Posted today
Top Secret/SCI
Unspecified
IT - Security
MCB Quantico, VA (On-Site/Office)
Cyber Security Specialist
Quantico, VA - onsite
Security Clearance: Active TS/SCI is required
Must be IAT level III certified
Major Duties & Responsibilities:
• Assist in building, coordinating, maintaining, changing, and updating, the RMF A&A packages for the five enclaves administered by AFOSI.
o Implement security controls and assist AFOSI customers with the implementation of controls.
o Continuously monitor control compliance and remediate or POA&M systems as required.
o Collaborate with enterprise operations and development teams to ensure the infrastructure and application are configured within DoD requirements.
• Develop and maintain System Security Documents in accordance with the RMF Process to include policies, plans and procedures.
• Ensure that all application deliverables and systems comply with applicable DISA STIGs or Security Requirements Guidance.
• Assist in maintaining and updating HQ's AFOSI Governance, Risk and Compliance (GRC) application for assessing/managing risk, and authorizations for all AFOSI data networks.
• Implement security controls and assist AFOSI customers with the implementation of controls. Continuously monitor control compliance and take immediate actions to bring systems into compliance.
• Audit security log information using Splunk Enterprise, track firewall rule activity to create security baselines, and create alerts and reports.
• Utilize the ACAS vulnerability scanning suite to identify configuration problems and missing patches.
• Track and analyze Plan of Action & Milestones (POA&Ms) reports to conduct risks assessments.
• Assist in the review of current Cyber Operational Readiness Assessment (CORA) requirements and ensure systems and their operations are compliant.
Qualifications:
• 5 years experience in cyber security and information assurance with at least 3 years of experience in systems administration for server and infrastructure support.
• Bachelor’s degree in a related field desired.
• Must be certified at IAT Level III (e.g., CASP+ CE/SecurityX, CISA, CCNP Security, CISSP, or equivalent certification satisfying DoD 8570/8140 certification requirements).
• Experience with RMF, STIGs, GRC, PPSM, event log audit.
• Working knowledge of firewall functionality.
• Knowledge of analyzing the result of a security risk assessment.
• Experience with the RMF steps to include categorization, security control selection, implementation plan development, assessment, and continuous monitoring.
• Knowledge of the Information Assurance Vulnerability Management (IAVM) process and Common Vulnerabilities and Exposures (CVE) framework.
• Experience with PowerShell scripting to automate repetitive tasks and gather security information.
• Experience creating, reviewing, and revising security documentation and artifacts.
• Experience with Vulnerability Management tools, such as ACAS, including the ability to read and analyze automated vulnerability reports.
• Experience with Fortify Static Code analyzer, or another code scanner, desired. Experience with security information and event management (SIEM) software, such as Splunk or ArcSight.
• Must possess analytical skills to troubleshoot cybersecurity issues and the ability to conceptualize server infrastructures and configurations.
• Experience with Asset Management software, such as Lansweeper or SolarWinds desired.
• Experience configuring and troubleshooting firewalls, and using protocol analyzers desired.
• Experience participating in cyber security inspections and in Computer Network Defense (CND) actions such as incident response desired.
• Experience with DoD IT environment and networks.
• Must have strong communication skills and be able to work comfortably with all levels of an organization.
• Must be a US citizen and hold a current Top Secret clearance with SCI access (TS/SCI).
Quantico, VA - onsite
Security Clearance: Active TS/SCI is required
Must be IAT level III certified
Major Duties & Responsibilities:
• Assist in building, coordinating, maintaining, changing, and updating, the RMF A&A packages for the five enclaves administered by AFOSI.
o Implement security controls and assist AFOSI customers with the implementation of controls.
o Continuously monitor control compliance and remediate or POA&M systems as required.
o Collaborate with enterprise operations and development teams to ensure the infrastructure and application are configured within DoD requirements.
• Develop and maintain System Security Documents in accordance with the RMF Process to include policies, plans and procedures.
• Ensure that all application deliverables and systems comply with applicable DISA STIGs or Security Requirements Guidance.
• Assist in maintaining and updating HQ's AFOSI Governance, Risk and Compliance (GRC) application for assessing/managing risk, and authorizations for all AFOSI data networks.
• Implement security controls and assist AFOSI customers with the implementation of controls. Continuously monitor control compliance and take immediate actions to bring systems into compliance.
• Audit security log information using Splunk Enterprise, track firewall rule activity to create security baselines, and create alerts and reports.
• Utilize the ACAS vulnerability scanning suite to identify configuration problems and missing patches.
• Track and analyze Plan of Action & Milestones (POA&Ms) reports to conduct risks assessments.
• Assist in the review of current Cyber Operational Readiness Assessment (CORA) requirements and ensure systems and their operations are compliant.
Qualifications:
• 5 years experience in cyber security and information assurance with at least 3 years of experience in systems administration for server and infrastructure support.
• Bachelor’s degree in a related field desired.
• Must be certified at IAT Level III (e.g., CASP+ CE/SecurityX, CISA, CCNP Security, CISSP, or equivalent certification satisfying DoD 8570/8140 certification requirements).
• Experience with RMF, STIGs, GRC, PPSM, event log audit.
• Working knowledge of firewall functionality.
• Knowledge of analyzing the result of a security risk assessment.
• Experience with the RMF steps to include categorization, security control selection, implementation plan development, assessment, and continuous monitoring.
• Knowledge of the Information Assurance Vulnerability Management (IAVM) process and Common Vulnerabilities and Exposures (CVE) framework.
• Experience with PowerShell scripting to automate repetitive tasks and gather security information.
• Experience creating, reviewing, and revising security documentation and artifacts.
• Experience with Vulnerability Management tools, such as ACAS, including the ability to read and analyze automated vulnerability reports.
• Experience with Fortify Static Code analyzer, or another code scanner, desired. Experience with security information and event management (SIEM) software, such as Splunk or ArcSight.
• Must possess analytical skills to troubleshoot cybersecurity issues and the ability to conceptualize server infrastructures and configurations.
• Experience with Asset Management software, such as Lansweeper or SolarWinds desired.
• Experience configuring and troubleshooting firewalls, and using protocol analyzers desired.
• Experience participating in cyber security inspections and in Computer Network Defense (CND) actions such as incident response desired.
• Experience with DoD IT environment and networks.
• Must have strong communication skills and be able to work comfortably with all levels of an organization.
• Must be a US citizen and hold a current Top Secret clearance with SCI access (TS/SCI).
group id: COMPHLP
