Today
Top Secret/SCI
$150,000 - $160,000
No Traveling
IT - Software
Suffolk, VA (On-Site/Office)
Requirements
Clearance Level
TS/SCI clearance
Certifications (IAT Level III)
One of the following:
CompTIA Advanced Security Practitioner (CASP CE)
Cisco Certified Network Professional Security (CCNP Security)
Certified Information Systems Auditor (CISA)
Certified Information Systems Security Professional (CISSP)
GIAC Certified Enterprise Defender (GCED)
GIAC Certified Incident Handler (GCIH
Functional area training certificates (required prior to start date):
DISA eMASS Computer Based Training
Annual Cyber Awareness Training
Required Skills and Experience
A Master’s of Cybersecurity or related degree, or 10 years of experience in cybersecurity analysis with an understanding of applicable laws, acts, policies, protocols, and regulations.
At least 5 years of experience related to DoD cybersecurity policies, procedures, and related directives including Task Orders, Executive Orders, Operational Orders, OPSEC, OSINT, etc.
Key Responsibilities
Serve as the primary Subject Matter Expert (SME) for all aspects of the Assessment and Authorization process in accordance with the DoD Risk Management Framework (RMF) model.
Lead the effort utilizing Enterprise Mission Assurance Support Service (eMASS) to document activities, including implementation of all applicable security controls as identified via information system security categorization in accordance with National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 and Committee on National Security Systems Instructions (CNSSI) 1253.
Test and apply security controls based on security categorization, the application of overlays (privacy, classified, intel, etc.) and security control tailoring (AI, NOFORN, etc.).
Collaboration with team leads, system owners, developers, and other key stakeholders to ensure security requirements are integrated throughout system design and implementation.
Conduct active and passive reconnaissance of data, with the ability to assess and author Plans of Milestones and Actions (POA&Ms) containing accurate and verifiable mitigation statements, milestone tracking, and applying to the most relevant security control.
Development of comprehensive required A&A documentation, including System Security Plan (SSP), Security Assessment Plan (SAP), Security Assessment Reports (SARs), etc.
Adherence to the eMASS scheduled tasking within the accreditation cycle, including Quarterly Independent Verification and Validation (IV&V), quarterly STIG checks, Annual Security Review (ASR), monthly POA&M updates, and resubmission for ATO, ATC, IATC and IATT as applicable.
Maintenance of DISA circuit connections (CCSDs), inheritance from accredited systems and cloud service providers, and the workflow schedule on accreditations.
Clearance Level
TS/SCI clearance
Certifications (IAT Level III)
One of the following:
CompTIA Advanced Security Practitioner (CASP CE)
Cisco Certified Network Professional Security (CCNP Security)
Certified Information Systems Auditor (CISA)
Certified Information Systems Security Professional (CISSP)
GIAC Certified Enterprise Defender (GCED)
GIAC Certified Incident Handler (GCIH
Functional area training certificates (required prior to start date):
DISA eMASS Computer Based Training
Annual Cyber Awareness Training
Required Skills and Experience
A Master’s of Cybersecurity or related degree, or 10 years of experience in cybersecurity analysis with an understanding of applicable laws, acts, policies, protocols, and regulations.
At least 5 years of experience related to DoD cybersecurity policies, procedures, and related directives including Task Orders, Executive Orders, Operational Orders, OPSEC, OSINT, etc.
Key Responsibilities
Serve as the primary Subject Matter Expert (SME) for all aspects of the Assessment and Authorization process in accordance with the DoD Risk Management Framework (RMF) model.
Lead the effort utilizing Enterprise Mission Assurance Support Service (eMASS) to document activities, including implementation of all applicable security controls as identified via information system security categorization in accordance with National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 and Committee on National Security Systems Instructions (CNSSI) 1253.
Test and apply security controls based on security categorization, the application of overlays (privacy, classified, intel, etc.) and security control tailoring (AI, NOFORN, etc.).
Collaboration with team leads, system owners, developers, and other key stakeholders to ensure security requirements are integrated throughout system design and implementation.
Conduct active and passive reconnaissance of data, with the ability to assess and author Plans of Milestones and Actions (POA&Ms) containing accurate and verifiable mitigation statements, milestone tracking, and applying to the most relevant security control.
Development of comprehensive required A&A documentation, including System Security Plan (SSP), Security Assessment Plan (SAP), Security Assessment Reports (SARs), etc.
Adherence to the eMASS scheduled tasking within the accreditation cycle, including Quarterly Independent Verification and Validation (IV&V), quarterly STIG checks, Annual Security Review (ASR), monthly POA&M updates, and resubmission for ATO, ATC, IATC and IATT as applicable.
Maintenance of DISA circuit connections (CCSDs), inheritance from accredited systems and cloud service providers, and the workflow schedule on accreditations.
group id: 10122467
