetix, and Prisma Cloud
Knowledge of security best practices, common vulnerabilities, and exposure to security frameworks (e.g., OWASP, NIST).
Company Benefits: Cornerstone Defense offers a comprehensive list of benefits, designed to give employees and their families several options to choose from when selecting benefits that best fit their needs. These offerings include not only a full suite of the traditional Medical/Dental/Vision insurances, but also a number of other benefits and perks to include, but not limited to: A 401(K) plan with a company match, tuition and training assistances, paid vacation/leave, a fitness reimbursement program, college savings plan, commuter benefits, financial advisory services, flex spending accounts, health savings accounts, STD/LTD coverage, life and AD&D insurance, employee assistance programs, life financial planning assistance, and legal resources.
Location:College Park, Maryland
Type:Contract
Job#3426
DevSecOps Engineer I College Park, MD Active TS/SCI with Polygraph Compensation Range: $120,000 – $160,000
Company Overview: Cornerstone Defense is the Employer of Choice within the Intelligence, Defense, and Space communities of the U.S. Government. Realizing early on that our most prized assets are our employees, we continually focus our attention on improving the overall work/life experience they have supporting the mission. Our Team is pushed every day to use their industry leading knowledge to provide end-to-end solutions to combat our nation’s toughest and most secure problems. If you are looking for a place to not only be professionally challenged, but encouraged and supported by a company that cares, don’t look any further than Cornerstone Defense.
Job Responsibilities:
As a DevSecOps Engineer I, you’ll play a critical role in designing, implementing, and maintaining secure and efficient software development and deployment pipelines.
You will collaborate with cross-functional teams to integrate security practices seamlessly into the development and operations lifecycle, ensuring the delivery of high-quality, secure, and reliable software solutions.
Collaborate with development, operations, and security teams to integrate security practices into the software development lifecycle.
Design, implement, and maintain CI/CD pipelines that incorporate automated security testing, vulnerability scanning, and compliance checks.
Develop and maintain infrastructure as code (IaC) templates and configurations, ensuring security best practices are applied to cloud resources and infrastructure components.
Perform regular security assessments, code reviews, and penetration testing to identify and address vulnerabilities and weaknesses in applications, code, and infrastructure.
Monitor and analyze system and application logs to detect and respond to security incidents.
Implement and manage identity and access management (IAM) solutions, ensuring appropriate authentication and authorization mechanisms are in place.
Collaborate with software engineers to provide guidance on secure coding practices and assist in remediation of security findings.
Participate in incident response activities, helping to investigate and mitigate security incidents in a timely manner.
Contribute to the development and maintenance of security policies, procedures, and documentation.
Required Skills:
At least 6 years of experience as a DevSecOps Engineer or similar role, with a focus on integrating security into the software development lifecycle.
Strong experience with DevOps practices, CI/CD pipelines, and automation tools (e.g., Jenkins, GitLab CI/CD, Artifactory, SonarQube, Selenium, Fortify, Acunetix, and Prisma Cloud).
Strong Experience building DevSecOps solutions at scale across IL5 to IL6+ classification domains
Experience with infrastructure as code (IaC) tools such as Terraform, CloudFormation, or Ansible.
Experience with cloud platforms (e.g., AWS, Azure, GCP) and securing cloud-based applications and services.
Experience with scripting languages (e.g., Python, Bash) for automation and tool integration.
Knowledge of security best practices, common vulnerabilities, and exposure to security frameworks (e.g., OWASP, NIST).
Company Benefits: Cornerstone Defense offers a comprehensive list of benefits, designed to give employees and their families several options to choose from when selecting benefits that best fit their needs. These offerings include not only a full suite of the traditional Medical/Dental/Vision insurances, but also a number of other benefits and perks to include, but not limited to: A 401(K) plan with a company match, tuition and training assistances, paid vacation/leave, a fitness reimbursement program, college savings plan, commuter benefits, financial advisory services, flex spending accounts, health savings accounts, STD/LTD coverage, life and AD&D insurance, employee assistance programs, life financial planning assistance, and legal resources.
Location:Reston
Type:Contract
Job#3331
Information System Security Manager Clearance: TS/SCI with Polygraph Reston, VA
Supporting the Most Exciting and Meaningful Missions in the World
Cyber and Information Security Specialist (INFOSEC) perform functions in support of the directorate’s Information System Security Manager (ISSM) and deliver outcomes as follows:
Review and analyze systems architecture diagrams and networks.
Support Assessment and Authorization (A&A) requirements and process and apply ICD 503, NISPOM, and other federal guidelines in support of systems used at contractor facilities.
Assist program systems owners and/or service providers throughout the risk management framework (RMF), including the assessment and authorization (A&A) processes, as follows:
Provide advice to program system owners and/or service providers on the creation of required system documentation or body of evidence; review and provide recommendation for approval or disapproval, as appropriate.
Assess security and privacy controls and data protection in sponsor information systems and environments of operation as part of the initial security assessment and during operational changes affecting information systems’ security posture.
Assist the security control accessors (SCA), as appropriate, in performing security systems assessments and reviewing risk elements in the executive Risk System (ERS) report.
Create plans of action & milestones (POA&Ms) and/or request risk acceptance through a security assessor(SA) , who will certify the ERS report to the appropriate authorizing official (AO) or designated AO.
Regarding the RMF and A&A processes, produce an annual A&A report of trends, challenges, and risk with recommended mitigation and process improvements.
Provide oversight and guidance to ensure compliance with program information security regulations and policies on processes and request, such as Data Transfer Request; Access Request; Service/Change Request; Purchase Request; Accountable Property Management; Waivers, including medical devises and introduction (use) of equipment /devises into SCIF; and Equipment Transport. Produce a Weekly Activity Report.
Facilitate development, maintenance and security review of AIS security plans for computers, networks, and information systems deployed and used at contractor facilities, ensuring that sponsor and program approving signatures are acquired and documented.
Conduct technical exchange meetings to facilitate AIS security solutions for both industrial contractors and government systems; and produce comprehensive solutions to technically complex systems and challenges.
Ensure documentation is complete and accurate in accordance with sponsor and program AIS policies and requirements.
As necessary, support the investigation of virus/malware alerts/incidents to determine root cause, entry point of code, damage risk, and report this information.
Write reports based on technical analysis of sponsor or industrial partners systems, and as applicable provide recommendations for mitigating issues in the future.
Analysis systems , including forensically, for malware, misuse, and/or unauthorized activity.
Ensure discovered cyber incidents and data spills are reported per program SOP; support investigations and remediation/clean up as necessary, and provide guidance in coordination with program security management and other groups as appropriate.
Provide information security training and refine, edit, and maintain training material, as necessary to ensure it is up to date with current policies, regulations, and best practices.
Participate in project review meetings and provide technical cyber security advise/expertise to program personnel.
Advise on technical and performance characteristics of new technologies, as relates to sponsor policies and regulations.
Review complex sponsor and industrial partners system designs for security risk and compliance with sponsor policy and regulations; propose resolution and preventive strategies.
Communicate complex technical concepts, project information, and security policy clearly and concisely to both technical and non-technical audiences.
Provide briefings and/or training on sponsor’s INFOSEC policies and regulations.
Provide a quarterly Security Control Status Report (SCSR) that identifies security risk and trends through the ranking of the 77 Control Families.
