Industry: Professional, Scientific & Technical Services•
Less than 5 years
Posted 38 days ago
Tuvli is an agile and innovative technology company aggressively pursuing a leadership in dynamic markets that support the Department of Defense, Homeland Security and federal civilian agencies.
We continually seek motivated people with professional skills and workexperience in an extremely wide range of employment fields—from systems engineering and modernization, to IT and cyber security to support personnel for virtually every business operation for today’s military installations. We are a military friendly employer that strongly encourages veterans to bring their relevant experience and expertise on board. What unites us is a passion to deliver the very best value to every Tuvli customer every day we’re on the job
:As part of the USAMEDCOMs transition to the new electronic health record (EHR) and due to new requirements for Cybersecurity through the Risk Management Framework (RMF) it is necessary to certify not only applications and software for servers but also all medical devices and any item that connects not only to the Army MEDCOM network but to the Medical Community ofInterest (Med-COI) network.
Incumbent will increase the number of RMF packets being processed and approved for an Authority to Operate (ATO) in the DoD eMASS system, throughout the MEDCOM at all MTFs and Clinics globally, to improve thesecurity posture of the MEDCOM networks. Reduce the amount of time it takes to process a package in the eMASS system from start of a package tothe ATO through process standardization for Medical devices, Common IT, and Facility related Control Systems (FRCS) such as Air conditioners and power and generator systems that have embedded IT. Improve the Interaction with packet submitters and reviewers to validate the completeness of packets and to make recommendations on certifications based on reviews of the submitted packets and artifacts.
The Cybersecurity Specialist Level II shall perform the following tasks:
All tasks below will be performed by a Cybersecurity Specialist, with a level II being more expert such as a Subject Matter Expert (SME), and Level I providing basic input and analytical skills consistent with and in compliance with theappropriate certification based on DoD 8570.1-M guidance.
The Contractor shall perform the necessary actions to properly scope the level of validation effort that will be required at each respective medical device/system. This includes any pre-coordination necessary to ensure that thesize and complexity of the device/system is understood and to ensure that theworkload is distributed amongst team members in order to meet the necessary timeframe needed to certify and accredit the device/system. The Contractorshall provide recommendations to the COR to ensure that validation activities are accomplished in the most economical, efficient, and timely manner.
The Contractor shall develop all Risk Management Framework (RMF) documentation needed into meet DoD and Army validation requirements. Documentation must be delivered to the US Army-appointed SCA-V in a timely manner so that system/device meets the go live dates at the MTFs.
The contractor shall review RMF-related publications such as those within theDOD, those within the US Army, and shall provide input on those RMF or similar regulatory processes that are implemented through Army Best Business Practices.The contractor will provide recommendations on draft RMF and IA-related publications and will be tasked to provide input in both written and oral form.
The Contractor shall aid in the RMF process by providing expert advice onthe number of team members required to perform validation activities on each device/system, the amount of time it will take to validate the RMF IA controls on each device or system, and with validating the RMF or similar regulatory controls in accordance with Federal, DOD, and US Army RMF or similar regulatory requirements.
The Contractor shall provide ongoing verbal/email assistance to thenecessary personnel who are performing the RMF or similar regulatory validation activities or who are working to fix IA controls.
The contractor shall develop and maintain C&A security artifacts such as security plans, contingency plans, risk assessments, privacy impact assessments, incident response plans, configuration management plans, configurations checklists, and interconnection security agreements.
The contractor shall be in compliance with DoD 8570.1-M and all regional and local training requirements according to the latest policies and guidance.
The contractor shall provide the US Government-appointed COR a monthly activity report for each significant action that briefly states what was accomplished. Also, the contractor shall provide trip reports for any location visited for RMF or similar regulatory validation or for any conferences attended. The contractor must write trip reports or weekly activity reports in a format provided by the SCA-V or Contracting Officer’s Representative (COR).
The Contractor shall develop briefing slides that describe tasks completed, ongoing and outstanding tasks for the month, expected completion dates, issues, and concerns. Slide content and delivery schedule may be adjusted by the US Government-appointed SCA-V, the QAE, or the COR.
The contractor shall conduct threat and vulnerability assessments and submit effective measures to minimize such risk to the MEDCOM Cyber Security Program Office.
The contractor shall write and execute test procedures for C&A / A&A effort including STIGs, Nessus/ACAS, Flying Squirrel, Grass Marlin, Wire Shark, CSET, etc.
The contractor shall document residual risks by conducting a thorough review of all the vulnerabilities, architecture and defense in depth and provide the IA risk analysis and mitigation determination results for the Test Report.
The contractor shall travel to CONUS and OCONUS sites to conduct physical and cyber security assessments; conduct complete security baseline and inventory reports and packages.
The contractor shall conduct testing for the integration of proposed new technologies to be included in the enterprise design. The contractor shall research and analyze current DoD and Department of the Army (DA) policies and recommend mitigation strategies.
The contractor shall perform threat, security audits, vulnerability, and conduct risk assessments based on scans and other data pertaining to each system within the eMASS
The contractor shall assist in the maintenance of the current network and systems certification and accreditation statement (ATO), and when directed initiate continuing or re-accreditation processes and procedures when changes effecting the accreditation of the network or attached systems have occurred.
The contractor in accordance with all applicable DoD, Army and MEDCOM policies shall only use DoD/Army approved IA software products, for performing security scans furnished by the Government for use on DoD/Army computers and networks only.
IAT or IAM Level II certification
IT-II Level Security Clearance
Bachelor’s Degree and 4 years of combined IT and security work experience with a broad exposure to infrastructure/network and multi-platform environments. Requires knowledge of security issues, techniques and implications across all existing computer platforms.
Ability to work under tight deadlines. Time management skills, including organization, coordination of duties, and/or accomplishment of goals
Prospective employees will receive consideration without discrimination because of race, color, religion, creed, gender, national origin, age, disability, marital status, veteran status, sexual orientation, or any other legally protected status.
Req ID: TUV01280