Provide technical expertise in lab-based, analytical or production environments to enhance security and interoperability and to assist the client with designing, developing, configuring, testing, and evaluating the security of COTS or GOTS products and client program solutions. Research, learn, and share information on new security topics and technologies with the COTS or GOTS and client program teams.
Review technical specifications and design documentation, compare against government security requirements, identify potential vulnerabilities, and provide recommendations for mitigation.
Configure network and security software and hardware to comply with a national agency's program requirements, DoD STIG requirements, and client CS and IA requirements. Author documentation on COTS or GOTS and client program configuration, best business practices, and recommendations to be used for whitepapers, training, and DoD-wide guidance.
Conduct reviews of network diagrams, device configurations, and other technical documentation for the client’s solutions and provide reports to communicate results, analysis, and technical guidance.
Demonstrate and test client program technology at client technology events.
Provide input to System Security Plans.
REQUIRED QUALIFICATIONS:
10+ years of relevant experience with BS in CS or EE
CISSP-ISSAP or CISSP-ISSEP, Security+ CE, ICND, CCNA, MCP, MCSE, or CEH Certification preferred
8+ years of experience with Cybersecurity and supporting Risk Management Framework processes
Previous IC Experience
Familiar with DoD Security Technical Implementation Guidelines (STIGs)
Working knowledge of cloud, platform, and application security tools
Experience with DoD, national security program, or Public sector Cybersecurity policies and strategies.
Performed security controls assessments using NIST SP 800-53A as a guide by means of the assessment methods such as Interview, Examination and Testing.
Prepare and update IT security policies, procedures, standards, and guidelines in accordance with department and federal requirements to safeguard organizational assets, ensure data integrity, availability and confidentiality.
Developed Certification Test Plans and Procedures. Familiarity with conducting CT&E testing. Experience with automated test tools and scripts nice to have.
Developed and conducted ST&E (Security Test and Evaluation) and perform on-site security testing.
Created Requirement Traceability Matrix (RTM) and documented whether controls being assessed passed or fail using NIST SP 800-53A as a guide.
Conduct security assessment interviews to determine the Security posture of the System.
Assess threats, risks, and vulnerabilities from emerging security issues and identify mitigation requirements.
Work with support and security coordination team to ensure compliance with security processes and controls.
Have a broad knowledge of policies, concepts, staff and operating functions, and procedures affecting combat support functions, and automated information systems management at various levels of command throughout the IC and DoD
Requires strong organizational skills and action-oriented personality; experience leading tasks, tracking actions across multiple organizations
Excellent analytical and problem-solving abilities backed by solid writing and communication skills; must operate constructively and effectively with project end-users, customers, advocates and stakeholders
Requires power user skills in MS Office products (Excel, PowerPoint, OneNote, SharePoint)
Experience with implementing NIST and DoD STIG security requirements
Experience with collaborating with DOD or national security program offices and organizations
Understand and work as part of a team implementing the NIST Risk Management Framework (RMF).
Provide guidance to system managers, developers, and testers to design and develop security solution in accordance with client's policies, regulations, etc.
Provide guidance to O&M personnel to resolve security-related problems and concerns
Experience with security evaluation or vulnerability testing
Possession of excellent oral and written communication skills
Possession of excellent data gathering, analytical, and problem-solving skills
