• Act as the liaison with network and systems engineering teams during initial project phases and through the duration of the project to continually assess components of the project for compliance with security controls and governance
• Document security controls, security configuration and testing of the systems and software
• Review higher headquarters policies and guidance, and provide recommendations for implementation, including information systems, transport systems, software, cyber security, and datacenter infrastructure
• Review policies, procedures and guidance implemented by the O&M Information Assurance team
• Provide analysis and reporting on the efficacy of all aspects of the O&M IA structure and provide recommendations on improvements, mitigations, and remediation
• Document and retain all Analysis and reporting in the government-provided knowledge management system
• Assist the O&M IA team in preparation for higher headquarters inspections and Staff Assistance Visits (SAVs)
• Act as the liaison to outside Cyber Security and Information Assurance teams during the transition of a solution to O&M work centers
• Provide analyses and decision support information for the Air Force Enterprise
• Approving Official to make system/network risk management determinations for an Authorization to Operate (ATO)
• Prepare and maintain correct, thorough, and timely inputs to the accreditation packages and all artifacts in accordance with current network accreditation processes
• Audit and conduct an ACAS scan to ensure the ongoing security of the network and implement security orders and directives
• Manage EMSEC, TEMPEST, and COMSEC

Skills: Security Compliance, Policy Review, Risk Analysis, ACAS Scanning, Documentation Management, ATO Preparation, Network Auditing, Configuration Testing

• Reviews security and privacy complaints, data breach notification and cybersecurity incident reports, and other correspondence and evidence to determine whether the complaint, self-report or breach notification report indicates non-compliance with the HIPAA Security Rule
• Reviews data provided by the healthcare organizations across the nation to assess the overall impact of security and privacy incidents
• Evaluates and determines the technical sufficiency of submissions from HIPAA covered entities and business associates in response to data and documentation requests (i.e., assessing reports related to security baselines, penetration tests, vulnerability assessments, and digital forensics)
• Develop reports summarizing the analysis, along with formulating recommendations for OCR to consider for future action
• Develops written reports with technical security analyses, summaries, and recommendations for action
• Provides subject matter expert analysis, evaluation, and recommendations based on national security standards (NIST), industry best practices (ISO) and implementation specifications of the HIPAA Security Rule
• Provides expert guidance in designing, implementing, and managing information security, data protection, and risk management programs, including policies, procedures, and controls for protected health information based on HIPAA requirements
• Expert in the development and evaluation of health information privacy policies and technologies, specifically regarding protected health information

Skills: HIPAA Compliance, Risk Analysis, Breach Review, Security Testing, Policy Review, Forensics Analysis, NIST Guidance, Data Protection

• Preparing and submitting the Security Assessment Plan (SAP) with program assistance
• Executing the approved SAP
• Assessing compliance with DISA Security Technical Implementation Guides (STIGs)
• Review of automated scan data
• Performing a complete Risk Assessment of all security controls, known threats and vulnerabilities
• Drafting risk reports of the current architecture, mitigations, and security risk posture
• Ensuring traceability of all vulnerabilities from raw assessment results to the Plan of Actions and Milestones (POA&M)
• Updates to the POA&M based on the assessment results
• Briefing leadership on vulnerabilities in support of the A&A efforts
• Assessing and documenting risk and performing security control assessment and documentation of compliant and failed security controls in eMASS
• Making corrections to the eMASS record
• Completing a Security Assessment Report (SAR), in conjunction with the SCA, based on the assessment results
• Preparing the SAR Executive Summary, with assessment results, for SCAL review
• Supporting the continuous monitoring program

Skills: SAP Execution, STIG Compliance, Risk Assessment, Scan Analysis, POA&M Updates, eMASS Management, SAR Preparation, Continuous Monitoring

• Support the cyber security mission of the 35th IS information systems (IS) and networks
• Evaluate cybersecurity compliance of all 35 IS systems against current NIST and DoD Cybersecurity policies as outlined in AFI 17-101, ICD 503, NIST SP 800-37 and 800-53
• Analyze and advise on the risk and remediation of security issues based on reports from security assessments, vulnerability assessment scanners, patch management tools, and emerging threat information
• Act as the Information System Security Officer (ISSO) in managing the A&A packages throughout the system lifecycle
• Conducting all periodic reviews, tracking remediation efforts through the Plan of Actions and Milestones (POA&M)
• Uploading and managing Body of Evidence (BoE) documents, scans, and other artifacts in Xacta
• Assist fellow ISSOs in applying for Certificate-to-Field (CtF) for software
• Assist other ISSOs in managing the ports, protocols, and services management (PPSM) registrations by performing scans and risk assessments using available tools
• Support the integration and testing of system-level security requirements which may include researching, verifying and documenting cybersecurity controls for the systems to be accredited
• Perform system security scans and vulnerability scans using ACAS, and maintain records of such scans, as required by A&A guidelines
• Provide routine system-level monitoring, audit reviews, and compliance reporting utilizing Splunk and ACAS for the identification of security-relevant external or internal impacts, threats, and policy violations
• Develop and maintain A&A documentation
• Participate in the change management process, including conducting security impact analyses, making recommendations based on relevant security and privacy trends and technology

Skills: Cybersecurity Compliance, Risk Remediation, A&A Management, POA&M Tracking, Xacta Documentation, ACAS Scanning, Security Monitoring, Change Analysis

• Conduct Continuous Monitoring of Cyber threats
• Conduct Risk and Vulnerability Self Assessments, perform Security Architecture Reviews, and audit compliance
• Support audit requirements (STIG, CTO, etc.)
• Provide cybersecurity analysis, with a focus on Assessment and Authorization (A&A), under the implementation of the Risk Management Framework (RMF)
• Prepare and review documentation, including Systems Security Plans (SSPs), risk assessment reports, certification and accreditation (C&A) packages, and plan of actions and milestones (POA&M)
• Validate that all findings from raw scans are documented
• Research and remediate vulnerabilities
• Ensure all manual reviews are completed in STIG checklists
• Track authorization to operate (ATO) statuses and authorizations with conditions of the GETS System
• Draft and review cybersecurity policy documents that affect the GETS system

Skills: Continuous Monitoring, Risk Assessment, STIG Compliance, RMF Implementation, A&A Support, POA&M Management, Vulnerability Remediation, Policy Drafting

• Responsible for ensuring that all system Enterprise Cross Domain Service (ECDS) controls and security activities are integrated into the program and are completed on time
• Research, develop, implement, test and review the information security of the solution of the program to protect information and prevent unauthorized access
• Ensure that the Chief Information Officer (CIO), Data Security Analyst (DSA) and the Program Manager are informed about security measures
• Explain potential threats, install software, implement security measures and monitor networks, and brief the customer management
• Assist the Program Manager in editing and processing cybersecurity deliverables, including RMF packages and associated artifacts
• Assesses DoD Information Systems against the RMF security controls IAW DoDI 8500, DoDI 8510 and NIST SP 800-53
• Develops and reviews for compliance documentation and artifacts 
• Effectively performs interviews of technical Subject Matter Experts (SMEs) as well as non-technical management personnel to ascertain the security posture of an IT system
• Identifies mitigating controls for identified risks and proposes additional mitigation strategies for identified vulnerabilities
• Evaluates a wide array of IT devices for Security Technical Implementation Guide (STIG) compliance using ACAS/ Nessus, SCAP Compliance Checker, and manual checklist reviews
• Applies STIGs to a variety of devices to ensure compliance

Skills: ECDS Integration, RMF Assessment, Security Monitoring, STIG Compliance, Vulnerability Mitigation, Artifact Development, ACAS Scanning, Risk Evaluation

• Working on security implementation on new and legacy systems/networks
• Conducting reviews of all ISs and networks to ensure no security changes have been made to invalidate the Authorization to Operate (ATO)
• Knowing and participating in security compliance efforts that will be assessed and validated by the Government, IAW DoDI
• Applying an enterprise-wide set of disciplines for program planning, analysis, secure system architecture and design, integration, and security testing across major enterprise segments
• Assisting with the identification, preparation and maintenance of engineering and security-related documentation
• Providing technical advice related to system security, vulnerabilities, security architecture and security policies
• Ensuring the rigorous application of information security information assurance (IA) policies and procedures
• Conducting risk assessments and making recommendations regarding additional protection mechanisms necessary to support operations
• Defining, negotiating, and executing Assessment and Authorization (A&A) events
• Conducting security audits and risk assessments to ensure appropriate implementation and compliance with the security posture
• Scheduling, performing, and maintaining records of required information system auditing, patching, maintenance, software and hardware changes, and malware scanning based on evolving threats/vulnerabilities and compliance requirements

Skills: Security Implementation, ATO Validation, Compliance Assessment, System Architecture, Risk Assessment, A&A Execution, Security Auditing, Patch Management

• Participate in discussions at the system engineering level to enhance the security of NRO networks and information systems
• Provide support to system certification activities and efforts related to system certification and accreditation
• Provide technical support in investigating and minimizing real or potential damage resulting from security incidents
• Research, analyze, integrate, and distribute IS security tools and associated documentation, subject to government review and approval
• Provide on-site assistance for integrating IS security tools into contractor and Government information systems
• Develop and propose security procedures for systems and software within the area of expertise
• Ensure consistent security policy implementation for review and approval by the Government
• Create, update, and present Information Assurance (IA) related briefings and other related materials to both internal and external organizations as a security Subject Matter Expert (SME)
• Participate in and support various Information Assurance forums
• Support the Intelligence Community (IC) and Industry-based working groups

Skills: Certification Support, Incident Response, Tool Integration, Procedure Development, Policy Enforcement, IA Presentations, Security Expertise, Community Engagement

• Provide Cyber Security guidance and documentation throughout the system development life-cycle
• Provide Cyber Security guidance at meetings, briefings and design reviews and during system development in accordance with prevailing Cyber regulations and policies
• Support the PM, SCAL, ISSM, and ISSE throughout all phases of the security authorization process
• Enable Cyber Security system designs that properly mitigate identified threats and vulnerabilities
• Review and approve test and evaluation activities to validate that those threats and vulnerabilities are mitigated
• Performs system security reviews and Certification and Accreditation (C&A)/ Assessment and Authorization (A&A)
• Conducts A&A process for IT systems and networks in accordance with the DoD Risk Management Framework process
• Analyzes and reviews the results of network and system vulnerability scans and can validate the implementation of IA Controls in accordance with DoD 8500.2
• Assists with the development and tracking of the POA&M in eMASS
• Supports RMF Checkpoint meetings
• Assists with the Risk Assessment Report and consults on the SLCM Strategy
• Develops the Security Assessment Plan, Security Assessment Report, and Executive Summaries
• Reports package status and risks weekly

Skills: Cybersecurity Guidance, A&A Process, Risk Mitigation, Test Validation, Security Reviews, Vulnerability Analysis, POA&M Tracking, RMF Support

• Performs Computer Security Incident Response activities for a large organization, coordinates with other government agencies to record and report incidents
• Monitor and analyze Intrusion Detection Systems (IDS) to identify security issues for remediation
• Recognizes potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information
• Evaluate firewall change requests and assess organizational risk
• Communicates alerts to agencies regarding intrusions and compromises to their network infrastructure, applications and operating systems
• Assists with the implementation of counter-measures or mitigating controls
• Ensures the integrity and protection of networks, systems, and applications by technical enforcement of organizational security policies, through monitoring of vulnerability scanning devices
• Performs periodic and on-demand system audits and vulnerability assessments, including user accounts, application access, file system and external Web integrity scans to determine compliance
• Prepares incident reports of analysis methodology and results
• Provides guidance and work leadership to less-experienced technical staff members
• Maintains current knowledge of relevant technology

Skills: Incident Response, IDS Monitoring, Intrusion Analysis, Firewall Evaluation, Threat Communication, Mitigation Implementation, Vulnerability Scanning, System Auditing

• Develop documentation to support the validation and authorization of specific systems and applications, including a security plan, security performance test plan, security test and evaluation (ST&E) and supporting documentation
• Evaluate system security plans and procedures, addressing IT out-of-compliance issues, preparing, implementing, monitoring, and updating project plans
• Develop Plans of Action and Milestones (POA&Ms) to correct findings of non-compliance
• Develop a Corrective Action Plan (CAP) for any deficiencies identified during continual monitoring, ST&E, or self-assessments
• Initiate, direct and participate in the full life cycle of cyber security appraisals and network penetration testing of geographically dispersed and operationally diverse agency facilities
• Develop and recommend new and/or revised inspection, evaluation, and penetration testing methodologies for cybersecurity appraisals
• Provide recommendations on implementation strategies and policy recommendations based on industry best practices and governing directives
• Assist the Division by conducting research, conducting investigations of cyber events to include those that potentially violate regulatory requirements
• Collaborate with senior leadership, departmental and contractor managers and staff in scheduling, planning, coordinating, and implementing the agency's cybersecurity programs

Skills: Security Documentation, Compliance Evaluation, POA&M Development, CAP Creation, Penetration Testing, Cyber Appraisals, Policy Recommendations, Incident Investigation

• Support the development of program security documentation and continuous monitoring for covered contractor information systems (CCIS) that hold covered defense information (CDI)
• Execute and support security testing and evaluation to ensure the correct implementation of security requirements
• Capturing and refining information protection requirements to ensure successful system integration
• Integrate security functional requirements into existing acquisition lifecycle phases, milestones, and documents using systems engineering principles and methodologies
• Coordinates activities with assessment and authorization stakeholders
• Conducting security control assessments and performing all activities including reviewing SSPs, conducting interviews, gathering Evidence and creating SARs
• Maintaining a vulnerability management process for the Agency,
• Coordinating data calls (FISMA, FMFIA, BDR, etc.) and managing monthly reports
• Developing recommendations for security issues and vulnerabilities identified during security control assessments
• Managing POA&Ms including milestone creation and update, POA&M Auditing and closure
• Reviewing security policy and procedural documentation based on NIST guidance
• Analyzing vulnerabilities and other findings,
• Providing administrative support to Xacta users, and CDM implementation and support

Skills: Security Documentation, Control Assessment, Vulnerability Management, POA&M Management, NIST Compliance, System Integration, SAR Creation, Xacta Support

• Engage with stakeholders, including the DAIS Accreditor and Security Assurance Coordinator
• Ensure that the security solution is accreditable whilst imposing minimal burdens on the development programme and end users
• Identifying security risks within complex systems, products and solutions
• Ensuring that those risks are addressed by the implementation and delivery of effective and balanced security controls and mitigations to address the risks
• Ensure that the security requirements are incorporated into the systems as part of an overall systems engineering approach
• Develop security architectures and review of design and implementation
• Engaging with stakeholders, engineering teams and subcontractors to provide direction, guidance and support on acceptable and balanced information security solutions
• Develop the accreditation document set to MoD standards
• Liaison with customers, accreditors and technical authorities
• Perform and contribute to trade studies that impact information assurance
• Develop programme plans and cost estimates in support of both current programmes and bids and proposals

Skills: Stakeholder Engagement, Risk Identification, Security Mitigation, Systems Integration, Security Architecture, Accreditation Support, Trade Analysis, Cost Estimation

• Providing technical guidance to projects regarding the systems Assessment and Authorization (A&A) process
• Facilitating Joint Test Teams (JTT) for Amazon Web Services (AWS)
• Providing technical resources with security best practices documented via policies and standards
• Performing risk assessments and executing tests of data processing systems to ensure the functioning of data processing activities and security measures
• Documenting computer security and emergency measures policies, procedures, and tests
• Advising and consulting on all Chief Information Officer (CIO) project-related information security issues, control gates, and the security review processes in place within the sponsors
• Evaluating emerging and available INFOSEC technologies to enable the sponsor’s systems and users to securely share information with customers and the IC
• Performing risk analysis of tested and evaluated networks and systems
• Integrating security processes and architectures to address the CIO, sponsor, and IC information security issues and concerns
• Developing plans to safeguard computer files against accidental or unauthorized modification, destruction, or disclosure, and to meet emergency data processing needs
• Reviewing violations of computer security procedures and discussing procedures with violators to ensure violations are not repeated
• Preparing information security policy recommendations for presentation to the sponsor’s security boards
• Evaluating emerging INFOSEC requirements and technologies
• Providing INFOSEC engineering support to CIO projects, including the evaluation of proposed analytic tools
• Identifying viable INFOSEC architectures and designs
• Analyzing and defining security requirements for multilevel security (MLS) issues
• Designing, developing, engineering, and implementing solutions to MLS requirements
• Preparing systems security plans, security assessment reports, risk assessment reports, customer responsibility matrices, and security incident response SOPs
• Preparing security assessment criteria
• Participating in security testing and assessments
• Preparing and presenting briefing material

Skills: A&A Guidance, Risk Assessment, AWS Testing, INFOSEC Evaluation, Security Architecture, Policy Development, MLS Solutions, Security Briefing

• Provide expert knowledge of the cybersecurity and information assurance requirements based upon the applicable DOE, NNSA and (in some cases) other Government agency requirements
• Support cyber security risk assessment activities 
• Recommending and implementing risk assessment methodologies that address the analysis of threats, vulnerabilities, and environments
• Calculate mitigated risk based on the implementation of the appropriate federally-recognized security controls, and comprehensively and accurately identify residual risks
• Provide personnel certified to perform duties as Communications Security (COMSEC) Custodians and COMSEC Operators with respect to the National Security Agency-approved classified encryption
• Provide technical and programmatic support on issues of red-black separation
• Conduct site inspections and self-assessments and evaluate implementations based on applicable DOE directives
• Develop and recommend cyber security/information assurance strategies that effectively integrate operational, administrative, procedural, technical and training measures in a cost-effective manner
• Develop documentation to support the validation and authorization of specific systems and applications, including a security plan, security performance test plan, security test and evaluation (ST&E) and supporting documentation
• Perform continual monitoring to obtain and maintain system authorization to operate for specific systems and applications
• Draft specific cybersecurity work instructions, manuals and procedures
• Support incident response, reporting, and handling activities in the identification and resolution of cybersecurity incidents and incidents of security concern involving computing activities and functions
• Compile responses to data calls and support other performance metric activities, including the input and management of IT asset information and vulnerability information into the NNSA/DOE enterprise Archer database
• Support disaster recovery, business continuity and continuity of operations planning, testing and implementation
• Recommend technical approaches that effectively balance risk and cost and when directed, implement specific technical protections (e.g., audit log management, vulnerability assessment, access control, encryption, etc.)
• Develop and deliver or support specific cybersecurity training to meet regulatory and organizational requirements, such as initial and annual user security awareness and system security officer/system administrator security training for all OST personnel

Skills: Risk Assessment, Residual Risk Analysis, COMSEC Support, Site Inspections, Security Strategies, ST&E Documentation, Incident Response, Disaster Recovery

• Technical understanding of supporting security initiatives, conducting security monitoring, reporting and maintaining security compliance following security regulations and policies
• Experience with Security Engineering and Architecture, Certification and Accreditation, Vulnerability Assessment, Incident Management, Vulnerability Management, Security Operations, and Policy and Program Development
• Ability to lead and work in a matrix organization and communicate effectively with peers, subordinates and program leadership
• Able to mentor and review the work of junior team members
• Able to lead cybersecurity tasks and collaborate with customers, stakeholders, and team members
• Familiarity with DIACAP and/or RMF
• Experience with ITIL processes and/or ITIL Foundation V3/4 certification
• Ability to drive innovation independently 
• Must have a passion to improve at every opportunity
• Proven ability to credibly coordinate between technical teams and business stakeholders

Qualifications: BS in Network Engineering with 5 years of Experience

• Experience designing, developing, implementing, and enforcing security requirements
• Expertise in preparing Security Test and Evaluation plans
• Experience developing security plans and contingency plans
• Familiar with developing, testing, and integrating security tools
• Familiar with configuring and installing the tools
• Technical experience and certification in one or more of the following areas: Windows environments, Linux, networking, containers/ virtualization, DevSecOps, or database administration
• Familiar with UCDSMO (Unified Cross Domain Services Management Office) and/or TSABI (Top Secret SCI and Below Interoperability) information assurance
• Ability to be agile and work on multiple projects regarding the implementation of systems
• Understand the impacts of key deliverables that they are responsible for and adjust accordingly
• Excellent verbal and documentation skills
• Experience in using business productivity tools such as Microsoft Office (Excel, Outlook, OneNote) to keep track of assigned tasks
• Experience with surface sonar military weapons systems or military weapon systems in general

Qualifications: BS in Information Security with 8 years of Experience

• Working experience in Information Assurance 
• Must have CISSP Certification
• Experience with NIST 800.53, current revision
• Experience with ICD 503 and 507 guidelines
• Experience with DoD Risk Management Framework
• Experience with vulnerability identification and remediation
• Strong written and oral communication skills
• Experience with NESSUS vulnerability scanning
• Experience with Splunk log correlation engine
• Experience with McAfee endpoint protection
• Experience patching servers and network devices
• Familiar with IC incident reporting procedures
• Experience performing data collection and analytics using User Activity Monitoring tools

Qualifications: BS in Software Engineering with 7 years of Experience

• Must have an Active Certified Information Systems Security Professional (CISSP) Certification (e.g., DoD 8570.01 IAT Level III certification)
• Experience in Information Assurance Engineering and/or Cybersecurity Risk Management Framework (RMF) requirements
• Excellent interpersonal skills with the ability to work both independently and within a team environment
• Knowledge of computer networking and computer security processes
• Experience with OS Environments such as Windows, Linux (RHEL), Unix
• Experience with Cybersecurity applications and tools (e.g., Splunk)
• Possess additional security certifications such as CISSP, CISA, CIMS, CAP, CEH, Security+
• Experience working with Computer Security, Cybersecurity, and ISSM/ISSO personnel
• Strong interpersonal and communication skills

Qualifications: BA in Intelligence Studies with 5 years of Experience

• Experienced with the application of the IASRD to the handheld radio domain
• Experience with the NSA embedment process
• Familiar with the operation, use, and waveform details of legacy military voice and data communications equipment
• Working experience in Security Software Design/Development
• Understanding of network security
• Experience working with open source software and open source compliance
• Experience with Fuzz Testing and Penetration Testing
• Experience working with the Risk Management Framework
• Working knowledge of Multilevel Secure Operating Systems and their associated concepts
• Must understand the Common Criteria, EAL Levels, Protection Profiles, Security Targets, Trust Anchors and Reference Monitors
• Experience with FIPS 140-2 and Commercial Solutions for Classified (CSfC)
• Experience with Anti-Tamper design principles, COMSEC and TRANSEC cryptographic algorithms and key management protocols and interfaces
• Familiar with common PC engineering software and requirements management software

Qualifications: BS in Information Assurance with 9 years of Experience

• Must have CompTIA Sec+ CE or equivalent certification
• Working knowledge of Scaled Agile Framework (SAFe) process, Kanban Framework, or Waterfall methodologies and how to utilize these within day-to-day activities
• Ability to work collaboratively across the various Agile Release Trains (ARTs)
• Familiarity with SCADA systems, security, SAFe 4.5 certified Agilist
• Experience developing reports and documentation using Tenable's Security Center
• Experience supporting ISSOs or acting as one
• Familiar with NIST publications, specifically RMF and NIST controls
• Experience working with ACAS (Assured Compliance Assessment Solution)
• Must have and maintain a DOD 8570 IAT Level II certification

Qualifications: BS in Applied Mathematics with 5 years of Experience

• Experience working in an Agile-based team to develop Epics and User Stories, defining measurable acceptance criteria, developing mission use cases, and developing test cases and procedures
• Experience with DevOps and Core Knowledge of Automated Deployment, Continuous Integration, and Continuous Deployment technologies
• Experience with Cloud Technologies, Amazon Web Service (AWS) / Commercial Cloud Services (C2S)
• Experience installing, configuring, administering, and troubleshooting Red Hat Enterprise Linux server environments to include common technologies such as VMWare ESXi, JBoss, Postfix, JMS, MySQL, and server clustering
• Experience integrating related technologies such as PuriFile, ArcGIS, and ELK
• Extensive Experience administering and tuning highly available web applications/services using technologies such as JBoss, MySQL, JMS, Apache Zookeeper, Apache Storm, NFS, Logging, NiFi, etc.
• Proven experience with providing Infrastructure as Code and automation approaches using SaltStack, Python, and managing infrastructure components via REST APIs
• Experience supporting Java, J2EE, SOA, Web Services and related Architecture Frameworks
• Experience with IT security architecture, computer technology, design, standards, and products
• Excellent oral and written communication skills
• Demonstrated ability to explain complex technical issues to non-technical staff

Qualifications: BA in Political Science with 9 years of Experience

• Experience with ACAS
• Must hold an Active Secret Clearance
• Experience with Risk Management Frameworks (NIST and/or Fed RAMP) in complex system and organizational environments
• Experience with Fed RAMP and similar A&A requirements
• Experience with USG IT security policies
• Experience with Cross Domain platform security and other Fed RAMP security experience
• Must have Certified Information System Security Professional (CISSP) certification
• Must be able to obtain, maintain and/or currently possess a security clearance
• Strong written and oral communication skills
• Must be proficient in MS Office tools
• Experience with space command or other air force/DoD information systems
• Familiarity with DoD cyber regulations and instructions, including DoDI 8580.01, DoDI 8500.01, and DoDI 8510.01
• Experience with DoD RMF and accreditation processes

Qualifications: BA in Cyber Policy with 8 years of Experience

• Experience supporting cyber security and systems engineering on space/ground programs
• Experience with DoD Cybersecurity and/or Information Assurance Strategy development
• Must have Security+ CE Certification 
• Experienced with NIST 800-53 rev. 4 and FISMA Compliance
• Excellent communication skills, both verbal and written, internal and customer-facing
• Excellent time management skills
• Ability to obtain a secret clearance
• Able to obtain broadband Internet access in their remote office 
• Certified Information Systems Security Professional (CISSP) Certification
• Deep understanding of cybersecurity and information assurance, to include STIG implementation and POA&M models

Qualifications: BS in Information Systems with 7 years of Experience

• Experience in security engineering in mid to large environments
• Experience with designing architectures and frameworks
• Experience with identifying and resolving issues with security vulnerabilities and working to ensure developers incorporate security fixes
• Knowledge of system design tools, methods, and techniques, including automated systems analysis and design tools
• Knowledge of network security architecture concepts, including topology, protocols, components, and principles, including the application of defense-in-depth
• Knowledge of network systems management principles, tools, models, and methods, including end-to-end systems performance monitoring
• Ability to obtain a Security+ CE, SSCP, CCNA-Security, or GSEC Certification within 6 months of hire 
• Experience with Agile development
• Ability to apply system design tools, methods, and techniques, including automated systems analysis and design tools
• Must have Security+ CE, SSCP, CCNA-Security, or GSEC Certification

Qualifications: BS in Electrical Engineering with 6 years of Experience

• Must have knowledge and experience with implementing DoD and IA requirements and certification process (RMF)
• Must have industry certifications such as Microsoft, Cisco, NetApp, and VMware
• Experience with Army Biometrics Automated Toolset (BAT-A)
• Experience with PowerPoint, Excel, Active Directory, SharePoint and Visio
• Experience with vulnerability management, patch management and configuration management best practices
• Knowledge and understanding of the system development lifecycle
• Experience working with Federal Information Security Management Act (FISMA) requirements, and National Institute of Standards and Technology (NIST) guidelines
• Understanding of attack vectors and methodologies
• Knowledge of and experience with applying Common Weakness Enumeration (CWE) and Common Vulnerability Scoring System (CVSS)
• Experience working with perimeter technologies (e.g., firewalls, proxies, NIDS) and vulnerability management tools
• Working knowledge of CMMI
• Working knowledge of ITIL

Qualifications: BS in Computer Science with 8 years of Experience

• Familiarity with the Risk Management Framework (RMF), relevant NIST publications, FIPS guidelines, and other IT security policies
• Experience conducting security control assessments of NIST SP 800-53, Revision 4 controls
• Experience supporting the Federal Government
• Written and oral communication skills
• Ability to communicate complex technical issues to non-technical staff
• Demonstrated ability to prioritize and manage competing work assignments in a time-sensitive environment
• Ability to identify, analyze and communicate information security vulnerabilities
• Ability to weigh business risks and enforce appropriate information security measures
• Experience with composing professional email correspondence
• Demonstration of ability to solve problems using best practices and a systematic approach

Qualifications: BS in Software Engineering with 7 years of Experience

• Experience with eMASS, Xacta IA Manager, vulnerability scanning using ACAS, EMSEC, and COMSEC
• Strong working knowledge of RMF and ACAS
• Ability to work well with others
• Exceptional organizational skills
• Familiarity with the DoD environment
• Directly related experience supporting IA and RMF-related tasks
• Experience with systems accreditation processes
• Experience with Compliance Assessment Solution (ACAS) scans or other vulnerability scans and patching
• Experience with assessing security controls and DISA Security Technical Implementation Guide (STIGs)
• Knowledge of DoD and Army network security
• Excellent communication, customer service and collaboration skills
• Working experience in HBSS or ArcSight administration 

Qualifications: BS in Artificial Intelligence with 8 years of Experience

• Experience with HP Fortify, HBSS, Nessus/ACAS, DBProtect, AppDetective or other vulnerability scanning applications
• Experience with performing IAVA remediation and maintaining compliance on various Windows and Red Hat systems
• Strong use and understanding of systems engineering concepts, principles, and theories
• Basic experience with Linux CLI and Clair image scanner
• Strong understanding of cyber security specifications such as Risk Management Framework (RMF), DIACAP, STIGs and other government security specifications and guidelines
• Strong knowledge of cybersecurity technology and trends
• Able to sell concepts and ideas
• Effective in communicating issues, impacts, and corrective actions as they affect the cyber design and implementation
• Strong ability in reporting relevant cyber systems engineering design
• Ability to lead security work groups
• Able to contact project leaders and other professionals within the Engineering department and with project teams

Qualifications: BA in Emergency Management with 9 years of Experience

• Experience designing, developing, implementing, and enforcing cybersecurity requirements
• Expertise in preparing cybersecurity Security Test and Evaluation plans
• Must have provided certification and accreditation support
• Experience developing cybersecurity plans and contingency plans
• Familiar with developing, testing, and integrating cybersecurity tools as well as configuring and installing the tools
• Skilled in conducting security audits and developing mitigations to identified risks
• Experience with Risk Management Framework (RMF)
• Experience with reviewing system security audit logs and risk assessment analysis
• Ability to comfortably interact and provide recommendations to high-level commanders/executives in a conservative manner
• Understanding and experience with large, complex IT projects and organizations

Qualifications: BS in Computer Engineering with 6 years of Experience