Act as a technical management resource for information system security matters.
Provides technical and programmatic Cyber Security and Information System Security Management Services to internal and external customers in support of network and information security systems.
Ensures the development and implementation of information security policy, requirements, and procedures within an organization’s business processes.
Reviews documentation from information obtained from customer using accepted guidelines such as RMF (Risk Management Framework).
Provides assessment and authorization (A&A) management support by guiding the development of all documentation necessary to complete the A&A process to include system security plans, contingency plans, and other associated documentation.
Conducts complex vulnerability assessments to include; development of risk mitigation strategies with the customer; adjudicating based on assessing the vulnerabilities, threats, and risk associated with assessment.
Reviews system configurations and scan tool results in order to determine system compliance and report results.
Analyzes policies and procedures against Federal laws and customer regulations and provides recommendations for closing gaps.
Develops strategies to comply with privacy, risk management, and e-authentication requirements.
Provides cyber security and information system security support for the development and implementation of security architectures to meet new and evolving security requirements.
Evaluates, develops and enhances security requirements, policy and tools.
Provides assistance in computer incident investigations.
Performs vulnerability assessments including development of risk mitigation strategies.
Requires 12 to 15 years with BS/BA or 10 to 13 years with MS/MA or 7 to 9 years with PhD
Candidate shall demonstrate strong experience with customer's Assessment and Authorization (A&A) process (e.g. RMF, NIST800-53, ICD503)
Candidate shall demonstrate strong understanding of Cyber Security Policies
Candidate shall have strong understanding of Networks and IT systems
Candidate shall demonstrate strong communication skills
Candidate shall demonstrate experience working with and across teams and handling multiple projects at once.
Candidate shall demonstrate understanding of strong security practices and working with Security Officers
Candidate should have accreditation tool experience (e.g., Xacta, Nessus, AppDetective, WebInspect)
Candidate should have professional certifications (e.g., CISSP, CISM, CASP, CISA, Security+)