Industry: Professional, Scientific & Technical Services•
Less than 5 years
Posted 67 days ago
Cybersecurity Specialist Level II
Tuvli is an agile and innovative technology company aggressively pursuing a leadership in dynamic markets that support the Department of Defense, Homeland Security and federal civilian agencies.
We continually seek motivated people with professional skills and work experience in an extremely wide range of employment fields—from systems engineering and modernization, to IT and cybersecurity to support personnel for virtually every business operation for today’s military installations. We are a military friendly employer that strongly encourages veterans to bring their relevant experience and expertise on board. What unites us is a passion to deliver the very best value to every Tuvli customer every day we’re on the job
:As part of the USAMEDCOMs transition to the new electronic health record (EHR) and due to new requirements for Cybersecurity through the Risk Management Framework (RMF) it is necessary to certify not only applications and software for servers but also all medical devices and any item that connects not only to the Army MEDCOM network but to the Medical Community of Interest (Med-COI) network.
Incumbent will increase the number of RMF packets being processed and approved for an Authority to Operate (ATO) in the DoD eMASS system, throughout the MEDCOM at all MTFs and Clinics globally, to improve the security posture of the MEDCOM networks. Reduce the amount of time it takes to process a package in the eMASS system from start of a package to the ATO through process standardization for Medical devices, Common IT, and Facility related Control Systems (FRCS) such as Air conditioners and power and generator systems that have embedded IT. Improve the Interaction with packet submitters and reviewers to validate the completeness of packets and to make recommendations on certifications based on reviews of the submitted packets and artifacts.
The Cybersecurity Specialist Level II shall perform the following tasks:
All tasks below will be performed by a Cybersecurity Specialist, with a level II being more expert such as a Subject Matter Expert (SME), and Level I providing basic input and analytical skills consistent with and in compliance with the appropriate certification based on DoD 8570.1-M guidance.
The contractor shall develop and maintain C&A security artifacts such as security plans, contingency plans, risk assessments, privacy impact assessments, incident response plans, configuration management plans, configurations checklists, and interconnection security agreements.
The contractor shall be in compliance with DoD 8570.1-M and all regional and local training requirements according to the latest policies and guidance.
The contractor shall provide the US Government-appointed COR a monthly activity report for each significant action that briefly states what was accomplished. Also, the contractor shall provide trip reports for any location visited for RMF or similar regulatory validation or for any conferences attended. The contractor must write trip reports or weekly activity reports in a format provided by the SCA-V or Contracting Officer’s Representative (COR).
The Contractor shall develop briefing slides that describe tasks completed, ongoing and outstanding tasks for the month, expected completion dates, issues, and concerns. Slide content and delivery schedule may be adjusted by the US Government-appointed SCA-V, the QAE, or the COR.
The contractor shall conduct threat and vulnerability assessments and submit effective measures to minimize such risk to the MEDCOM Cyber Security Program Office.
The contractor shall write and execute test procedures for C&A / A&A effort including STIGs, Nessus/ACAS, Flying Squirrel, Grass Marlin, Wire Shark, CSET, etc.
The contractor shall document residual risks by conducting a thorough review of all the vulnerabilities, architecture and defense in depth and provide the IA risk analysis and mitigation determination results for the Test Report.
The contractor shall travel to CONUS and OCONUS sites to conduct physical and cybersecurity assessments; conduct complete security baseline and inventoryreports and packages.
The contractor in accordance with all applicable DoD, Army and MEDCOM policies shall only use DoD/Army approved IA software products, for performing security scans furnished by the Government for use on DoD/Army computers and networks only.
IAT or IAM Level II certification
IT-II Level Security Clearance
Bachelor’s Degree and 4 years of combined IT and security work experience with a broad exposure to infrastructure/network and multi-platform environments. Requires knowledge of security issues, techniques and implications across all existing computer platforms.