Job Description

• Ensure the organization complies with all security principles and policies under the RMF and FISMA.
• Prepare A&A packages for Government review and validation.
• Ensure authorization packages meet mandatory requirements for approval by the Authorizing Official (AO).
• Provide A&A information to the AFCEC CBS IA Lead for appropriate tracking.
• Identify and analyze threats and vulnerabilities to information systems to maintain the appropriate level of protection.
• Perform risk analysis, testing, and assessments when modifications and/or changes occur to applications/systems.
• Execute computer security plans and enforce mandatory access control techniques to prevent unauthorized persons from using network facilities.
• Limit access to privileged programs (i.e., operating system, system parameter and configuration files, and databases), utilities, and security-relevant programs/data files to authorized personnel.
• Evaluate unusual circumstances to recognize and define potential vulnerabilities, and select and oversee the installation of physical and technical security barriers to prevent others from improperly obtaining such information.
• Identify, manage, and verify cybersecurity requirements in the same manner as all other system requirements.
• Identify the requirements that are security critical, and identify and establish corresponding controls for these requirements.
• Ensure and document bi-directional traceability between security controls and requirements.
• Implement the applicable cybersecurity controls through the systems engineering technical processes including stakeholder requirements definition, requirements analysis, architecture design, implementation, integration, and verification and validation (V&V).
• Include cybersecurity RMF activities and events on the IMS.

Qualifications

5+ years experience in an information assurance or cyber security role. Bachelor’s degree in a related field. Must be Security+ certified. Experience with the certification and accreditation process. Experience with Risk Management Framework. Significant experience in vulnerability scanning and analysis, including the use of automated tools and vulnerability management systems. Knowledge of intrusion prevention and network access control tools/systems. Understanding of system audit principles and security risk assessment. Must have a solid understanding of network infrastructure and mission assurance. Familiar with Federal government and DOD standards for IA/security including DIACAP, FISMA, NIST, and OMB. Must have solid communications skills and be capable of working with all levels of an organization. Must be a US citizen and hold an active Secret clearance.

Applicants selected will be subject to a U.S. government security investigation and must meet eligibility requirements for access to classified information.

Additional Information

All your information will be kept confidential according to EEO guidelines.