As an Information Systems Security Professional, you, with support from others on the IT team, will lead all activities associated with the assessment and authorization (A&A) of onPrem and cloud hosted computing environments. You will gather the information about the information systems to identify potential security weaknesses, recommend improvements, remediate vulnerabilities, implement changes, and document upgrades.Essential Job Functions:
- Collaborate with program management and engineering team members to define and implement cybersecurity requirements for managed systems and software.
- Create, review, and maintain DOD Risk Management Framework (RMF) A&A packages.
- Conduct security assessments of RMF controls implemented for assigned systems.
- Identify corrective actions and mitigation strategies to achieve and sustain RMF compliance.
- Interface with end users and customers to discuss IT, data management, and collaboration tools understanding and benefits.
- Due to the sensitivity of customer related requirements, U.S. Citizenship is required.
- AA/AS with 10 years of experience, BS/BA with 8 years of experience, or MA/MS with 6 years of experience in a related IT discipline.
- 5+ years of experience where you provided and implemented security guidance and information system validation using National Institute of Standards and Technology (NIST) and/or DOD RMF standards/policies for Linux systems.
- Must possess a current DoD Approved Cybersecurity Workforce Certification for an Information Assurance Manager (IAM) Level 2 (Security+) or IAM Level 3 (CISSP or CISM), and actively practicing IT security and compliance.
- Must have experience with Risk Management Framework (RMF) or DoD Information Assurance Certification and Accreditation Process (DIACAP). Experience creating and maintaining RMF artifacts such as boundary diagrams, ports and protocols, POA&M, software approvals, etc.
- Active Secret clearance or higher.
- Extensive experience utilizing and familiarity installing DOD security tools and computer security tools such HBSS, ACAS, McAfee, etc.
- Ability to apply technical IT standards, principles, theories, and techniques.
- Familiarity with Linux operating systems and DISA Linux STIGs for RHEL, Ubuntu, etc. Linux certification is highly desirable.
- Excellent verbal and written English communication with the ability to prepare and deliver clear presentations on A&A plans, status, technical issues, and results.
- Demonstrated ability and react effectively to time critical situations to achieve project success.
- Applicants selected will be subject to a security investigation and must meet eligibility requirements to obtain and maintain a TS/SCI security clearance for access to classified information.