Job Type

Full-time

Description

NexGen Data Systems is seeking an eMASS Workflow & Control Validation Specialist to support the United States Transportation Command (USTRANSCOM) Senior Information Security Officer (SISO) mission. This role provides technical support for Assessment and Authorization (A&A) activities, acting as the primary point of intake for system compliance packages. The specialist will perform IT audits on complex information systems, applications, and enclaves to ensure that appropriate controls exist, are correctly implemented, and comply with Federal and DoD standards.

The eMASS Workflow & Control Validation Specialist will support eMASS workflow triage, STIG/SCAP IV&V analysis, Package Readiness Reviews (PRR), POA&M mitigation tracking, and risk acceptance engineering. This position requires an intermediate specialist who understands the Risk Management Framework (RMF), possesses strong analytical skills to weigh business needs against security concerns, and can ensure that A&A packages are accurate and ready for Authorizing Official (AO) review.

Roles & Responsibilities:

• Serve as the primary intake support for A&A packages, processing and routing authorization workflows directly within eMASS to ensure rapid throughput and adherence to the 7-day turnaround SLA.
• Perform IT audits and control validation exercises on classified and unclassified networks, applications, and systems to ensure security measures are correctly implemented and effective.
• Conduct deep-dive Independent Verification & Validation (IV&V) of STIG checklists, SCAP automated scans, and ACAS/Vulnerability Management findings.
• Coordinate and facilitate Package Readiness Reviews (PRR) with system owners, ensuring packages meet compliance baselines before formal routing to the AO.
• Monitor and track POA&M mitigation milestones, evaluating closure evidence and maintaining the systemic risk ledger for tenant systems.
• Assist in drafting Risk Acceptance (RA) Memorandums by performing engineering risk analysis on residual vulnerabilities.
• Interpret and apply DoD, USCYBERCOM, and USTRANSCOM cyber policies to assess their impact on current system assessment baselines.
• Provide technical support in vulnerability assessment, risk assessment, and network security, ensuring security controls trace back to valid technical evidence.
• Utilize analytical software (Microsoft Excel/Access) to organize, track, and report on eMASS package velocity and compliance data.
• Communicate technical audit findings to both technical stakeholders and senior management, ensuring clear understanding of security posture and remediation requirements.

Other Duties: Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.

Requirements

Desired/Required Skills:

• Clearance Required: Active Department of Defense Secret clearance.
• Investigation / Position Sensitivity: Non-Critical Sensitive (Formerly IT-II or IT-2). Must possess a favorable Tier 3 (T3) NACLC/ANACI at time of proposal submission.
• Location: On-site at Scott Air Force Base, IL or Government-approved remote/hybrid location as authorized. Availability during Central Time core support hours required.
• Required Experience: Minimum two (2) years of experience working with DoD 8500.2 or NIST SP 800-53 and a solid understanding of the principles of the Risk Management Framework (RMF).
• Required eMASS Knowledge: Strong working knowledge of Enterprise Mission Assurance Support Service (eMASS) for workflow management and package submission.
• Technical Audit Skills: Demonstrated proficiency in performing IT audits on complex systems and identifying gaps in control implementation.
• Analytical Skills: Strong analytical and problem-solving skills for resolving security issues and weighing business needs against security constraints.
• Tool Proficiency: Proficiency in basic analytical software such as Microsoft Excel and Access; proficiency with the Microsoft Office suite (Word, PowerPoint).
• Networking Knowledge: Strong skills implementing and configuring networks and network components (L2/L3 switches, routers, etc.).
• Cyber Baseline Certification: Active DoD 8570.01-M / DoDM 8140 Information Assurance Technical Level II or higher certification and a technical certification form one of the following desired skills:
• Desired Skills: Familiarity with ACAS, Vulnerator, STIG Viewer, SCAP Compliance Checker, and prior experience supporting USTRANSCOM or DLA cybersecurity environments.

Benefits:

• Company covers 100% of premiums for the employee's medical, dental, and vision insurance and subsidizes premiums for spouse and dependents.
• Company provides short and long term disability plans.
• 401(k) match up to 10% of the employee's salary contributions to 401(K) plan.
• Comprehensive training and development program.
• 11 paid holidays and paid time off (PTO) accrual level starts at 15 days annually.