• Ensure compliance with all Information Assurance policies and requirements
• Provides configuration management planning
• Describes provisions for configuration identification, change control, configuration status accounting, and configuration audits
• Regulates the change process so that only approved and validated changes are incorporated into product documents and related software
• Establishes and maintains configuration and data management policies and procedures to be utilized by department personnel
• Organizes and implements the process of evaluating performance against established policies and procedures to ensure hardware and documentation integrity is being maintained
• Ensuring compliance with cybersecurity requirements by DoD and DoD Component cybersecurity and information assurance policies and guidance
• Supporting the PM in the development of a POA&M and budget that addresses the implementation of cybersecurity requirements throughout the lifecycle of the system
• Supporting implementation of the Risk Management Framework (RMF)
• Maintaining and reporting systems assessment and authorization status and issues by DoD component guidance
• Providing direction to the Information System Security Officer (ISSO) by DoDI 8500.01
• Coordinating with the organization's security manager to ensure issues affecting the organization's overall security are addressed appropriately
• Continuously monitoring the system or information environment for security-relevant events and configuration changes that negatively affect security posture
• Periodically assessing the quality of security controls implementation against performance indicators

Skills: Policy Compliance, Configuration Management, Change Control, Risk Management, Security Monitoring, Status Reporting, POA&M Development, RMF Support

• Continuous upkeep, monitoring, analysis, and response to Information System, network and security events
• Build a weekly activity report and metrics slide
• Provide annual assessment support
• Documents compliance actions within the approved automated compliance tracking system or develops a Plan of Action and Milestones (POAM) to address non-compliance in the allotted time frame
• Develop procedures and documentation to ensure compliance with configuration management (CM) for security-relevant IS software, hardware, and firmware
• Author all required information system security-related documentation as required by cognizant security authority and IAW RMF, NIST, SAPSAR, ICD and published standards
• Ensures systems are operated, maintained, and disposed of by internal security policies and practices outlined in the System Security Plan (SSP), Standard Operating Procedures (SOP), and customer directives
• Ensures records are maintained for workstations, servers, software, routers, firewalls, network switches, crypto, and other relevant hardware equipment throughout the information system's life cycle
• Evaluates proposed changes or additions to the information system, and advises senior site leadership of the security relevance
• Lead conduct security, IS education and training
• Participates in internal and external security audits, inspections, performs risk assessments and Continuous Monitoring
• Lead investigations and remediation of computer security violations and incidents, reporting to both the Facility Security and Senior Program Managers
• Ensure proper protection and or corrective measures have been taken when an incident or vulnerability has been discovered
• Working with the Facility Security Officer (FSO) to develop, implement and manage a formal Information Security
• Oversee the completion of entry/exit forms for equipment and media entering secured areas
• Conduct vulnerability scans of external media
• Serve as alternate PKI registered agents
• Lead the authorization process for new hardware and software requests
• Author, review and update operation instructions (OIs) and assessment and authorization documentation (Body of Evidence) to support re-authorization activities

Skills: Security Monitoring, Risk Assessment, Documentation Management, Compliance Tracking, Change Evaluation, Incident Response, Vulnerability Scanning, Training Leadership

• Provide support to the CISO for all security-related tasks
• Provide support to the organization’s IT system security Assessment and Authorization (A&A) activities
• Provide support to update system security plans and the plan of action and milestones in the security assessment and management tool to reflect changes to the IT system
• Assist in identifying deficiencies (POA&M) and providing recommendations for remediation
• Assist in performing security impact assessments and evaluations
• Assist in the development and update of information technology security policies, guidelines, and procedures
• Participate in the change management process and assess the security impact of proposed changes
• Work with the Security Analyst on the Hosting Operations Team to address and remediate security vulnerabilities
• Support SBA’s annual Incident Response and Contingency training development and presentation
• Assist in the development of Incident Response and Contingency Plans and Test Plans
• Assist in Security Control Assessments and Security Control Assessment Reporting

Skills: Authorization Support, POA&M Tracking, Security Assessment, Policy Updates, Change Evaluation, Vulnerability Management, Incident Handling, Control Testing

• Provides security engineering support for planning, design, development, testing, demonstration, and integration of information systems
• Develop System Security Plan using Risk Management Framework (RMF) for Information Technology (IT)
• Develop and adjudicate of Plan of Action and Milestones (POA&M)
• Provide oversight of STIG and domain Security implementation
• Analyze and mediate STIG findings
• Develop and Maintain Program System Security Plans
• Develop and Maintain Program Protection Plans
• Coordinate Operational Cybersecurity Issues
• Provide Security incident management oversight
• Provide oversight of the program, Federal Information Security Management Act (FISMA) Compliance
• Oversight of Cybersecurity-related Test and Evaluation

Skills: Security Engineering, RMF Planning, POA&M Management, STIG Implementation, STIG Analysis, Security Documentation, Incident Oversight, FISMA Compliance

• Conducting in-depth reviews of authorization packages and artifacts within the Enterprise Mission Assurance Support Service (eMASS)
• Reviewing, analyzing, and reporting on current Authorization status and Authorization Termination Dates (ATD) for all systems within the NAVIFOR portfolio
• Reviewing Security Assessment Plans, System-Level Continuous Monitoring Plans, Implementation Plans, Security Control Tailoring Plans, Plans of Action and Milestones, and Security Assessment Reports (SAR)
• Reviewing completed Assured Compliance Assessment Solution (ACAS) scans and Security Technical Implementation Guide (STIG) checklists
• Performing all coordination functions with the Security Control Assessor Liaisons and Navy Authorizing Official Cyber Security Analysts (CSA) for Security Authorization Package review, processing requirements, and issues associated with Checkpoint schedules
• Maintain a real-time status of all supporting commands’ authorization packages via the currently approved database, and make determinations if there are risk posture changes when system modifications are requested for authorized systems
• Brief status of RMF package reviews and recommendations for concurrence to NAVIFOR PSO
• Provides eMASS record maintenance/documentation
• Self-assessment of Security Controls
• Maintain Hardware/Software list
• Upload ACAS scans into the asset module for over 4000 devices
• Generate and track POA&M items
• Coordinate updating and maintenance of the Network and Dataflow diagrams
• Prepares documentation from information obtained from the customer using accepted guidelines such as RMF (Risk Management Framework)
• Provide Assessment and Authorization (A&A) Support
• Provide Documentation and Knowledge Management
• Update and standardize Policy and Procedure documents
• Create Calendar/Notification/Tickets for significant events/due outs

Skills: Authorization Review, RMF Assessment, STIG Compliance, ACAS Analysis, Package Coordination, Risk Tracking, POA&M Management, Documentation Support

• Design, implement and maintain network services to support mission requirements
• Monitor and report network performance metrics
• Develop, implement and update backup and recovery procedures
• Troubleshoot and remediate network outages and/or errors
• Ensure the availability and operability of hardware to support missions
• Maintain Security Template Implementation Guidelines (STIG) compliance
• Manage web and SharePoint Management
• Forecast hardware and software requirements
• Coordinate lifecycle equipment replacement
• Maintain networking equipment and software
• Manage software licenses and provide customer support

Skills: Network Services, Performance Monitoring, Backup Procedures, Outage Remediation, Hardware Support, STIG Compliance, SharePoint Management, Equipment Forecasting

• Prepare and maintain assessment and authorization packages to obtain approvals to operate IAW ICD503, CNSS 1253 and NIST 800-53's applicable revision
• Lead the quarterly Federal Information Security Management Act audits
• Preparing for and conducting command cyber readiness inspection, self-inspections/audits, and audit activities
• Design and develop IA or IA-enabled products, interface specifications, and approaches to secure the environment
• Manage multiple high-visibility security projects and adjust to quick shifts in customer priorities while meeting all mission requirements
• Directs activities that have a significant impact on the achievement of results for the project/function
• Builds and develops cloud and big data system architecture artifacts for communications and managerial decision makers, supporting funding, strategic vision/roadmaps, and tactical projects
• Develop a site assessment plan for compliance and Security System Plans (SSP) for the agency authorization for two networks
• Solves problems and issues with limited information
• Conducts an extensive investigation to understand the root cause of problems
• Problems are highly complex and typically involve multiple families, projects, or customers
• Keeps Security Services Manager and (internal and external) customers abreast of risks, impacts and constraints to security projects
• Negotiates and influences others to understand and accept new concepts, practices and approaches
• Ensures records are maintained for workstations, servers, software, routers, firewalls, network switches, crypto, and other relevant hardware/equipment throughout the information system's life cycle

Skills: Authorization Packages, FISMA Audits, Security Inspections, IA Product Design, Project Management, Cloud Architecture, Site Assessment, Risk Communication

• Performs functions to secure, collect artifacts, assist in A&A events, track vulnerabilities and POA&Ms to maintain a secure system posture
• Works closely with DC3 CISO and other ISSOs as part of the DC3 security team
• Plan, implement, upgrade, or monitor security measures for the protection of computer networks and information
• Ensure appropriate security controls are in place that will safeguard digital files and vital electronic infrastructure
• Respond to computer security breaches and viruses
• Provides technical/management leadership on major tasks or technology assignments
• Establishes goals and plans that meet project objectives
• Directs and controls activities for a client, having overall responsibility for financial management, methods, and staffing
• Ensure that technical requirements are met
• Client negotiations and interfacing with senior management
• Decision-making and domain knowledge may have a critical impact on overall project implementation

Skills: Artifact Collection, A&A Support, Vulnerability Tracking, Security Monitoring, Breach Response, Technical Leadership, Client Management, Project Planning

• Develop a world-class and sustainable customer assurance program supporting the activities that help build trust with external parties
• Coordinate and manage responses to customer enquiries, including contributing to Request for Proposals (RFP), automating responses to customer security enquiries, and diligence assessments
• Attending customer security calls
• Mature customer-facing security documentation such as security white papers and frequently asked questions
• Own and improve software and tooling used for assurance activities
• Partner with go-to-market and marketing teams and be a thought leader for security at the company and in the market, helping create content (blogs, white papers, FAQs, etc.)
• Discuss and share accurate information regarding security programs
• Understand the impact of security in the go-to-market pipeline and report on trends 
• Support legal teams in contract review activities to ensure security contract clauses are appropriate
• Develop metrics and reporting to demonstrate the status and progress of the customer assurance and trust program

Skills: Customer Assurance, RFP Response, Security Communication, Documentation Development, Tool Management, Content Creation, Contract Support, Metrics Reporting

• Assess organizational progress against existing security strategies, plans, or directives
• Provide information security expertise and consulting
• Implement an information security framework
• Plan, design, and implement security-related technologies
• Ensure new and existing products conform to information security policies, standards, and best practices
• Review new and existing system designs for compliance with security standards and best practices
• Analyze existing security strategies, roadmaps, and implementation plans
• Analyze alternatives in response to customer requirements
• Cross-train and mentor other staff members
• Develop policy, programs, and guidelines for implementation

Skills: Security Assessment, InfoSec Consulting, Framework Implementation, Technology Planning, Policy Compliance, Design Review, Strategy Analysis, Staff Mentoring

• Conducts site visits for TEMPEST Annual Reviews for secured area, certified for Classified Information data, Voice and video transmission
• Conducts site visit, Triannual Assessments for each package
• Consolidates all secure areas into a unit and a building
• Performs Cyberspace Infrastructure Planning System (CIPS) work order requirements for all new areas, establishing a new CAA or modifying the classified equipment within a CAA
• Provides Security and TEMPEST expertise and guidance to new and renovating building projects, design reviews with Secure Network requirements
• Clarifies physical, information and TEMPEST guidance in meetings, briefings, and emails, etc., concerning new and existing secure areas
• Provide guidance and requirements to USTRANSCOM and SDDC personnel to comply with USAF TEMPEST standards for 375th AMC, provided SIPR Network connectivity
• Prepares all of the accreditation packages
• Monitors patching and STIG compliance

Skills: Site Assessments, TEMPEST Reviews, Secure Planning, CIPS Management, Design Guidance, Standards Compliance, Accreditation Packages, STIG Monitoring

• Manage the security policies and procedures, ensuring information reliability and defense against unauthorized access
• Analysis of information assurance alerts, bulletins, and advisories for territory impact
• Review and technical inspection of security systems, identifying and mitigating potential security weaknesses, and ensuring system functionality
• Assess compliance of certifications and accreditations according to the Assessment and Authorization (A&A) process
• Understand security measures related to computer networks and software testing and validation procedures, programming and documentation (Cloud Security, Application Security, Vulnerability Management, Machine Learning, AI Sandboxing)
• Understand security plans that implement systems and procedures to effectively secure company information, infrastructure, intellectual property, and users against accidental or unauthorized modification, destruction or disclosure
• Work autonomously in an area of specialization to analyze internal security and provide relevant information to internal and external customers, suppliers, and partners
• Understand and interpret security services that are offered on a platform, to include 3rd party services
• Work with assigned system stakeholders to understand their cloud infrastructure to adequately support the mission
• Perform computer incident response and remediation practices as outlined in NIST 800-61 (Computer Security Incident Handling Guide) and DHS 4300A Sensitive Systems Policy Handbook, Attachment F Incident Response
• Assist with the implementation of monitoring capabilities for various audiences - developers, business owners, security, and infrastructure
• Analyze all platform-level, network changes and monitor the impact and provide appropriate technical solutions to resolve issues efficiently
• Evaluate and document the operating baseline according to the required standards
• Provide oversight of application packaging to ensure automation is being utilized for both the application and infrastructure builds throughout the development, test, and production environments
• Utilize in-depth knowledge of infrastructure components (VMs, Security Products, Network ports and protocols, Databases, Middleware and open source code)
• Support DevOps in an enterprise environment to build, maintain and sustain an enterprise information technology DevOps operational model

Skills: Policy Management, Risk Analysis, Security Inspection, A&A Compliance, Cloud Security, Incident Response, Infrastructure Monitoring, DevOps Support

• Learn about Apptio’s products, services, and operations
• Learn about internal security and privacy policies, controls, tools, and technologies and the overall security posture
• Maintain customer-ready documentation on Apptio’s security and privacy policies, controls, and the overall security posture
• Respond to inquiries and assessments from prospects, partners, and customers
• Perform Third-Party Risk Assessments
• Maintain awareness of national and international standards regarding security and privacy
• Keep abreast of current and emerging security-related tools and technologies and recommend improvements to the overall security posture
• Plan, implement, upgrade, or monitor security measures for the protection of computer networks and information
• Assess system vulnerabilities for security risks, and propose and implement risk mitigation strategies
• Ensure appropriate security controls are in place that will safeguard digital files and vital electronic infrastructure
• Respond to computer security breaches and viruses

Skills: Security Knowledge, Policy Awareness, Documentation Management, Inquiry Response, Risk Assessment, Standards Monitoring, Threat Mitigation, Breach Response

• Work with USCG program offices to apply IA and cybersecurity laws, policies, and directives to DHS programs and systems
• Provide technical IA and cybersecurity analysis support to the Program Office
• Provide technical IA and cybersecurity expertise to develop acquisition cybersecurity documentation
• Participate in the security design and review of the USCG system architectures
• Assist System Owners in completing the RMF process
• Assess and recommend cybersecurity controls for tactical systems that operate in unique environments
• Evaluate next-generation technologies and architectural frameworks for implementation within high-stress performance environments
• Evaluate Engineering Change Proposals (ECPs) and similar artifacts for impacts to security postures
• Assess and allocate cybersecurity controls for tactical systems that operate in unique environments
• Work directly with fleet commands to implement TTPs within USCG activities
• Assist with the design and evaluation of Cross Domain Solutions (CDSs)

Skills: Policy Application, Technical Analysis, Documentation Support, Architecture Review, RMF Assistance, Control Assessment, ECP Evaluation, CDS Design

• Act as the Cybersecurity Subject Matter Expert (SME) for all design, development, and integration activities associated with the EWOCS Program
• Ensuring that all required security functions are implemented IAW DoDI 8510.01 and compliant with DoDI 8500.01 without impacting system functionality
• Ensure all designs, modifications and implementations comply with DISA Security Technical Implementation Guides (STIGs)
• Perform security audits, vulnerability/risk assessments, system updates and patching
• Develop a Plan of Action and Milestones (POA&M) for non-compliant security controls
• Develop policies, plans and procedures, including Incident Response, Disaster Recovery/Continuity of Operations and Cybersecurity Implementation Plans
• Act as the primary technical interface to the government and contract partners for recurring status and technical interchange meetings
• Execute Site Assistance Visits (SAVs) to ensure regulatory compliance with Command Cyber Operational Readiness Inspection (CCORI), Public Key Infrastructure (PKI), North Atlantic Treaty Organization (NATO), and Balanced Survivability Assessment (BSA)
• Track and report completion/closure of inspection findings documented in POA&Ms and other action items in the Inspection Findings Reports
• Identify systems and assets that are not sufficiently assessed through automated scanning or routine, periodic assessments and recommend and/or conduct customized, manual assessments of systems to ensure proper evaluation for compliance
• Track and maintain Post Inspection Finding, Remediation and Plan of Actions and Milestones (POA&M) Status Report for all inspections
• Validate remediation of the findings or submit the artifacts/or POA&Ms to the inspecting organization for approval

Skills: Cybersecurity Oversight, STIG Compliance, Risk Assessment, POA&M Development, Policy Creation, Technical Interface, SAV Execution, Inspection Tracking

• Experience in performing network defense and cyber analysis, including detection, response, mitigation, and reporting cyber threats
• Experience in assessing security controls based on cybersecurity principles and tenets
• Experience with using network analysis tools to identify vulnerabilities
• Knowledge of computer networking concepts and protocols and network security methodologies
• Knowledge of information technology (IT) security principles and methods
• Experience with the Department of Defense or the Department of the Navy in cybersecurity and network operations
• Ability to work independently with minimal supervision
• Excellent verbal and written communication skills
• Must have System Security Certified Practitioner (SSCP) Certification

Qualifications: BS in Information Assurance with 6 years of Experience

• Experience with ACAS/Nessus, SCAP Compliance Checker, STIG Viewer, and Wireshark
• Possess an active DoD 8570.01-M Information Assurance Technical (IAT) II certification (Security+, SSCP, GSEC, CCNA Security, GICSP)
• Experience with Enterprise Mission Assurance Support Service (eMASS)
• Must have an active Secret security clearance
• Possess active Information Assurance Management (IAM) II certification (CISSP, CISM, CAP, CASP)
• Possess an active Computing Environment certification (Cisco, Juniper, RedHat, Windows)
• Knowledge or experience with Vandenberg Air Force Base (VAFB) and/or Missile Defense Agency (MDA) systems
• Self-driven and results-oriented, capable of effectively working on multiple tasks
• Experience leading a security team and interacting with external customers
• Strong verbal and written communication skills, including proficiency with MS Office Suite

Qualifications: BS in Cybersecurity with 5 years of Experience

• Advanced understanding of software installation and configuration
• Solid understanding of the Risk Management Framework (RMF) and the System Development Life Cycle (SDLC)
• Understanding of hardware and software engineering best practices
• Demonstrated analytical and problem-solving skills
• Must meet eligibility requirements for work assignment on the specified contract
• Experience collaborating with diverse IC stakeholders to drive consensus and forward progress
• Ability to identify changes to processes and activities and help to implement continuous improvement solutions
• Must have Certified Cloud Security Professional (CSSP) or equivalent cloud computing certification
• Ability to work successfully as part of a virtual team
• Proficient with RMF process, NIST SP 800-37, NIST SP 800-53, CNS-SI 1253
• Able to manage, create, and track timelines and deliverables, while ensuring processes and procedures are adhered to for a large number of Information Systems
• Demonstrates a successful track record for delivering large/complex projects on time and within budget within DoD organizations
• Demonstrates knowledge in the planning, development, coordination, implementation and execution of policies and projects at an organizational level
• Creating Metrics and good presentation skills
• Must have customer service skills, both verbal and written

Qualifications: BS in Network Engineering with 9 years of Experience

• Demonstrated understanding of system administration and network configuration for Microsoft Windows, macOS, or UNIX/LINUX systems
• Demonstrated knowledge of security concepts including malware, intrusion detection, risk analysis, threat/vulnerability management, system hardening, and business continuity
• Familiarity with information security risk assessment and management processes and standards
• Demonstrated ability to optimize time and resources, prioritize tasks, and ensure that deadlines are met
• Ability to work independently on projects and achieve project objectives
• Ability to work in a team environment, being able to play the roles of team leader and team player 
• Ability to actively listen, responsive to verbal and non-verbal clues
• Strong writing and verbal communication skills demonstrated while communicating with diverse audiences
• Demonstrated superior interpersonal skills, conflict resolution and negotiation skills
• Demonstrated ability to identify problems, analyze courses of action, and propose solutions
• Demonstrated ability to successfully handle sensitive discussions with discretion, strong personal ethics commitment, and demonstrated sound judgment

Qualifications: BS in Systems Engineering with 6 years of Experience

• Experience working with diverse populations
• Ability to meet consistent attendance
• Ability to interact positively with colleagues, supervisors, and customers face-to-face
• Familiarity with project management approaches, tools and phases of the project lifecycle
• Familiarity with current office software such as Microsoft Office, Office 365, and Google Apps
• Experience with commercial or open source security tools
• Basic knowledge of security processes and procedures relating to security compliance or controls management frameworks
• Experience with server administration for Mac OS, or UNIX/LINUX systems
• Experience with cloud administration (AWS, Azure, GCP) of systems
• Experience working with diverse populations and willingness to support a community commitment to diversity, equity and inclusion

Qualifications: BS in Information Systems Security with 5 years of Experience

• Demonstrated knowledge of Microsoft Office Suite
• Excellent customer service skills and interpersonal abilities during conversations, both verbal and written, with DOS employees at all levels, other contractors, and other Federal counterparts
• Demonstrated timely and proficient organizational skills
• Ability to work independently, with minimal supervision, and multitask in a high-volume, fast-paced work environment
• Demonstrated ability to have a flexible, team-oriented approach to work while building and maintaining strong working relationships with colleagues
• Familiarity with AFIN boundary equipment and configurations
• Familiarity with AOC boundary equipment and configurations
• Working experience in Information Security and/or Audit 
• Experience with analytics solutions, data and reporting architecture and associated tools

Qualifications: BA in Security and Risk Analysis with 4 years of Experience

• Must meet DoD 8570, 8570.01-M, and AR 25-2 training and certification requirements, e.g., Security+ CE, CAP, CASP+ CE, CISM, CISSP (or Associate), GSLC, or CCISO
• Must have experience accrediting a system or network
• Must have experience working with the RMF process and eMASS system
• Must have an active Top-Secret clearance
• Knowledge of IA policies, procedures and deliverables, including DIACAP, NIST, RMF, and FISMA
• Understanding of Enterprise Mission Assurance Support Service (eMASS), Assured Compliance Assessment Solution (ACAS), and implementation of Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs)
• Must have CompTIA Security+ CE Certification 
• Able to design secure systems, write secure computer code, and create the tools to prevent, detect, mitigate, and reconstitute information systems
• Intermediate to advanced level skills in the Microsoft Office software suite - Word, Excel, Outlook, PowerPoint
• Ability to communicate effectively, interpret regulatory guidance and identify vulnerabilities to a wide audience
• Strong interpersonal skills and good judgment
• Ability to work alone or as part of a team

Qualifications: BS in Information Security and Assurance with 6 years of Experience

• Must maintain clearance for the duration of employment
• Demonstrated experience with shipbuilding acquisitions
• Demonstrated experience supporting a major system acquisition program (DHS/USCG Level I, DoD ACAT I or equivalent)
• Possess a Level Two (2) IAT DOD 8570.01 Certification (CompTIA Security+, CySA+, CCNA Security, etc.)
• Must have Level Three (3) IAM DOD 8570.01 Certification (CISM, CISSP, GSLC, CCISO)
• Comfortable working with the IA/Cybersecurity control sets delineated in NIST 800-53
• Working knowledge of DoD/DoN/DHS IA instructions, directives, and the Risk Management Framework (RMF) process
• Experience working in the Enterprise Mission Assurance Support Service (eMASS)
• Must be a confident and articulate verbal and written communicator and technical writer
• Demonstrated experience in MS Word, Excel, PowerPoint, AutoCAD or other CAD software, Project and Visio
• Must have familiarity with SharePoint and MS Teams
• Must have excellent time management skills and the ability to multitask and prioritize work

Qualifications: BA in Emergency Management with 8 years of Experience

• Working experience in Information Assurance 
• Experience with DIACAP, eMASS and the RMF process
• Must have excellent interpersonal Skills
• Experience in DevSecOps and Agile methodologies
• Must have CISSP-ISSEP certification
• Computer security experience in secure network and system design, analysis, procedure/test generation, test execution and implementation of computer/network security mechanisms
• Must have DoD 8570 IAT Level II Certification (Security+ CE)
• Ability to work independently and as part of a team, providing tier 1 support to niche IA Subject Matter Experts (SMEs) end users
• IT with experience in a security function or relevant experience
• Strong experience in the use of Active Directory, experience with IGA tools such as Sailpoint, Saviynt, Azure AD
• Ability to communicate effectively verbally and in writing
• Ability to clearly and concisely communicate complex technical information to audiences of various technical levels

Qualifications: BS in Telecommunications Engineering with 7 years of Experience

• Ability to prepare and apply security plans for employing an enterprise-wide set of disciplines for planning, analysis, design, and construction of information systems on an enterprise-wide basis or across a major sector of the enterprise
• Ability to develop analytical and computational techniques and methodology for problem solutions
• Experience in formulating and assessing IT security policies to include business impact
• Experience in developing integrated security services management, security awareness training, assessment and audit of network penetration testing, anti-virus planning assistance, risk analysis, and incident response
• Experience with several architectures and platforms in an integrated environment
• Significant knowledge of the field and ability to work independently on typical assignments 
• EMASS experience or a similar information assurance program management tool 
• Experience with the Authority to Operate (ATO) process
• Experience in Information SecurityInformation Assurance, Security Administration, Evaluation of Security Information Assurance capabilities, Product Assessment, and Policy Development

Qualifications: BS in Cybersecurity with 5 years of Experience

• Experience in Cybersecurity within the Department of Veterans Affairs
• Experience performing Information Assurance (IA) controls analysis, testing, and risk assessments
• Working knowledge of eMASS (Enterprise Mission Assurance Support Service)
• Knowledge of NIST SP 800-53 and 800-37, CNSSI 1254, and other VA Risk Management policies
• Ability to identify and evaluate major applications, infrastructure, enclaves, and Enterprise environments based on accreditation boundaries
• Knowledge of defense-in-depth and other information security and assurance principles and associated supporting technologies
• Capable of providing thoughtful feedback to the ISO, ISSO and other VA Cyber Security leadership to identify risks, communicate recommended courses of action, and recommend process improvements
• Ability to work as an independent security practitioner and participate in a small team of security personnel reviewing the same system
• Ability to communicate effectively both verbally and in writing
• Ability to organize, analyze, and write technical documents that can be understood by non-technical individuals

Qualifications: BS in Information Assurance with 6 years of Experience

• Overall experience of related IA/CS and INFOSEC technical 
• Experience in IA/CS analysis support in IA/security controls analysis, conducting risk assessments, risk mitigation analysis, and developing contingency plans
• Proficiency in Microsoft Office such as Excel, Visio, Word, PowerPoint, and Project
• Must have strong interpersonal skills
• Ability to multitask and work in a team environment
• Must have an active Secret Clearance
• Understand cybersecurity in Agile
• Understand risk management and vulnerability remediation
• Knowledge of A&A and Client security processes
• Experience supporting external audits or control assessments
• Working experience in security and compliance documentation 
• Basic Knowledge of Cloud security (AWS, Azure)
• Cloud security experience, FedRAMP Experience, Agile, SAFe, vulnerability management, Nessus, WebInspect, Fortify, AppDetectivePro

Qualifications: BS in Computer Engineering with 8 years of Experience

• Experience with DoD Cybersecurity, information assurance, or Risk Management Framework (RMF)
• Experience with using RMF tools to process and update Assessment and Authorization (A&A) packages
• Experience with Microsoft Office, including Word, Excel, and PowerPoint
• Knowledge of the National Institute of Standards and Technology (NIST) RMF Special Publications
• Must have DoD 8570 Series IAT Level II Certification
• Possess excellent communication skills
• Background or understanding of System Security Plans (SSP)
• Security hardening scripting/automation experience
• Must have Microsoft OS Certification (MCSE Win 7 or other)
• Must have Linux certification (RHCSA, CompTIA Linux, LCFS/LCFE, etc.)
• Understanding of Sensitive Compartmented Information Facility (SCIF) standards

Qualifications: BS in Systems Engineering with 6 years of Experience

• Previous experience in deployment of secure baseline configurations (STIG, CIS Benchmark)
• Familiarity with cyber frameworks NIST 800-171, NIST CSF, CMMC
• Knowledge in NIST/ISO standards, DoD directives, and regulatory requirements
• Knowledge in defining and interpreting audit requirements
• Ability to maintain information security-related certification (Security+, CCNA-Security, GSEC, SSCP, CISSP)
• Working experience in Windows, Unix/Linux, and OSX operating system administration
• Vulnerability management experience with tools such as Nessus, eEye Retina or Burp Suite
• Working experience in SEIM management such as Splunk, QRadar, or ArcSight

Qualifications: BS in Applied Cybersecurity with 4 years of Experience

• Current DoD 8570.01 IAT Level III Certification such as CISM, CISSP (or Associate), GSLC or CCISO
• Recent experience with eMASS and the RMF process
• Strong understanding of National Institute of Standards and Technology (NIST) 800.53 security controls and control families
• Experience implementing and maintaining security controls
• Strong organizational, administrative, multi-tasking, prioritization, and problem-solving skills
• Energetic, forward-thinking and resourceful individual with high ethical standards and an appropriate professional image
• Cross-functional team collaboration skills in a rapidly changing, high-intensity, mission-oriented work environment
• Knowledge of the principles, methods, and techniques used in network security
• Knowledge of scanning, endpoint security, and firewall technologies
• Comprehensive knowledge of desktop operating systems and applications
• Strong familiarity with Coalition and Multi-National information sharing systems, policies and environments
• Technically competent, solid decision making and critical thinking, strong customer focus, self-motivated, desire to learn, effective and professional interpersonal skills, pride in work, strong team player
• Working conditions are normal for an office environment
• Fast-paced, deadline-oriented environment

Qualifications: BA in Computer Forensics with 10 years of Experience