- Function as a Cybersecurity subject matter expert for DoD clients in a fast-paced environment
- Develop DoD RMF Assessment and Authorization (A&A) documentation for Department of the Air Force Human Resource System Division systems
- Process Risk Management Framework (RMF) Assessment & Authorization (A&A) packages to include artifact generation, requirement analysis, security test and evaluation (ST&E) planning and execution, system categorization, security control selection, security control implementation, security control assessment, risk assessment and analysis, and development of Plans of Action and Milestones (POA&M), systems analysis and hardening strategies, incident response and policy analysis, trusted product evaluation, and IA assessments
- Develop and manage security documentation in support of FISMA requirements, e.g., security categorizations, system security plans, privacy impact assessments, configuration management plans, vulnerability assessment reports, etc.
- Lead security risk assessments of information systems and provide critical written and oral analyses of network and system vulnerability scans and Security Technical Implementation Guide (STIGs)
- Detailed understanding of FISMA, NIST 800 series, Federal RMF and ability to articulate such guidelines, policy and processes
- Authoring and maintaining security documentation such as System Security Plans, Risk Assessment, ST&E Plans, Incident Reports, POA&Ms, etc.
- Familiar with penetration testing techniques and web application scanners and firewalls technologies
- Strong knowledge of data network protocols, design and operations, TCP/IP, Ethernets, etc.
- Security+ Required
- Other security certifications (e.g. CISM, CISSP, SSCP) are a plus
- Must have the ability to obtain an Active Secret Security Clearance
- Working knowledge of DIACAP, DoDI 8500.01, DoDI 8510.01, DoD RMF Knowledge Service, and NIST SP 800-37 Risk Management Framework (RMF) principles, concepts, and practices
- Working knowledge of eMASS including version 5.1 which includes RMF
- Experienced working with large corporate, military or other enterprise environments
- Excellent written and verbal communication skills and client focus a must
- Working knowledge of system and network security engineering best practices, and a solid understanding of TCP/IP
- Working knowledge of the SDLC, System Development Life Cycle
- Working knowledge of Configuration Management Program implementation and activities
- Working knowledge of defense in depth, access control mechanisms, auditing mechanisms and validating requirements, and identification and authentication mechanisms
- Working knowledge of Operating System platforms (i.e. Windows, Linux) and approved NSA/DHS/industry hardening methods
- Must be a customer service-oriented
- Must have the ability to work in a dynamic environment and meet projected suspense dates
Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed