Today
Secret
Mid Level Career (5+ yrs experience)
$90,000 - $100,000
No Traveling
IT - Security
Norfolk, VA (On-Site/Office)
Cybersecurity Specialist The Cybersecurity Specialist will be a pivotal leader in securing systems, providing specialized expertise in the Assessment and Authorization (A&A) and Risk Management Framework (RMF) processes.
This role requires an experienced professional to manage and continuously improve the end-to-end A&A lifecycle, ensuring all USFF systems meet stringent DoD/Navy cybersecurity and data protection standards.
Key Responsibilities
Lead A&A and RMF Compliance:
Serve as the primary Subject Matter Expert (SME) for the entire A&A/Certification & Accreditation (C&A) lifecycle for all USFF HQ systems.
Review, validate, and develop comprehensive A&A packages, ensuring system/network architectures and operating features adequately protect against unauthorized access and maintain system availability.
Conduct Cybersecurity compliance and documentation validation assessments for applications, systems, and networks.
Risk Assessment and Management:
Perform Certification Authority (CA) risk assessments to evaluate system vulnerabilities and provide detailed written risk assessment reports, including overall risk analysis and strategic recommendations.
Develop Plans of Action and Milestones (POAMs) and supporting risk assessments to track and mitigate identified vulnerabilities.
Process Improvement and Communication:
Revise and streamline the end-to-end A&A workflow processes, developing supporting Standard Operating Procedures (SOPs), checklists, and workflow charts.
Act as the primary point of contact, engaging with pertinent stakeholders and cross-functional teams to coordinate efforts, resolve documentation errors/omissions, and ensure cohesive execution of cybersecurity objectives.
Communicate critical A&A feedback, coordinate necessary corrections, and validate responses prior to final submission.
Post-Inspection Support and Analysis:
Provide essential support for all data and information resulting from Cyber Security Inspections (CSI) conducted at USFF or its subordinate commands.
Manage and track post-CSI issues, including adjudicating findings in Vulnerability Management System (VMS), and assessing statistical data on adjudication status.
Conduct analysis of trends in A&A/Cybersecurity findings and develop a monthly Dashboard for USFF leadership on readiness and compliance.
Provide expert Security Technical Implementation Guide (STIG) review and interpretation.Documentation and Reporting:Develop, or assist in the development of, formal documentation, including point papers, naval messages, presentations, and briefings to support A&A and Cybersecurity functions.Job
Education & Experience:
Bachelor’s degree in a Cybersecurity or related field; OR Associate’s degree and 2 years of related experience.
A minimum of 5 years of hands-on experience in cybersecurity, A&A, or INFOSEC. (7 years of related experience may substitute for the formal degree requirement).
Certifications: IAT Level II certification (e.g., CompTIA Security+ or equivalent).Technical Expertise: Demonstrated expert knowledge and hands-on experience with the DoD Assessment and Authorization (A&A) process and the Risk Management Framework (RMF).Strong knowledge of Defense Information Systems Agency (DISA) STIG requirements and the implementation/compliance process.
Proficiency in System / Network Vulnerability Analysis, Risk Assessment, and Risk Mitigation.
Knowledge of core technologies, including: Windows/Linux Operating Systems, virtualization, networking (IP Ports & Protocols), storage, backup, and Firewall Policy.
This role requires an experienced professional to manage and continuously improve the end-to-end A&A lifecycle, ensuring all USFF systems meet stringent DoD/Navy cybersecurity and data protection standards.
Key Responsibilities
Lead A&A and RMF Compliance:
Serve as the primary Subject Matter Expert (SME) for the entire A&A/Certification & Accreditation (C&A) lifecycle for all USFF HQ systems.
Review, validate, and develop comprehensive A&A packages, ensuring system/network architectures and operating features adequately protect against unauthorized access and maintain system availability.
Conduct Cybersecurity compliance and documentation validation assessments for applications, systems, and networks.
Risk Assessment and Management:
Perform Certification Authority (CA) risk assessments to evaluate system vulnerabilities and provide detailed written risk assessment reports, including overall risk analysis and strategic recommendations.
Develop Plans of Action and Milestones (POAMs) and supporting risk assessments to track and mitigate identified vulnerabilities.
Process Improvement and Communication:
Revise and streamline the end-to-end A&A workflow processes, developing supporting Standard Operating Procedures (SOPs), checklists, and workflow charts.
Act as the primary point of contact, engaging with pertinent stakeholders and cross-functional teams to coordinate efforts, resolve documentation errors/omissions, and ensure cohesive execution of cybersecurity objectives.
Communicate critical A&A feedback, coordinate necessary corrections, and validate responses prior to final submission.
Post-Inspection Support and Analysis:
Provide essential support for all data and information resulting from Cyber Security Inspections (CSI) conducted at USFF or its subordinate commands.
Manage and track post-CSI issues, including adjudicating findings in Vulnerability Management System (VMS), and assessing statistical data on adjudication status.
Conduct analysis of trends in A&A/Cybersecurity findings and develop a monthly Dashboard for USFF leadership on readiness and compliance.
Provide expert Security Technical Implementation Guide (STIG) review and interpretation.Documentation and Reporting:Develop, or assist in the development of, formal documentation, including point papers, naval messages, presentations, and briefings to support A&A and Cybersecurity functions.Job
Education & Experience:
Bachelor’s degree in a Cybersecurity or related field; OR Associate’s degree and 2 years of related experience.
A minimum of 5 years of hands-on experience in cybersecurity, A&A, or INFOSEC. (7 years of related experience may substitute for the formal degree requirement).
Certifications: IAT Level II certification (e.g., CompTIA Security+ or equivalent).Technical Expertise: Demonstrated expert knowledge and hands-on experience with the DoD Assessment and Authorization (A&A) process and the Risk Management Framework (RMF).Strong knowledge of Defense Information Systems Agency (DISA) STIG requirements and the implementation/compliance process.
Proficiency in System / Network Vulnerability Analysis, Risk Assessment, and Risk Mitigation.
Knowledge of core technologies, including: Windows/Linux Operating Systems, virtualization, networking (IP Ports & Protocols), storage, backup, and Firewall Policy.
group id: 10202776
