Job Requirements
Richardson, TX Cedar Rapids, IA
Top Secret Polygraph not specified
Senior Level Career (10+ yrs experience)
$155,000 - $175,000
Job Description
• DoD 8570 / 8140 compliant certification
o minimum IAT Level III (e.g., CASP+, CISSP, CCSP).
Knowledge/Experience
• DoD RMF under:
o Department of Defense RMF
o National Institute of Standards and Technology SP 800-53
• Preparing and maintaining ATO packages in eMASS
• Collateral Secret system authorization
• Virtualized enterprise environments
• Implementing DISA STIGs, including:
o ESXi STIG
o vCenter STIG
o Windows/Linux STIG
o Network Device STIG
o vulnerability management processes
• vCenter configuration
• NSX microsegmentation
• vSAN secure configuration
Security Implementation
• STIG application & validation
• SCAP scanning tools
• Configuration baseline management
• POA&M development and remediation tracking
• Log aggregation (e.g., SIEM integration)
• Endpoint protection integration (ClaimAV & Symantec Endpoint Protection)
• PKI implementation
Duties
• Develop complete RMF authorization package:
o SSP
o Security Control Traceability Matrix (SCTM)
o POA&M
o Diagrams
Data Flow
Physical
• Map implemented controls to NIST 800-53 Rev 5
• Coordinate with ISSM and AO
• Update eMASS artifacts as required
• Support assessment events and artifact collection
• Ensure all inherited controls are properly documented
• Support annual security reviews
• Track changes under configuration management
o Ensure modifications do not invalidate authorization
• Create, maintain, and participate in Change Management review for requests that affect the SDE ATO
o Assess impact of patches, upgrades, or VCF lifecycle updates
o Support security impact analysis
o Ensure modifications do not invalidate authorization
• Conduct CONMON actions for weekly, monthly, quarterly, annually, and bi-annually tasks as required to maintain SDE ATO
• Assist is updating Collins processes for auditing VCF infrastructure.
• Create and conduct training for auditing the Information System with Collins standard tool (i.e. Splunk, Rapid7 – Nexpose, ClaimAV, Symantec Endpoint Protection)
o Lead and suggest solutions for gaps found in any for compliance with regulations to maintain ATO of Information System
Eligibility requirements apply to some benefits and may depend on your job
classification and length of employment. Benefits are subject to change and may be
subject to specific elections, plan, or program terms. If eligible, the benefits
available for this temporary role may include the following:
• Medical, dental & vision
• Critical Illness, Accident, and Hospital
• 401(k) Retirement Plan – Pre-tax and Roth post-tax contributions available
• Life Insurance (Voluntary Life & AD&D for the employee and dependents)
• Short and long-term disability
• Health Spending Account (HSA)
• Transportation benefits
• Employee Assistance Program
• Time Off/Leave (PTO, Vacation or Sick Leave)
o minimum IAT Level III (e.g., CASP+, CISSP, CCSP).
Knowledge/Experience
• DoD RMF under:
o Department of Defense RMF
o National Institute of Standards and Technology SP 800-53
• Preparing and maintaining ATO packages in eMASS
• Collateral Secret system authorization
• Virtualized enterprise environments
• Implementing DISA STIGs, including:
o ESXi STIG
o vCenter STIG
o Windows/Linux STIG
o Network Device STIG
o vulnerability management processes
• vCenter configuration
• NSX microsegmentation
• vSAN secure configuration
Security Implementation
• STIG application & validation
• SCAP scanning tools
• Configuration baseline management
• POA&M development and remediation tracking
• Log aggregation (e.g., SIEM integration)
• Endpoint protection integration (ClaimAV & Symantec Endpoint Protection)
• PKI implementation
Duties
• Develop complete RMF authorization package:
o SSP
o Security Control Traceability Matrix (SCTM)
o POA&M
o Diagrams
Data Flow
Physical
• Map implemented controls to NIST 800-53 Rev 5
• Coordinate with ISSM and AO
• Update eMASS artifacts as required
• Support assessment events and artifact collection
• Ensure all inherited controls are properly documented
• Support annual security reviews
• Track changes under configuration management
o Ensure modifications do not invalidate authorization
• Create, maintain, and participate in Change Management review for requests that affect the SDE ATO
o Assess impact of patches, upgrades, or VCF lifecycle updates
o Support security impact analysis
o Ensure modifications do not invalidate authorization
• Conduct CONMON actions for weekly, monthly, quarterly, annually, and bi-annually tasks as required to maintain SDE ATO
• Assist is updating Collins processes for auditing VCF infrastructure.
• Create and conduct training for auditing the Information System with Collins standard tool (i.e. Splunk, Rapid7 – Nexpose, ClaimAV, Symantec Endpoint Protection)
o Lead and suggest solutions for gaps found in any for compliance with regulations to maintain ATO of Information System
Eligibility requirements apply to some benefits and may depend on your job
classification and length of employment. Benefits are subject to change and may be
subject to specific elections, plan, or program terms. If eligible, the benefits
available for this temporary role may include the following:
• Medical, dental & vision
• Critical Illness, Accident, and Hospital
• 401(k) Retirement Plan – Pre-tax and Roth post-tax contributions available
• Life Insurance (Voluntary Life & AD&D for the employee and dependents)
• Short and long-term disability
• Health Spending Account (HSA)
• Transportation benefits
• Employee Assistance Program
• Time Off/Leave (PTO, Vacation or Sick Leave)
group id: 10105424
Accelerating IT transformation in the public sector
