Posted today
Top Secret/SCI
Unspecified
CI Polygraph
Tysons, VA (On-Site/Office)
Description
JCIP Technical Reviewers play a pivotal role in evaluating the cybersecurity posture of enterprise environments across the Intelligence Community (IC). They conduct comprehensive technical assessments and perform detailed analysis of vulnerability scans to ensure compliance with Intelligence Community Directives (ICDs), IC Technical Implementation Guides (TIGs), Security Technical Implementation Guides (STIGs), Security Requirement Guides (SRGs), and NIST 800-53 rev 5 security controls.
Responsibilities:
Requirements
JCIP Technical Reviewers play a pivotal role in evaluating the cybersecurity posture of enterprise environments across the Intelligence Community (IC). They conduct comprehensive technical assessments and perform detailed analysis of vulnerability scans to ensure compliance with Intelligence Community Directives (ICDs), IC Technical Implementation Guides (TIGs), Security Technical Implementation Guides (STIGs), Security Requirement Guides (SRGs), and NIST 800-53 rev 5 security controls.
Responsibilities:
- Leverage extensive expertise in vulnerability management tools, processes, and lifecycle to independently review and assess technical security controls in support of JCIP Inspections.
- Engage with site leadership and technical staff to plan and coordinate vulnerability assessments and remediation verification.
- Interview organizational subject matter experts and review documentation to validate vulnerability findings and risk prioritization using TICCL and KCoHR frameworks.
- Participate in the planning, execution, and reporting of vulnerability assessments with minimal supervision. Prepare detailed assessment deliverables.
- Clearly communicate risk impact and remediation strategies through presentations and written reports.
- Stay current with latest vulnerability management tools, techniques, threat intelligence, and IC policies.
- Travel as required to support remote inspections (8-12 weeks of travel avg some international and passport required).
Requirements
- TS/SCI with CI Poly
- M.S degree with 8+ years of experience or B.S degree with 13+ years of experience.
- IAT Level III Certification in compliance with DoD 8570.01-M and DoD Directive 8140 Cyberspace Workforce Management. (CASP+ CE, CCNP Security, CISA, CISSP (or Associate), GCED, GCIH, CCSP)
- Proven experience with vulnerability scanning tools (e.g., Tenable Nessus, Qualys, Rapid7 Nexpose), vulnerability lifecycle management, and remediation verification.
- Strong understanding of vulnerability risk ratings, threat intelligence integration, and mitigation strategies.
- Familiarity with IC directives, NIST 800-53 and 800-171 security controls as they relate to vulnerability management.
- Solid interpersonal and communication skills for working effectively with diverse technical teams and leadership.
- Ability to interpret and apply STIGs, vulnerability management frameworks, and NIST controls.
- Strong analytical skills to assess and prioritize vulnerabilities in a complex enterprise environment.
- Experience leading vulnerability management projects or teams.
- Ability to work autonomously and escalate complex or high-risk findings appropriately.
- Collaborative mindset to work effectively in mixed technical and programmatic teams.
group id: 10461782
