Job Summary: 

• Operate security tools and services to detect, protect, and defend the IT enterprise
• Provide analysis of findings from security monitoring systems 
• Recognize and respond to potential security violations and incidents
• Report incidents and take immediate action to mitigate adverse impacts
• Acts with discretion when in support of investigations
• Collect, analyze, correlate, and report on pertinent security metrics
• Perform identity-based security functions supporting the user identity lifecycle including creation, removal, and update of user account information
• Provide Tier 2 customer support from Help Desk calls for security-related matters
• Incident response team member
• Respond to security incidents and events
• Investigate and resolve incidents, execute action plans, and communicate with end-users or other impacted parties
• Take the lead on group-level investigation tasks
• Assist the security team in the continuous review, evaluation, and rollout of security tools and security administration tools
• Assist in planning and performing system risk assessments, including administrative, technical, and physical controls reviews of new and existing IT infrastructure and facilities
• Serve as a resource person in assessing systems, processes, and projects against compliance requirements, control objectives, and security best practices
• Interacts with internal and external technical staff and consults with project teams at various stages of project cycles
• Consult with departments on security setup, products, services, and/or procedures to mitigate security risk
• Create and deliver security, technical and procedural training to campus-wide information security awareness events and programs
• Ensure alignment of policy and practice of security among stakeholders

Skills on Resume: 

• Security Monitoring (Hard Skills)
• Incident Response (Hard Skills)
• Risk Assessment (Hard Skills)
• Account Management (Hard Skills)
• Technical Support (Soft Skills)
• Compliance Evaluation (Hard Skills)
• Security Consulting (Soft Skills)
• Security Training (Soft Skills)

Job Summary: 

• Assist the Cyber Security Manager with security controls' Continuous Monitoring (CM) and Continuous Diagnostics and Mitigation (CDM) planning and implementation
• Creation and maintenance of all associate Certification and Accreditation (C&A) documentation by Federal regulations, procedures and processes
• Participate in the effort to adopt and institutionalize the Twenty Critical Security Controls for Effective Cyber, Consensus Audit Guidelines (CAG)
• Provide cybersecurity planning, reporting and implementation consistent with Departmental policies and requirements
• Ensuring the incorporation of industry best practices throughout the Cyber program, which consists of defending the Cyber Infrastructure and IT environment from cyber threats
• Detect compromises, weaknesses and incidents, and respond to those events to prevent further damage
• Provide support to develop, document, implement, review and revise policies and procedures compliant with the requirements defined in the Program Cyber Security Plan
• Provide the technical expertise and judgement to perform aspects of the National Institute of Standards and Technology (NIST) six-step Risk Management Framework and ongoing information system authorization through continuous monitoring processes
• Provide the technical expertise and judgement for security control assessment of system-specific, hybrid, and common controls
• Determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome concerning meeting the security requirements for the information system
• Provide the technical expertise and judgment to assess the security controls employed within or inherited by the information system using assessment procedures
• Provide specific recommendations on how to correct weaknesses or deficiencies in the controls and reduce or eliminate identified vulnerabilities
• Provide the technical expertise and judgment to document proposed or actual changes to an information system or its environment of operation and subsequently assess the potential impact those changes may have on the security state of the system or organization
• Provide the technical expertise and judgement to assess the security controls employed within or inherited by the information system, after the initial authorization, on an ongoing basis

Skills on Resume: 

• Continuous Monitoring (Hard Skills)
• Risk Management (Hard Skills)
• Security Assessment (Hard Skills)
• Policy Development (Hard Skills)
• Incident Detection (Hard Skills)
• Cyber Defense (Hard Skills)
• Technical Judgement (Soft Skills)
• Compliance Support (Soft Skills)

Job Summary: 

• Draft company IT policies to document the requirements and parameters for business and IT processes
• Produce formal documentation for existing business and IT processes
• Ensure Payment Card Industry (PCI) compliance
• Assist in developing and executing audit plans for IT controls
• Develop repeatable processes to ensure team member compliance with written policies and procedures
• Oversee scheduling and execution of process self-checks and audits within the IT Department
• Assist in oversight and management of IT risk remediation projects
• Identify risks to the organization and work closely with internal team members and third-party vendors to remediate
• Perform security awareness training for company team members
• Participate in on-call duties
• Model behaviors that support the company’s common purpose
• Ensure guests and team members are supported at the highest level
• Ensure all activities comply with rules, regulations, policies, and procedures

Skills on Resume: 

• Policy Writing (Hard Skills)
• Audit Planning (Hard Skills)
• PCI Compliance (Hard Skills)
• Risk Remediation (Hard Skills)
• Process Oversight (Hard Skills)
• Security Training (Soft Skills)
• Team Support (Soft Skills)
• Regulatory Compliance (Hard Skills)

Job Summary: 

• Develop and update cybersecurity policies, tracking tools, user and administrator training guides, and process guides that support IC cybersecurity governance, RMF, and A&A
• Collaborate with multiple stakeholders to develop and update documentation
• Assist Information System Security Officers (ISSO) through the review and update of RMF management guides and A&A SOPs
• Identify risk factors and mitigation technologies, procedures, and processes
• Develop, update, and maintain the full suite of RMF documentation and supporting artifacts
• Implement information assurance and Air Force policy into the agency's network, working alongside the Information Assurance Manager
• Provide policy analysis, information sharing requirements, and certification and accreditation support to multiple classified and unclassified networks
• Create and validate system security requirements, establishing and implementing security designs in hardware, software, data, and procedures
• Conduct technical risk and vulnerability assessments of planned and installed information systems as well as assess and mitigate system security threats/risks throughout the system lifecycle
• Prepare documentation such as risk assessment reports for the ISSM, system security plans (SSPs), development of a plan of action and milestones (POA&Ms), to ensure compliance with government and DC3 cybersecurity policies and procedures
• Assist ISSM with the generation of cybersecurity documentation for system hardware and software assessments
• Assess the performance of IA security controls for assessment and authorization and assess only networks

Skills on Resume: 

• Policy Development (Hard Skills)
• Risk Assessment (Hard Skills)
• RMF Documentation (Hard Skills)
• Security Design (Hard Skills)
• Threat Mitigation (Hard Skills)
• Network Compliance (Hard Skills)
• Stakeholder Collaboration (Soft Skills)
• Documentation Support (Hard Skills)

Job Summary: 

• Responsible for supporting the planning, conducting a review of architectural and engineering plans, supporting implementation, and enabling the enablement of operations of the Risk Management Framework (RMF) 
• Provide continuous technical and analytical support in the review and application of Cybersecurity processes, policy, doctrine, directives, and regulations
• Ensure Cybersecurity policy compliance and implementation
• Support in the implementation of security policies and test measures for all globally deployable assets to include baseband, routers, switches, and images utilized in direct operational support
• Perform gap analyses to determine the completeness of Standard Operating Procedures (SOPs)
• Assist in the creation of SOPs in support of Cybersecurity, Computer Network Defense, Physical Security, Personal Security, and Directives
• Provide research and recommendations in support of Cybersecurity SOPs, supporting regulatory guidance and accurate systematic procedures
• Support the daily management of operational Cybersecurity engineering and Risk Management Framework (RMF) tasks
• Provide design, testing, documentation, integration, administration, and management of Cybersecurity mitigation measures
• Support the implementation of various computer networks, systems, and telecommunications efforts
• Conduct technical inspections to verify the Configuration Management of information systems
• Support telecommunication modernization, sustainment, and advanced technology efforts
• Provide additional Cybersecurity support in the following subtask areas
• Review Standards, Architecture, Engineering, and Integration Support

Skills on Resume: 

• RMF Support (Hard Skills)
• Policy Compliance (Hard Skills)
• SOP Creation (Hard Skills)
• Gap Analysis (Hard Skills)
• Cyber Mitigation (Hard Skills)
• System Testing (Hard Skills)
• Technical Inspection (Hard Skills)
• Team Collaboration (Soft Skills)

Job Summary: 

• Develop and implement information assurance standards and procedures
• Recommend security solutions to support the information assurance guidelines and the customer requirements
• Perform vulnerability/risk analyses of computer systems and applications during all phases of the system development life cycle
• Analyze information assurance-related technical problems and provide advanced engineering and technical support in solving these problems
• Perform analysis, design, and development of security features for system architectures
• Design, develop, engineer, and implement solutions that meet security requirements
• Provide integration and implementation of the computer system security solution
• Ensure that all information systems are functional and secure
• Identify, report, and resolve security violations
• Establish and satisfy information assurance and security requirements based upon the analysis of user, policy, regulatory, and resource demands
• Ensure alignment of team mission and organizational goals
• Collaborate with peers and employees in other departments to improve operations
• Provide guidance and direction for the development of all assigned employees to improve the overall professionalism of the department and the support provided
• Mentor junior-level team members, assist them with developing project plans and goals for the year
• Plan and direct the continual upgrading of equipment and procedures to maintain pace with technological progress, economic change, and business needs
• Support the Government in the enforcement of the design and implementation of trusted relationships among external systems and architectures
• Identify overall security requirements for the proper handling of Government data

Skills on Resume: 

• IA Standards (Hard Skills)
• Risk Analysis (Hard Skills)
• Security Design (Hard Skills)
• Systems Integration (Hard Skills)
• Violation Response (Hard Skills)
• Team Alignment (Soft Skills)
• Staff Mentoring (Soft Skills)
• Cross Collaboration (Soft Skills)

Job Summary: 

• Implement a cybersecurity program in OT, including data and process protection, vulnerability management, and identity management, among others
• Conduct security assessments for Industrial Control Systems (ICS)/SCADA
• Design and support the implementation of various OT solutions in industrial environments
• Assure measurement of cybersecurity metrics and programs for key security, risk, compliance, and service continuity indicators
• Technical security expertise in OT to identify security technology solutions and develop security reference architectures and strategies to achieve business results
• Solve complex digital and operational security problems in Industrial Control Systems (ICS) used within QP's critical infrastructure cyber-landscape
• Validate and verify system security requirements and work within current change management processes, supporting changes in the OT environment

Skills on Resume: 

• OT Cybersecurity (Hard Skills)
• ICS Assessment (Hard Skills)
• Solution Design (Hard Skills)
• Metrics Analysis (Hard Skills)
• Security Architecture (Hard Skills)
• Risk Mitigation (Hard Skills)
• Problem Solving (Soft Skills)
• Change Support (Soft Skills)

Job Summary: 

• Participate in conducting, developing, validating, and submitting information system security plans, security test and evaluation plans, certification and authorization packages, and plans of action and milestones in support of compliance requirements
• Conduct, develop, plan, and coordinate risk assessments of information systems in development, test, production and research environments as required by established or newly determined compliance/audit requirements
• Monitor the assessment and review of systems and networks within the environment to identify where systems/networks deviate from acceptable configurations, enclave policy, and local policy
• Participate in the development and maintenance of training material and records related to compliance and audit requirements
• Participate in technical requirements such as vulnerability scanning, review of security/event logs, network analysis, and incident response on an as-needed basis
• Ensure timely updates and management of systems and users within the authorized FISMA data repository
• Provide real-time updates, manage systems and users, add/remove users, and troubleshoot user issues in RSA Archer
• Manage permissions and upload the Plan of Action and Milestones (POA&Ms)
• Develop and manage requested RSA Archer reports, dashboards and metrics
• Assist in the implementation and support of the OS Temporary Exception/Risk Acceptance process for all OS systems
• Support data calls and requests for information and reporting
• Monitor mailboxes and respond to inquiries within 48 hours
• Assist in FISMA quarterly/annual reporting

Skills on Resume: 

• Compliance Support (Hard Skills)
• Risk Assessment (Hard Skills)
• System Monitoring (Hard Skills)
• Training Material (Soft Skills)
• Log Analysis (Hard Skills)
• User Management (Hard Skills)
• Dashboard Reporting (Hard Skills)
• Issue Resolution (Soft Skills)

Job Summary: 

• Communicate between the business, technology and compliance areas for general requests associated with standards and governing policies and procedures
• Assist with security risk assessment and audit activities for third-party service providers and vendors
• Assist in all aspects of information security associated with compliance and client audits (i.e., pre-on-site deliverables, audit and assessment questionnaires, written response to audit report and/or findings)
• Assist in documentation, retention, reporting and clear articulation of audit-related information (i.e., scope, findings, recommendations, corrective action plans and status tracking) and documentation to information security, compliance and business operations leadership 
• Perform a variety of support and general administrative assignments in support of the audits or auditors, including filing, data entry, and tracking/correspondence, while following established standards and work processes
• Assist with the maintenance of the inventory of exceptions to information security policies, standards, controls, and configuration requirements for reporting to management, auditors and clients
• Act as a resource and facilitate responses to general audit inquiries associated with clients and compliance audits
• Generate associated work orders in support of compliance evidence associated with the client and compliance audits
• Assist in policy/procedure developments and ongoing updates required under the collection agency industry regulations and standards
• Successfully set priorities, perform tasks in an orderly fashion, and meet time deadlines
• Stay informed of pending industry changes, trends, and best practices and assess the potential impact of these changes on organizational information security policies, procedures, and processes

Skills on Resume: 

• Audit Support (Hard Skills)
• Vendor Assessment (Hard Skills)
• Policy Updates (Hard Skills)
• Compliance Tracking (Hard Skills)
• Administrative Tasks (Soft Skills)
• Client Communication (Soft Skills)
• Documentation Review (Hard Skills)
• Time Management (Soft Skills)

Job Summary: 

• Provide support for Information Assurance to maintain operational security posture and ensure information systems security policies, standards, and procedures are established and followed
• Contribute to and ensure effective project management and implementation of cyber capacity building efforts for African partners
• Implement the Risk Management Framework (RMF) across multiple programs by the National Institute of Standards and Technology (NIST)
• Assess the Cyber Security risk of IT systems, documenting them in formal risk assessments and supporting artifacts associated with the Assessment and Authorization (A&A) process
• Develop artifacts and supporting evidence to satisfy all applicable RMF Controls and corresponding Control Correlation Identifiers (CCIs)
• Assess key cybersecurity needs of various African Partner Nations and take principal responsibility for final formulation of cyber capacity building initiatives and strategies
• Manage system accreditation packages and ATOs using the DISA Enterprise Mission Assurance Support Service (eMASS)
• Develop and/or update the Plan of Action and Milestones (POA&M) to document all known vulnerabilities with corrective actions or mitigation of risks
• Revise/modify topology diagrams and perform Ports, Protocols, and Services Management (PPSM)
• Perform cyber security controls verification assessments IAW DoDI 8510.01 and DoDI 8500.01 on an annual basis
• Analyze IAVAs and Information Assurance Vulnerability Bulletins for enclave impact and take or recommend appropriate action
• Analyze site/enclave CND policies and configurations and evaluate compliance with regulations and enclave directives
• Participate in developing and implementing network-related procedures and standards
• Formulate and implement the cyber capacity building strategies for African partners based on key cybersecurity needs assessments of African Partner Nations
• Examine potential security violations to determine if Department of Defense policy has been breached, assess the impact, and preserve evidence
• Communicate effectively orally and in writing with customers, stakeholders, partners and technical specialists

Skills on Resume: 

• RMF Implementation (Hard Skills)
• Risk Assessment (Hard Skills)
• ATO Management (Hard Skills)
• Cyber Strategy (Hard Skills)
• Vulnerability Analysis (Hard Skills)
• Diagram Revision (Hard Skills)
• Policy Compliance (Hard Skills)
• Stakeholder Communication (Soft Skills)

Job Summary: 

• Responsible for effective and efficient provisioning, configuring, installing, operating, and maintaining the system infrastructure related to software or hardware
• Perform security scans, analyze scan results, and document findings for products to complete continuous monitoring
• Scan results and findings are to be documented according to the NIST Risk Management Framework Process (RMF)
• Continuously innovates new methods to develop and evolve new infrastructure and participates in technical research
• Ensures that all the operating systems, software, and system hardware, and any other related procedures are being executed properly and that it is in compliance with the organizational rules and policies
• Monitor and perform regular security checks to find possible intrusions
• Verifies the integrity and availability of all the resources of servers, hardware, and other relevant systems and key processes
• Reviews the system and other related application logs to get details as to whether the assigned backup functions have been completed
• Responsible for performing some additional duties like ensuring regular archival of files, changing, creating, and deleting the user accounts as per the requirements, etc.
• Involved in hardware upgrades, optimization of resources, configuring the CPU, its memory, etc., and maintaining the environment of the data center and closely monitoring the relevant equipment
• Repair as well as recover from any failure related to the software or hardware
• Responsible for leading, supervising, and directing the team to resolve any issues related to information assurance
• Maintains all the documentation relevant to the emergency security measures and trains the subordinates to create an awareness about the same
• Develops and implements plans to safeguard various files stored in the system and installs firewalls to block the transmission of confidential data and information
• Involved in analyzing, developing, evaluating, and integrating information assurance policies and assists in gathering and preserving the evidence, in case there is any violation
• Recommends the best possible strategies that would support and protect the vital data and help ensure the effectiveness of various information assurance procedures

Skills on Resume: 

• System Maintenance (Hard Skills)
• Security Scanning (Hard Skills)
• Infrastructure Optimization (Hard Skills)
• Log Monitoring (Hard Skills)
• Backup Management (Hard Skills)
• Failure Recovery (Hard Skills)
• Team Leadership (Soft Skills)
• Policy Analysis (Hard Skills)

Job Summary: 

• Serve as the lead for all authorization packages on the MPE-ES team, to include RMF ATO packages in eMASS and Cross Domain Appendices
• Serve on multiple functional teams in support of the MPE enterprise, to include the IA Policy and Audit, Incident Management and Response, Cyber Monitoring, Firewall Management, and Scanning Teams
• Provide end-user IA support for all computer equipment, operating systems, peripherals, and applications
• Maintain network security and ensure compliance with security policies and procedures
• Support, monitor, test, and troubleshoot hardware and software for IA problems
• Participate in developing and implementing network-related procedures and standards
• Participate in and may lead aspects of major network installations and upgrades
• Interface with vendors to ensure appropriate resolution during network outages or periods of reduced performance
• Conduct tests of IA safeguards by established test plans and procedures
• Troubleshoot and resolve complex problems
• Maintain current knowledge of relevant hardware and software applications
• Participates in special projects
• Understand and implement technical vulnerability corrections
• Examine potential security violations to determine if Department of Defense policy has been breached, assess the impact, and preserve evidence
• Work with partners, customers and stakeholders to configure, optimize, and test network servers, hubs, routers, and switches to ensure that they comply with security policy, procedures, and technical requirements
• Monitor and maintain defense systems including endpoint security, perimeter firewalls, and intrusion detection, and vulnerability detection systems

Skills on Resume: 

• Authorization Packages (Hard Skills)
• Network Security (Hard Skills)
• Incident Response (Hard Skills)
• IA Support (Hard Skills)
• Hardware Troubleshooting (Hard Skills)
• System Testing (Hard Skills)
• Vendor Coordination (Soft Skills)
• Vulnerability Remediation (Hard Skills)

Job Summary: 

• Perform incident response tasks, help respond to important alerts and incidents within the SOC
• Maintain and tune different security tools and gain engineering experience
• Build defenses through multiple detection and prevention capabilities across the environment
• Enforce policies, standards, and procedures intended to ensure the protection of enterprise systems
• Deploy and manage tools to protect organizational data, allowing the business to move quickly while following security standards
• Maintain a keen external focus on industry best practices and advanced technologies related to cybersecurity
• Provide high reliability of systems through disciplined testing and change management
• Use tools and techniques to assess the effectiveness of information security measures and identify potential exposures

Skills on Resume: 

• Incident Response (Hard Skills)
• Tool Management (Hard Skills)
• Threat Detection (Hard Skills)
• Policy Enforcement (Hard Skills)
• Data Protection (Hard Skills)
• Security Research (Soft Skills)
• Change Management (Hard Skills)
• Exposure Assessment (Hard Skills)

Job Summary: 

• Analyze and correlate anomalous events identified in Intrusion Detection System (IDS), Intrusion Prevention System (IPS), Security Information and Event Management (SIEM) systems, and supporting devices/applications. 
• Analyze, correlate and trend anomalous events and incidents to identify and characterize the threat or incident 
• Identify the cause, source, and methodology of the compromise or incident
• Identify and recommend network configuration changes to (IOT) deter the existing threat
• Configure and fine-tune detection/prevention capabilities for IDS, IPS, SIEM, and supporting devices/applications
• Facilitate reporting and situational awareness to ARCYBER, DISA, CCMDs, and respective regional Theater Signal Commands
• Facilitate reporting to Law enforcement and Counter-Intelligence investigation agencies
• Update Incident Handling procedures, response guidelines, and checklists based on findings and lessons learned
• Submit forensically sound media images to ARCYBER F&MA

Skills on Resume: 

• Event Correlation (Hard Skills)
• Threat Analysis (Hard Skills)
• Compromise Detection (Hard Skills)
• Network Defense (Hard Skills)
• System Tuning (Hard Skills)
• Incident Reporting (Hard Skills)
• Procedure Updates (Hard Skills)
• Forensic Submission (Hard Skills)

Job Summary: 

• Designs and implements information assurance and security engineering systems with requirements of business continuity, operations security, cryptography, forensics, regulatory compliance, internal counter-espionage, and physical security analysis
• Assesses and mitigates system security threats and risks throughout the program life cycle
• Assists in establishing and implementing cybersecurity policies
• Validates system security requirements definition and analysis
• Establishes system security designs
• Implements security designs in hardware, software, data, and procedures
• Verifies security requirements
• Performs system certification and accreditation planning and testing and liaison activities
• Develops and conducts user training and awareness programs
• Provides consulting to IT operations for secure systems operations and maintenance
• Prepare, maintain, and implement the System Security Plans (SSPs) and associated documentation for information systems for which they are responsible
• Conduct continuous monitoring and other security control assessments of information systems to periodically verify and report that security features and operating controls are implemented correctly, operating as intended, and producing the desired outcomes
• Perform ongoing risk assessments to determine if additional countermeasures beyond those identified in the program’s risk assessment are required
• Develop and implement appropriate cyber security awareness training for staff and management for their understanding of cyber security responsibilities for accessing information systems and protecting electronic data

Skills on Resume: 

• Security Engineering (Hard Skills)
• Threat Mitigation (Hard Skills)
• Policy Implementation (Hard Skills)
• Security Validation (Hard Skills)
• System Accreditation (Hard Skills)
• User Training (Soft Skills)
• Risk Assessment (Hard Skills)
• Awareness Programs (Soft Skills)

Job Summary: 

• Monitor the HEAT ticketing system
• Vulnerability scanning and remediation
• Run required ACAS reports
• Vulnerability report generation and mitigation coordination
• Assist with Windows Server STIG/SCAP artifacts for accreditation efforts
• Updates/upgrades for ACAS products (Security Center, Nessus, etc.)
• Scheduling/Monitoring of active and passive scans
• Failed scans, tracking and troubleshooting
• Conduct and assist with the performance of security risk assessments of systems and equipment using DISA security technical implementation guidance (STIG)
• Perform monthly vulnerability assessments using automated scanning tools, and assist with the completion of technical scans on servers, applications and appliances
• Create technical documentation, network diagrams, inventory control documentation, security documentation and RMF artifacts to support the accreditation process for new technology or service initiatives

Skills on Resume: 

• Ticket Monitoring (Hard Skills)
• Vulnerability Scanning (Hard Skills)
• Report Generation (Hard Skills)
• STIG Compliance (Hard Skills)
• Tool Maintenance (Hard Skills)
• Scan Troubleshooting (Hard Skills)
• Risk Assessment (Hard Skills)
• Documentation Support (Hard Skills)

Job Summary: 

• Use data to understand business patterns and trends in information assurance
• Promote best practices in Authority to Operate (ATO), Assessment and Analysis (A&A), and Continuous Monitoring support efforts
• Analyze internal and external quantitative and qualitative information from the internal team and stakeholders
• Communicate findings through standard and ad hoc reports
• Collaborate with cross-functional teams and stakeholders
• Develop and/or enhance policies, standard operating procedures (SOPs), and/or processes
• Support verbal and written communications with stakeholders
• Support, manage and/or facilitate all phases of executive-level recurring or ad hoc meetings

Skills on Resume: 

• Data Analysis (Hard Skills)
• ATO Support (Hard Skills)
• Report Writing (Hard Skills)
• Stakeholder Collaboration (Soft Skills)
• Policy Development (Hard Skills)
• SOP Enhancement (Hard Skills)
• Executive Communication (Soft Skills)
• Meeting Facilitation (Soft Skills)

Job Summary: 

• Assess shipboard networks to identify vulnerabilities while providing hands-on training and remediation actions
• Perform network evaluation and analysis for DISA Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs) compliance, utilizing current DISA-approved Security Content Automation Protocol (SCAP) software
• Identify security requirements to bring a system into compliance and create a POA&M, identifying those outstanding non-compliant items and assisting with mitigation strategies
• Configure, update, and maintain ACAS/SCCVI with the latest audits and signatures
• Perform network vulnerability scans using ACAS/SCCVI per Program of Record (POR) or DoD directives
• Evaluate local McAfee HBSS ePO afloat or Super-Agent Distributed Repository (SADR) for configuration compliance with DISA STIG(s) and higher-level directives
• Analyze complex network and IA systems in unclassified and classified environments for compliance with DoD and industry best practices security configuration requirements
• Writing Standard Operating Procedures (SOP), COOP, Configurations, and other documentation in support of RMF
• Provide technical evaluation of proposed system(s) and application approaches
• Validation of Information Assurance (IA) Controls
• Maintain an awareness of trends within the Technology Industry

Skills on Resume: 

• Network Evaluation (Hard Skills)
• Security Compliance (Hard Skills)
• Mitigation Planning (Hard Skills)
• Tool Configuration (Hard Skills)
• Scan Execution (Hard Skills)
• Endpoint Review (Hard Skills)
• Technical Documentation (Hard Skills)
• Control Validation (Hard Skills)

Job Summary: 

• Navigate Accreditation and Authorization processes to ensure that the program deliverables receive Approvals To Operate
• Work with the customer IA representatives to complete Risk Management Framework activities and documentation
• Work with program engineers to ensure that products are compliant with security requirements and continuously monitor subsequent releases to maintain compliance
• Coordinate with customer IA representatives
• Characterize systems by the Risk Management Framework
• Write documents to include System Security Plans, Security Test Procedures and Plan of Action and Milestones
• Provide technical requirements and solutions to program engineers
• Provide technical justifications to tailor security requirements
• Execute government-witnessed security test events
• Use automated tools to provide vulnerability and compliance assessments
• Review IAVM notices and address with program engineers
• Ensure regular patching of systems
• Monitor software releases to ensure continued compliance and closure of POA&M items
• Support corporate IA personnel in efforts related to assigned programs

Skills on Resume: 

• ATO Navigation (Hard Skills)
• RMF Execution (Hard Skills)
• Security Compliance (Hard Skills)
• IA Coordination (Soft Skills)
• Technical Writing (Hard Skills)
• Test Execution (Hard Skills)
• Vulnerability Assessment (Hard Skills)
• Patch Management (Hard Skills)