Job Description

Job Responsibilities:

• Develop and maintain IS security program and policies for assigned areas of responsibility.
• Oversee operational IS security implementation policy and guidelines.
• Monitor system vulnerabilities, attacks, and recovery processes to ensure compliance with security requirements.
• Conduct security assessments, tests, and reviews; take corrective measures when incidents or vulnerabilities are discovered.
• Ensure proper configuration management and adherence to system security procedures as outlined in the SSP.
• Develop and update System Security Plans (SSP), manage and assess the impact of system changes.
• Maintain and analyze user activity monitoring data in accordance with ITPSO policies.
• Develop and maintain POA&Ms to track and mitigate IS weaknesses.
• Ensure all users have required security clearances and understand their security responsibilities.
• Assist Program Managers and ISSM with SSPs, POA&Ms, Risk Assessments, and Continuous Monitoring Strategies.
• Conduct vulnerability scanning, configuration assessments, and remediation.
• Align IT security priorities with organizational security strategies.
• Participate in compliance assessments and interpret noncompliance patterns for risk impact.
• Ensure systems are operated, maintained, and disposed of in compliance with organizational security policies.
• Support compliance activities and ensure that security configuration guidelines and remediation plans are followed.
• Promote security awareness and sound security practices across the organization.
• Prepare technical documentation, incident reports, and situational awareness summaries for key stakeholders.
• Participate in occasional off-hours or weekend work to support mission requirements or inspection deadlines.

Skills:

• System Auditing (4 years)
• Regulatory & Compliance (4 years)
• STIGs/SCAP (4 years)
• Assessing Security Controls (CS105.16) – 4 years
• Assessment and Authorization (4 years)
• Authorizing Systems (CS106.16) – 4 years
• Categorization of the System (CS102.16) – 4 years
• Continuous Monitoring (CS200.16) – 4 years
• Implementation of Controls (CS104.16) – 4 years
• Monitoring Security Controls (CS107.16) – 4 years
• NIST 800-53 (4 years)
• NIST SP 800-37 (4 years)
• Risk Management Framework (RMF) (4 years)
• Selecting Security Controls (CS103.16) – 4 years
• Nice to Have: HBSS, NIST 800-171

Education/Experience:

• Bachelor’s Degree (Preferred)
• Current DoD 8570 IAT Level II Certification (Security+ CE, GSEC, SSCP, CCNA-Security) – Required
• Active Top Secret Clearance with SCI Eligibility (CI Polygraph may be required)
• 4+ years of relevant experience in cybersecurity and information assurance
• Security Plus is the minimum 8570 certification requirement

Job Tags

Similar Jobs