• The candidate must be familiar with network vulnerability scanners (e.g. Retina, ACAS, Nessus). The candidate must be familiar with patch management software (e.g. WSUS, SCCM, SMS, Hercules, etc.). Event Logging and analysis for a Defensive Cyber Infrastructure, Accreditation Cyber Forensic analytics capabilities.
• Provide subject matter expertise in the provision of information assurance (IA) support for certification and accreditation (C&A), DIACAP or RMF accreditation package and artifact generation, requirements analysis, security test and evaluation (ST&E) plans and execution, risk assessments, systems analysis and hardening, incident response and policy analysis, trusted product evaluations, IA program assessments, and security posture presentations. Provide analytical support for the development and submission of C&A documentation in compliance with the DIACAP or RMF requirements. Apply knowledge of technology, analyze the security implications of systems and applications security, and provide recommendations to decision-makers and engineers. Provide experience-based advice and assistance to facilitate C&A efforts.
• Design, develop, and recommend integrated security system solutions that will ensure proprietary and confidential data and systems are protected. Provide technical engineering services for the support of integrated security systems and solutions. Interface with the client in the strategic design process to translate security and business requirements into technical designs. Configure and validate secure complex systems and test security products and systems to detect security weakness. Provide work leadership to more junior employees. This position is located in Aberdeen Proving Ground, MD.
• 3+ years of experience with providing information assurance support, documenting compliance, or evaluating IA security posture in a DoD environment
• Experience with cyber remediation of network systems, to include user equipment (laptops, desktops, and tablets) and network devices (Servers)
• Analyze and/or administer security controls for information systems in lab and field environments
• Ensure designs meet applicable security technical implementation guides (STIGs)
• Conduct engineering vulnerability assessment of systems utilizing DoD approved IA tools (ACAS) and DISA STIGs
• Identify technical applicability, remediate, support mitigation of IAVA notices and support metric reporting
• Research, interpret, and provide technical policy guidance pertinent to information and system security
• Exercise creative thinking and ideation to advance our business performance
• Deliver innovative, flexible, integrated solutions to meet customers changing business needs
• Support and engage in programs, projects and practices and strategy, and comply with all policies and procedures
• Follow industry and department trends and developments to ensure services are consistent with, and/or superior
• to, industry best practices
• Experience with reviewing government guidance, including task orders, directives, STIGS, or IAVAs for applicability
• and implementation
- Secret with SSBI clearance required
• AA or BS degree (Experience can be substituted for educational requirements.)
• Security+ CE Certification
• Operating System Certification (Windows10, Server 2012 or Linux)
• Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; Secret with SSBI clearance is required.
• Mandatory Requirement: Candidate must be a US Citizen in order to obtain and maintain an interim and final security clearance.
• Preferred Qualifications:
- Top Secret clearance preferred
• BA or BS degree in a technical area (Computer Science, Information Assurance, Cyber Security…)
- Certified Information Systems Security Professional (CISSP) certification preferred
• Experience with developing and maintaining DoD Information Assurance Certification and Accreditation Process
• (DIACAP) or Risk Management Framework (RMF) packages
• Experience with vulnerability assessments using various scanning tools
• Experience with performing, interpreting, and reporting vulnerability assessments
• Experience with developing and presenting, orally and in writing, technical information to non-technical audiences and clients
• Knowledge of computer networking and network-based information assurance devices
Technical and Management Resources, Inc. is an Equal Opportunity Employer and does not discriminate with regard to race, color, religion, sex, age, national origin, disability, or Vietnam veteran status. This policy affirms TMR’s commitment to the principles of fair employment and the elimination of discriminatory practices. We encourage all employees to take advantage of opportunities for promotion as they occur.