Primary responsibility will be to perform system vulnerability scans systems in order to determine system compliancy with customer authorization policies.
Manage and maintain continuous monitoring program for assigned area.
Provides information assurance support for the development and implementation of security architectures to meet new and evolving security requirements.
Evaluates, develops and enhances security requirements, policy and tools.
Provides assistance in computer incident investigations. Performs vulnerability assessments including development of risk mitigation strategies.
Act as a technical management resource for information system security matters.
Provides technical and programmatic Cyber Security and Information System Security Management Services to internal and external customers in support of network and information security systems.
Ensures the development and implementation of information security policy, requirements, and procedures within an organization’s business processes.
Reviews documentation from information obtained from customer using accepted guidelines such as RMF (Risk Management Framework).
Provides assessment and authorization (A&A) management support and all documentation necessary to complete the A&A process to include system security plans, contingency plans, and other associated documentation.
Conducts complex vulnerability assessments to include: development of risk mitigation strategies with the customer; adjudicating based on assessing the vulnerabilities, threats, and risk associated with assessment.
Reviews system configurations and scan tool results in order to determine system compliancy and report results.
Analyzes policies and procedures against Federal laws and customer regulations and provides recommendations for closing gaps. Develops strategies to comply with privacy, risk management, and e-authentication requirements.
Provides cyber security and information system security support for the development and implementation of security architectures to meet new and evolving security requirements.
Evaluates, develops and enhances security requirements, policy and tools.
Provides assistance in computer incident investigations. Performs vulnerability assessments including development of risk mitigation strategies.
Required Qualifications:
Requires 10 to 12 years with BS/BA or 8 to 10 years with MS/MA or 5 to 7 years with PhD
Minimum of 2 years of experience in technology/tools specific to the target platforms.
5 + years of experience in vulnerability management, network security, cloud environments, and network topologies.
Able to demonstrate a strong understanding of Best Security practices
Ability to execute vulnerability/compliance assessment tools and evaluate results for systems undergoing security assessment and continuous evaluation.
Expertise with COTS cybersecurity and Authorization tools to include: Xacta, Tenable/Nessus, WebInspect, AppDetective, RedSeal, and etc.
Strong experience with customer's Assessment and Authorization (A&A) process (e.g. RMF, NIST800-53, ICD503)
Strong understanding of the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 and or 800-53A Revision 4 as well as 800-30, 37 and 39,(CNSS) Instruction No. 1253.
Candidate shall demonstrate strong understanding of Cyber Security Policies and be able to handle multiple project, Networks and IT systems
Candidate should have professional certifications (e.g., CISSP, CISM, CASP, CISA, Security+)