Senior Cyber Security Specialist

OBXtek Inc.

$100K — $130K *
Aerospace & Defense
8 - 10 years of experience
Job Overview by Ladders

Qualifications

  • Active Secret Clearance
  • 8-10 years of Cyber Security/IA experience, preferably with the Army
  • Experience with IA and security standards, procedures, and policies
  • Familiarity with both commercial and military standards for Army communication sites
  • Bachelor's Degree in Computer Science or related field; Master's preferred
  • IAT Level II certification or equivalent (e.g., CCNA Security, Security+ CE, CySA)

Responsibilities

  • Identify and resolve complex Cybersecurity/IA problems using advanced methods.
  • Develop briefings for leadership consensus on security solutions.
  • Oversee network security implementation and policy adherence.
  • Ensure security controls protect the integrity and confidentiality of information.
  • Analyze system changes for security implications.
  • Facilitate Cyber IPT participation for assigned projects.
  • Prepare detailed documentation for Independent Validation and Verification (IV&V).

Benefits

  • Opportunities for professional development and training
  • Supportive work culture with a focus on innovation
  • Access to advanced cybersecurity tools and resources
  • In-house expertise and mentorship from senior professionals
  • Potential for career advancement within the organization
Full Job Description
Responsibilities

OBXtek is currently staffing for a SeniorCyber Security Specialist supporting the Army's United Network Modernization (UNM) organization. Place of performance will be Fort Belvoir, VA.

This person will work on high-visibility or mission critical aspects of a given program and performs all functional duties independently.

Major Duties and Responsibilities:

  • Provide assistance in identifying and resolving highly complex Cybersecurity/Information Assurance (IA) problems which are not subject to resolution through conventional methods.
  • Provide assistance in the development of Cybersecurity/IA briefings to obtain leadership/management consensus/approval on potential security solutions.
  • Provide assistance in network security implementation, including preparation and oversight of the execution of policies and procedures to ensure the continuous security of project architectures.
  • Provide assistance in the oversight to ensure implemented security safeguards are adequate to assure the integrity, availability, and confidentiality of the information being processed, transmitted, or stored are consistent with the level of sensitivity of that information.
  • Provide analysis of information processing needs and proposed system changes for security requirements and implications.
  • Participate in regular Cyber IPTs for assigned projects as required.
  • Ensure that the independent IV&V is scheduled and executed.
  • Perform a complete system self-assessment prior to the IV&V with CY in attendance; consistently communicate with the major CY stakeholders of all assigned projects
  • Be responsible for all CY actions (at a minimum any Interim Authority to Test (IATT), Authority to Connect (ATC), Authority to Operate (ATO) using the security controls of CNSSI-1253 and include life-cycle CY maintenance of the system; have experience with Enterprise Mission Assurance Support Service (eMASS).
  • Deliver to the CY a weekly progress report that documents the RMF.
  • Provide engineering design that incorporates IA criteria for the components IAW applicable Army Regulations (ARs), DoD regulations, and DISA STIGs.
  • Provide for the system scanning with DISA approval ACAS and SCAP vulnerability scanning tools during a self-assessment of the entire system(s).
  • Discovered vulnerabilities, Not Applicable (N/A) security controls and mitigation actions will be recorded in a Plan of Action and Milestones (POA&M) template formatted per NIST 800-18 (current).
  • Plan, coordinate, and ensure that the Independent Validation and Verification (IV&V) is funded, planned, and executed with the local ICAN ISSM or appropriate USG CY representative.
  • Ensure the hardware/software inventory demonstrates compliance with the Unified Capabilities UC APL for all software in the SDP and EIP.
  • Ensure that the Network Topology Diagram in the, OV-1, SV-1 format and the Data Flow Logical Diagram in the SV-2 format demonstrate adequate security controls compliant with CNSSI-1253 to protect the System in the System Design Plan (SDP) and EIP.
  • Ensure the diagrams are prepared in the Department of Defense Architecture Framework (DoDAF) format.
  • Confirm the IA Test Plan defines all appropriate STIGs to be applied to the System, vulnerability scans to be conducted, remediation and system hardening efforts to secure the System.
  • Ensure that each contract and project integrator shall provide patching, system hardening, fixing, and mitigating findings from vulnerability scan results or manual assessments on a system POA&M template found in NIST 800-18.
  • Submit a POA&M for the system to include identification of control vulnerabilities for Non-compliant Test Result findings, corrective actions with mitigation/resolution alternatives and associated risk analyses, and Not Applicable (N/A) findings to include the reason why the security control is N/A and the artifact that validates this status. For each RMF security control an artifact will be included.
  • Utilize vulnerability scanning tools and execute the vulnerability scans using an Army approved method (e.g., Assured Compliance Assessment Solution (ACAS)).
  • Analyze the vulnerability scan results to include non-compliant findings.
  • Submit artifacts to the Enterprise/ICAN ISSM, if agreeable, or have the ability to create and modify a separate eMASS package.
  • Provide a CNSSI-1253 Excel spreadsheet that includes security control its ID number (AC-1, AC-2(1), security control title, status of each security control (Compliant, Not Compliant, N/A, Inherited) and the artifact that validates the status.
  • Produce a separate traceability matrix showing each hardware device, the software on each device and the DISA STIG used to harden the software.
  • Work on high-visibility or mission critical aspects of a given program and performs all functional duties independently.
  • May oversee the efforts of less senior staff and/or be responsible for the efforts of all staff assigned to a specific job.


Travel: Some travel can be expected (both OCONUS and CONUS)

Work Schedule: 100% In-Office at Fort Belvoir, VA

Qualifications

Active Secret Clearance
  • 8-10 years experience of related experience performing a variety of Cyber Security/ IA coordinating security programs for the Army preferred.
  • Implementing IA and security standards, procedures, doctrine and policies
  • Knowledgeable of commercial and military standards and best practices applicable to Army communication sites

Education/Certification
  • Bachelor's Degree in Computer Science or related field; prefer Master's Degree in Computer Science or related field

Desired
  • IAT Level II (CCNA Security, Security+ CE, CySA, GICSP, GSEC, CND, SSCP)


Security Clearance

Secret

Similar Jobs

More Jobs at OBXtek Inc.

More Aerospace & Defense Jobs

Find similar Senior Cyber Security Specialist jobs: