Role and Responsibilities

Responsibilities and duties may include, but are not limited to:

- Ensure systems are operated, maintained, and disposed of in accordance with security policies and procedures

- Generate and maintain required IS security documentation including Systems Security Plans (SSP), Information Assurance Standard Operating Procedures (IA SOP), Continuous Monitoring Plans, Security Control Traceability Matrices, Risk Assessments, Plan of Action & Milestones (POA&M), equipment specifications, practices, and procedures

- Maintain customer-required Information Assurance (IA) certifications

- Maintain day-to-day security posture and continuous monitoring of classified ISs

- Schedule, perform and maintain records of required IS auditing, patching, maintenance, software/hardware changes, and scanning based on evolving threat/vulnerabilities and customer compliance requirements

- Develop and conduct test procedures for verification Assessment and Authorization (A&A), Risk Management Framework (RMF) safeguards to meet customer requirements based upon NISPOM, DAAPM, JSIG and related NIST publications

- Employ customer-approved procedures for sanitizing and releasing system components and media

- Maintain a repository of security authorizations for ISs under the office's purview

- Assess changes to an IS by performing periodic self-inspections, tests and reviews of the IS program to ensure that systems are operating as authorized/accredited and that conditions have not changed; ensure corrective actions are taken for identified findings and vulnerabilities

- Maintain a working knowledge of IS functions, security policies, technical security safeguards, and operational security measures

- Coordinate with Facility Security Officer (FSO) and Contractor Program Security Officers (CPSO) to define, implement and maintain information security policies, strategies, and procedures

- Implement policies and procedures for responding to security incidents, and for investigating and reporting security violations and incidents

- Ensure the development, documentation, and presentation of classified IS security education, awareness, and training activities

- Must be a team player and be able to work within all levels of a project team

- Excellent time management, scheduling, and organizational skills

- Ability to work well independently as well as follow detailed instructions for completing task

Qualifications and Education Requirements

- Top Secret security clearance with current SCI eligibility

- Special Access Program experience

- Five (5) years of experience working in an IA-related field

- Familiarity with security procedures while working in a SCIF/SAPF environment

- In-depth knowledge of Microsoft Windows OS (client and server)

- CompTIA Security+ or higher-level DoD 8570.01/8140.03 certification

- High School Diploma or GED Required

- Certification in one or more of the following must be able to be obtained within 6 months of hire: ISC2 Certified Information Systems Security Professional (CISSP), ISC2 Certified in Governance Risk & Compliance (CGRC), ISC2 Systems Security Certified Practitioner (SSCP), ISACA Certified Information Security Manager (CISM), GIAC Industrial Cyber Security Certification (GICSP), GIAC Security Essentials (GSEC), GIAC Cyber Security Leadership (GSLC), CompTIA Cybersecurity Analyst + Certification (CySA+), or CompTIA Advanced Security Practitioner + (CASP+)

Desired Education / Experience:

- Bachelor's degree in Computer Science, Information Technology, Information Security, or related field

- Eight (8) years of experience working in an IA and/or IT-related field

- Experience with Linux operating system (RedHat Enterprise Linux)

Required Skills:

- Experience with A&A documentation and system authorization artifacts

- Knowledge of federal security requirements and mandates (e.g., RMF, Federal Information Processing Standards (FIPS), National Standards of Information Technology (NIST))

- Experience with security architectures, firewalls, and network access

- Experience with risk managed downloads, IS sanitization and destruction, PEDs, contaminations, incident response, virus scanning, privileged user access, and hardware/software configuration management

- Excellent oral and written communication skills

- Strong organizational skills and ability to manage multiple tasks concurrently

- Excellent time management, scheduling, and organizational skills

- Ability to work well independently as well as follow detailed instructions for completing tasks

- Must be a team player and be able to work within all levels of a project team

Desired Skills:

- Experience using security hardening, collection and assessment tools (e.g. SCAP, Nessus, Splunk, etc.)

- Strong Microsoft Windows background with some knowledge of UNIX/LINUX

- Knowledge of various computer software applications, hardware platforms, networking components and LAN/WAN architecture

- Experience working with Defense Counterintelligence and Security Agency (DCSA)

- Experience with eMASS

- Experience with external systems and procurement of hardware

Travel Statement: Limited travel required

Clearance:

• Must possess an active TS/SCI security clearance
• SAP experience is desired but not required

#LI-BG1

#MTSI