Job Summary: 

• Perform a Security Impact Assessment for all application and environment updates
• Counsel to ensure auditing, testing, preventive and reactive measures are being adequately implemented for systems with an active Authorization to Operate (ATO)
• Develop an in-depth understanding of customer requirements to quantify security and application risks, and perform impact assessments
• Reviews, testing, and implementation of security requirements within project plan timelines
• Research and track security standards, policies, and procedures
• Knowledge of other NIST Special Publications and Federal Information Processing Standards (FIPS)
• Review and verify that policies and procedures are developed in line with all applicable federal and security standards and regulations
• Maintain, track, and communicate detailed project tasks
• Review security scans, advise on triaging vulnerabilities
• Provide recommendations on mitigating security risks
• Assists Information Systems Security Managers (ISSMs) in developing documentation and collecting artifacts necessary for the project’s ATO
• Conduct continuous monitoring and reporting of security control implementations

Skills on Resume: 

• Security Assessment (Hard Skills)
• Risk Analysis (Hard Skills)
• Policy Review (Hard Skills)
• Vulnerability Management (Hard Skills)
• Compliance Knowledge (Hard Skills)
• Project Tracking (Soft Skills)
• Continuous Monitoring (Hard Skills)
• Documentation Support (Soft Skills)

Job Summary: 

• Responsible for developing and managing Information Systems security, including disaster recovery, database protection and software development
• Manages IT security analysts to ensure that all applications are functional and secure
• Responsible for the development, implementation and execution of an organizational Network Defense strategy that is compliant with all local, state, and federal guidelines for Information Systems and Security
• Performs an independent assessment of the information security posture of an organization using applicable tools
• Assesses information network threats such as computer viruses and cyber threats
• Manages the operation of vulnerability assessment equipment in support of penetration analyses
• Prepares evaluation reports and recommends remedial action
• Directs the work of other engineers performing a variety of information security tasks
• Review the work of others and be able to detect errors or modifications

Skills on Resume: 

• Information Security (Hard Skills)
• Disaster Recovery (Hard Skills)
• Network Defense (Hard Skills)
• Threat Assessment (Hard Skills)
• Vulnerability Analysis (Hard Skills)
• Technical Leadership (Soft Skills)
• Report Preparation (Hard Skills)
• Quality Review (Soft Skills)

Job Summary: 

• Assist the 59th Medical Wing Chief Cyber Security Officer in the implementation and enforcement of the prudent system security measures for the entire network 
• Contribute to the management and operation of Internet Security Scans and be capable of utilizing technical security tools such as Wireless Enterprise Protocols
• Validate the deployment and implementation of anti-virus software on servers and PCs
• Assist in troubleshooting processes to include HTTP, https, SNMP, and SMTP and security methods associated with networked computer environments
• Assist in providing training tools for users to accomplish Cyber Awareness Training
• Take part in audits with the Government Information Assurance Officer (IAO) and Information Assurance Managers (IAM)
• Track and monitor reports when action items are identified during an internal or external audit/inspection
• Receive and help AETC Inspector General (IG) Inspectors and AETC Information Assurance personnel during Operational Readiness Inspection (ORI)/IG inspections
• Assist in reviewing user agreements for accuracy including network access requirements, i.e., current IA Client-Based Training (CBT) licensing for users
• Conduct vulnerability scans and mitigation of vulnerabilities IAW applicable publications and Security Technical Implementation Guides (STIGS)

Skills on Resume: 

• Cyber Enforcement (Hard Skills)
• Security Scanning (Hard Skills)
• Virus Protection (Hard Skills)
• Protocol Troubleshooting (Hard Skills)
• User Training (Soft Skills)
• Audit Support (Soft Skills)
• Access Review (Hard Skills)
• Vulnerability Mitigation (Hard Skills)

Job Summary: 

• Perform vulnerability/risk analyses of computer systems and applications during all phases of the system development life cycle
• Prepare certification and accreditation documentation and procedures
• Work with Information Assurance (IA) on categorizing applications and completing all documentation to meet IA’s strict security scoring and requirements
• Work with Information Resource Management’s Cloud Computing Governance Board when submitting applications for approval
• Identify and protect various levels of Personally Identifiable Information (PII) to ensure security safeguards are applied
• Implement the guidance on efforts regarding Information Assurance functions, particularly those focusing on strategic planning, infrastructure protection, defensive strategy, and continuing IT operations
• Contribute to security planning, assessment, risk analysis, risk management, certification, and awareness training
• Monitor and suggest improvements to policy
• Ensure the overall security posture of the network
• Perform and analyze reports from vulnerability assessment scanners, patch management tools, and emerging threat information
• Perform risk assessment and review
• Provide expert advice on mitigation and remediation of security vulnerabilities
• Provide technical guidance on IA matters

Skills on Resume: 

• Risk Assessment (Hard Skills)
• Security Planning (Hard Skills)
• Cloud Governance (Hard Skills)
• PII Protection (Hard Skills)
• IA Strategy (Hard Skills)
• Policy Review (Soft Skills)
• Threat Monitoring (Hard Skills)
• Technical Advising (Soft Skills)

Job Summary: 

• Responsible for Managing Security Remediations, personally handling the implementation of Network Access Control, and acting as team lead and customer POC
• Lead and manage the security remediation team responsible for addressing specific security issues
• Develop ATO package documentation including including but not limited to Systems Security Plans, Disaster Recovery Plans, and Business Impact Assessments
• Implement a Network Access Control (NAC) solution to provide detection, alerting, and quarantine of new network devices
• Implement Deny-by-Default configurations on NAC solutions to ensure that unknown devices are not granted access to interface with other machines
• Lead the team in the areas of vulnerability management, NIST, FISMA, FedRAMP, information security concepts, network, system, and vulnerability exploitation techniques and security system defense concepts
• Work effectively with Information Security tools in a large, complex, multi-platform environment
• Manage and implement monitoring capabilities to notify administrators when new devices have been connected to the network
• Identify and document necessary firewall configurations to enable desired routing
• Design subnets and VLANs to implement network segment isolation
• Manage and administer Ubiquiti wireless network access points
• Implement secure configurations for hardware and software, vulnerability scanning, remediation, and IT security principles in general
• Develop ATO packages, document the findings in the Plan of Action and Milestone (POA&M), present the documentation package to the Agency and address any observations made by the Agency to the documentation package
• Align ATO with all pertinent Federal mandates related to the development of an ATO including the Federal Information Security Management Act (FISMA), OMB A-130, NIST FIPS, and NIST 800 series
• Implement NAC solution that meets all relevant federal standards including NIST SP 800-53r4 SI-4 (4)(18), SC-7(10)

Skills on Resume: 

• Security Remediation (Hard Skills)
• NAC Implementation (Hard Skills)
• ATO Development (Hard Skills)
• Vulnerability Management (Hard Skills)
• Firewall Configuration (Hard Skills)
• Network Design (Hard Skills)
• Wireless Management (Hard Skills)
• Team Leadership (Soft Skills)

Job Summary: 

• Help determine, plan, and coordinate the IT security programs and policies
• Provide direction and support for a program, organization, system, or enclave’s information assurance program
• Manage and control changes and assess the security impact
• Perform continuous monitoring and reporting for systems
• Prepare and maintain the Security documentation
• Serve as the initial security Approval Authority
• Utilize COTS/GOTS to communicate system status and compliance
• Support AO/DAO, SCA, and ISSM on system Assessment and Authorization (A&A) duties to obtain and maintain ATOs
• Conduct a daily review of and respond to security-related tickets

Skills on Resume: 

• Security Planning (Hard Skills)
• Program Support (Soft Skills)
• Change Control (Hard Skills)
• System Monitoring (Hard Skills)
• Documentation Management (Hard Skills)
• Security Approval (Soft Skills)
• Compliance Tools (Hard Skills)
• Ticket Response (Soft Skills)

Job Summary: 

• Ensure that security requirements for information systems meet FISMA requirements
• Develop policies and procedures to ensure information systems' reliability and accessibility and to prevent and defend against unauthorized access to systems, networks, and data
• Support customers in the development and implementation of doctrine and policies
• Assist with the preparation of the Security Assessment Plan
• Conduct vulnerability analysis to support mitigation and residual risk determination
• Support the continuous monitoring program
• Ensure that related artifacts are created and maintained in the Cyber Security Assessment and Management (CSAM) system to support the authorization to operate
• Participate in network and systems design to ensure implementation of appropriate systems security policies
• Assess security events to determine impact and implement corrective actions
• Examine and draft documentation and assist in implementing and maintaining up-to-date security documents, support Information Security and Assurance
• Manage Plans of Action and Milestones (POA&Ms) using Cyber Security Assessment and Management (CSAM) or other enterprise application provided by the Government
• Assist the Federal System Owner (FSO) with duties
• Works independently or as a member of a team

Skills on Resume: 

• FISMA Compliance (Hard Skills)
• Policy Development (Hard Skills)
• Risk Mitigation (Hard Skills)
• Continuous Monitoring (Hard Skills)
• CSAM Management (Hard Skills)
• System Design (Hard Skills)
• Security Documentation (Hard Skills)
• Team Collaboration (Soft Skills)

Job Summary: 

• Interface with IA/ISSO colleagues from other programs
• Create and maintain Authorization and Accreditation (A&A) packages to include System Security Plans, Contingency Plans, Incident Response plans, SOPs, MOUs, and other accreditation documentation
• Oversee communication and enforce security policies, procedures and safeguards for all systems and staff, based upon NIST 800-53 Rev 4 or Rev 5
• Guide on all matters relating to information security as a subject matter expert
• Provide support for implementing and enforcing information systems security policies, standards, and methodologies
• Responsible for tracking/updating POA&Ms, running vulnerability scans, configuring systems to meet Federal Accreditation requirements, reviewing scan results, working with system owners and managers to mitigate vulnerabilities
• Conduct periodic tabletop or drill exercises for Contingency or Incident Response plans
• Identify, report, and resolve information security incidents and violations
• Maintain awareness of emerging INFOSEC technologies to enable the program's systems and users to quickly adapt to new technologies
• Attend meetings with the Chief Technical Officer (CTO) and work to move documentation through the accreditation process
• Assist with Technical Documentation for R&D for the program
• Interface with IA/ISSO colleagues from other programs

Skills on Resume: 

• Authorization Packages (Hard Skills)
• Policy Enforcement (Hard Skills)
• NIST Compliance (Hard Skills)
• Security Advisory (Soft Skills)
• Vulnerability Tracking (Hard Skills)
• Incident Response (Hard Skills)
• Emerging Tech Insight (Soft Skills)
• R&D Documentation (Soft Skills)

Job Summary: 

• Develops and conducts incremental Information Assurance self-assessments for each software delivery to ensure systems meet documented requirements
• Meets with government ISSO to discuss and plan remediation of IA vulnerabilities and creates POA&M responses to open items
• Reviews existing Information Assurance documentation and assists in making refinements, reducing operating time, and improving current techniques
• Support and regularly maintain RMF Documentation
• Conducts research and analyzes technology information relative to Information Assurance and security for the JFW
• Regularly conducts security tests of the JFW to ensure ISSO and STIG compliance in accordance with JFW system requirements
• Prepare and communicate Scan Analysis Result Reports for project management
• Review IAVAs weekly and assess the impact on JFW
• Assesses and mitigates system security threats and risks throughout the program life cycle
• Validates system security requirements definition and analysis
• Establishes system security designs
• Implements security designs in hardware, software, data, and procedures
• Verifies security requirements and performs system certification and accreditation planning and testing and liaison activities
• Supports secure systems operations and maintenance

Skills on Resume: 

• IA Assessment (Hard Skills)
• POA&M Management (Hard Skills)
• Documentation Review (Hard Skills)
• RMF Support (Hard Skills)
• Security Testing (Hard Skills)
• Scan Reporting (Hard Skills)
• Threat Mitigation (Hard Skills)
• System Certification (Hard Skills)

Job Summary: 

• Maintain compliance of the IGC program utilizing Risk Management Framework (RMF) in accordance with National Institute of Standards and Technology Special Publication 800-37 (NIST SP 800-37)
• Access the Information Assurance Support Environment (IASE) Security Technical Implementation Guide) STIG repository to download, benchmarks, STIGs and tools
• Utilize the STIG Viewer to create checklists, analyze vulnerabilities, determine findings and prepare remediation and mitigation strategies for RMF Continuous Monitoring requirements
• Review weekly USCYBERCOM Information Assurance Vulnerability Alerts and Bulletins (IAVAs and IAVBs) for applicable vulnerabilities
• Submit weekly Information Assurance Vulnerability Management (IAVM) reports and prepare IAVM and non-IAVM patch packages for manual patch application by system administrators
• Analyze Assured Compliance Assessment Solution (ACAS) scans using the Enterprise Security Posture System (ESPS) and report IAVM and non-IAVM vulnerabilities to system administrators to ensure systems are patched before remediation due dates
• Maintain quarterly RMF STIG Plan of Action and Mitigation (POA&M) and weekly IAVA POA&M
• Install Microfocus Fortify Scan Engine/Rulepack updates to ClearCase
• Scan/Analyze IGC code utilizing Microfocus Fortify and collaborate with customer/developers to mitigate/remediate security findings
• Prepare and deliver IGC releases for Government security approval
• Prepare and update RMF documentation as part of Continuous Monitoring
• Develop metrics for measuring and improving the effectiveness of the IGC security plan
• Manage secure systems and security containers in a classified environment
• Communicate directly with military, other contractors, and Government personnel
• Prepare and lead weekly Information Assurance meeting
• Collaborate with developers and engineers to advise on secure system configurations
• Provide Vulnerability Assessments with recommended mitigation/remediation steps
• Additional duties may include supporting Technical Writing, Systems Analyst/Administration, Tier 2 Help Desk, Test Engineering, and Development
• Tailor Leidos Engineering procedures to meet program requirements and standards
• Support proposal efforts and other tasks

Skills on Resume: 

• RMF Compliance (Hard Skills)
• STIG Analysis (Hard Skills)
• Vulnerability Reporting (Hard Skills)
• ACAS Scanning (Hard Skills)
• Code Scanning (Hard Skills)
• Secure Collaboration (Soft Skills)
• IA Meetings (Soft Skills)
• Technical Support (Soft Skills)

Job Summary: 

• Provides technical and programmatic Information Assurance Services to internal and external customers in support of network and information security systems
• Designs, develops and implements security requirements within an organization's business processes
• Prepares documentation from information obtained from the customer using accepted guidelines such as RMF (Risk Management Framework)
• Provides assessment and authorization (A&A) support in the development of security and contingency plans and conducts complex risk and vulnerability assessments
• Analyzes policies and procedures against Federal laws and regulations and provides recommendations for closing gaps
• Develops and completes system security plans and contingency plans
• Recommends system enhancements to improve security deficiencies
• Develops, tests and integrates computer and network security tools
• Secures system configurations and installs security tools, scans systems to determine compliance and report results and evaluates products and aspects of system administration
• Conducts security program audits and develops solutions to lessen identified risks
• Develops strategies to comply with privacy, risk management, and e-authentication requirements
• Provides information assurance support for the development and implementation of security architectures to meet new and evolving security requirements
• Evaluates, develops and enhances security requirements, policy and tools
• Provide aid in computer incident investigations
• Performs vulnerability assessments including the development of risk mitigation strategies

Skills on Resume: 

• IA Services (Hard Skills)
• Security Design (Hard Skills)
• RMF Documentation (Hard Skills)
• Risk Assessment (Hard Skills)
• Policy Analysis (Hard Skills)
• Tool Integration (Hard Skills)
• Incident Support (Soft Skills)
• Mitigation Strategy (Hard Skills)

Job Summary: 

• Implements operating systems and network devices security configuration in accordance with DISA-approved security technical implementation guides and Security Requirement Guides
• Performs Cybersecurity assessment procedures, security audits and risk analysis
• Develop and update Program Protection Plans, Cybersecurity Strategies, and other security-related acquisition documentation in support of programs
• Ensure that security-related provisions of the system acquisition documents meet all identified security needs
• Develops mitigation strategies for DoD information systems
• Prepares RMF artifacts and Memoranda of Agreement (MoA) with system owners for interface and networking implementations
• Develops cybersecurity-related acquisition documents
• Identifies Common Criteria and National Information Assurance Partnership (NIAP) certified technologies
• Evaluates Program Cybersecurity products in use by programs to validate compliance with DoD/DoN requirements
• Participates in FLTCYBERCOM Designated Accrediting Authority collaboration calls
• Lead task and oversee the work of the team

Skills on Resume: 

• System Hardening (Hard Skills)
• Security Audits (Hard Skills)
• Protection Planning (Hard Skills)
• Acquisition Support (Hard Skills)
• Risk Mitigation (Hard Skills)
• RMF Artifacts (Hard Skills)
• Compliance Evaluation (Hard Skills)
• Team Oversight (Soft Skills)

Job Summary: 

• Contribute to the roadmap for technology improvement recommendations, insertion, and transition associated with the project technology
• Contribute to gap analysis to identify documentation to improve the effectiveness and efficiency of transition to production and fielding, including maintaining the technology throughout its lifecycle
• Support the planning of the entire lifecycle of the technology implementation to develop a well-planned systems engineering approach that includes cybersecurity
• Draft and provide recommendations on a wide variety of documents related to project technology, IAW DoD and DoN directives and instructions
• Research evolving emerging technologies and develop approaches related to project technology to significantly enhance the functionality and capability of both manned and unmanned platforms
• Support trade studies, engineering, technical analyses, and assessments for tasks in support of various UAS Navy platforms including legacy systems and new technology systems
• Apply engineering and analytical disciplines to verify that the processes and products used in the design, development, fabrication, and installation of prototypes comply with applicable cybersecurity specifications and Configuration Management (CM) plans
• Evaluate designs for new product development and for improvements to existing items for project technology for cybersecurity issues
• Evaluate engineering designs, hardware conceptualization, prototyping, and review of the overall product while accounting for cybersecurity requirements and supportability
• Evaluate prototypes of hardware based on reverse engineering for cybersecurity issues
• Assess proposed engineering changes, perform feasibility studies, and investigate and resolve hardware system security issues in the areas of technology application and insertion and also in the areas of product performance and reliability
• Perform cybersecurity assessments of rapid prototyping techniques to develop quick-reaction proof-of-concept prototypes of systems, subsystems, and components
• Support execution of rapid prototyping techniques to develop systems, subsystems, circuit cards, and assemblies, including any software, firmware, and algorithms for their operation

Skills on Resume: 

• Tech Roadmapping (Soft Skills)
• Gap Analysis (Hard Skills)
• Lifecycle Planning (Hard Skills)
• Document Drafting (Soft Skills)
• Emerging Tech (Hard Skills)
• Trade Studies (Hard Skills)
• Design Evaluation (Hard Skills)
• Rapid Prototyping (Hard Skills)

Job Summary: 

• Reviews regulatory security policies, as well as best practices, and develops the technical solution to implement those requirements on servers, routers, firewalls and other LAN/WAN equipment
• Works with System and Network Administrators to monitor the security posture of all networked systems and applications and take appropriate steps to quickly deal with any vulnerabilities
• Provides system, network, and security engineering expertise and guidance for all aspects of information assurance, including those systems to meet DoD regulations and requirements
• Supports the year-round work of maintaining security posture to meet DoD RMF requirements
• Ensures technical system documentation required for A&A packages are complete and clearly supports validation and ATO in accordance with system security requirements
• Works with IA artifacts and tooling to including vulnerability testing and related network/system test tools, e.g., Retina, Nessus, STIG compliance checker, ACAS, Security Content Automation Protocol (SCAP), and more
• Performs self-assessment and hardening of system servers, applying STIGs, SCAP and ACAS scans, and other scripts
• Generate a Plan of Action and Milestones (POA&M) report and remediate findings
• Conducts security control assessments on network infrastructure and systems in support of RMF activities
• Ensures users have the requisite security authorizations and are systems and prepare security assessment reports

Skills on Resume: 

• Security Configuration (Hard Skills)
• Network Monitoring (Hard Skills)
• IA Engineering (Hard Skills)
• RMF Support (Hard Skills)
• ATO Documentation (Hard Skills)
• Tool Proficiency (Hard Skills)
• System Hardening (Hard Skills)
• Control Assessment (Hard Skills)

Job Summary: 

• Interpret NIST 800-53/CNSS 1253 to implement information assurance practices within a hosted application environment
• Proactively collaborate with various stakeholders on these changes and their impact
• Engage with the various projects to ensure the NIST 800-53 is part of the engineering design for each application
• Collaborate with team members on implementing advanced security solutions to meet the customer’s mission
• Follow industry and DHS trends and developments to ensure the engineering project's security services are consistent with, and/or superior to, industry best practices
• Document certification and accreditation activities using the prescribed templates by collaborating with engineering projects
• Conduct and mitigate vulnerability and compliance assessments on various operating systems, Internet browsers, web servers, databases, networks, and peripheral devices
• Proactively check software dependencies for changes in cyber approval status
• Ensure the software’s customer cyber approvals and paperwork are up to date to support rapid deployments
• Decompose cyber requirements into applicable implementation requirements or recommendations to the development staff

Skills on Resume: 

• NIST Implementation (Hard Skills)
• Stakeholder Collaboration (Soft Skills)
• Secure Design (Hard Skills)
• Advanced Solutions (Hard Skills)
• Industry Alignment (Soft Skills)
• Accreditation Docs (Hard Skills)
• Vulnerability Assessment (Hard Skills)
• Cyber Compliance (Hard Skills)

Job Summary: 

• Execute or support the execution of the development of program security documentation, including items such as security plans, contingency plans, and security test plans and procedures, in compliance with the IA policy
• Generate or support the generation of Assessment and Authorization (A&A) (or Certification and Accreditation (C&A) documentation for the program
• Execute or supports execution of A&A (or C&A) activities
• Execute the security testing and evaluation to ensure the correct implementation of security requirements
• Executes security scanning and the analysis of the scan results
• Support the Assessment and mitigation of system security threats and risks throughout the program life cycle
• Contribute to the completion of major programs and projects with the execution of the system security activities
• Support the cyber security mission of Distributed Ground System-Experimental (DGS-X) information systems (IS) and networks, most notably the Air Force Distributed Common Ground System (DCGS) legacy and Open Architecture (OA) enterprise
• Identify and solve technical issues relating to system hardening, ensuring system availability, integrity, authentication and confidentiality
• Perform assessment and compliance activities by using the assessment tools and procedures within the Xacta IA Manager to manage security compliance and risk, upload artifacts, and track projects as they flow through the RMF process
• Interface with the Program Management Office (PMO) and Information System Security Engineer (ISSE) while completing security controls implementation, self-compliance tests, security test plans, and creating/updating the Plan of Actions and Milestones (POA&M)
• Host and support Security Controls Assessors (SCA) in performing remote A&A events of worldwide operational DCGS sites
• Utilizing ArcSight, analyze threat reports and event monitoring to identify vulnerabilities, nonstandard events, and initiate remediation
• Provide final approval of all account creation requests, ensuring the proper documents and certificates are included

Skills on Resume: 

• A&A Documentation (Hard Skills)
• Security Testing (Hard Skills)
• Scan Analysis (Hard Skills)
• Threat Mitigation (Hard Skills)
• System Hardening (Hard Skills)
• Compliance Tracking (Hard Skills)
• Event Monitoring (Hard Skills)
• Access Approval (Soft Skills)

Job Summary: 

• Provide Cybersecurity enterprise engineering support across the Launch and Test Range System (LTRS)
• Work on multiple projects and initiatives to ensure target dates and goals are achieved
• Support DoD Assessment and Authorization (A&A) activities in accordance with the RMF process
• Develop, modify, and review A&A documentation
• Analyze the architectures of IT systems for compliance with DoD policies
• Develop and execute security test plans, and use security tools such as ACAS, SCAP, and execution of STIGs
• Assess the risk of IT systems, documenting them in formal risk assessments and supporting artifacts associated with the A&A process
• Organize, develop, and present briefings, written summaries, and written reports incorporating narrative, tabular and/or graphic elements
• Provide CS Subject Matter Expertise (SME) engineering support to project teams
• Support proposals (internal and externally funded)
• Determine the security posture and CS authorization readiness of systems and architectures
• Support of engineering design teams by assessing network and system security design features and making recommendations concerning overall security accreditation readiness and compliance with CS guidance and best practices

Skills on Resume: 

• Cyber Engineering (Hard Skills)
• Project Coordination (Soft Skills)
• A&A Support (Hard Skills)
• Architecture Analysis (Hard Skills)
• Security Testing (Hard Skills)
• Risk Assessment (Hard Skills)
• Technical Reporting (Soft Skills)
• Design Review (Hard Skills)

Job Summary: 

• Supports all authorization package ACAS-related tasks assigned to ISSEs and NQVs
• Provide the required artifacts IAW the Navy Testing Guidance and Risk Management Framework (RMF) Process Guide required for the submission of an RMF Authorization package
• Performs 90 Day Baseline Scans for each Authorization package in accordance with Navy requirements
• Provide Detailed Vulnerability List (DVL) Reports for use in the eMASS record
• Provide ACAS Summary Reports in accordance with the Navy Testing Guidance
• Conducts weekly and “As Needed” ACAS scans in support of RMF STEP 3/STEP 4 processes, vulnerability assessments and queries specifically targeting authorization package assets
• Support continuous monitoring for authorized packages and report vulnerability status of all active Enterprise Security packages
• Create asset lists using the provided hardware lists
• Performs risk analyses of computer systems and applications during all phases of the system development life cycle using the Assured Compliance Assessment Solution (ACAS) tool
• Initiates Enterprise Mission Assurance Support Service (eMASS) registrations
• Prepares, processes, updates and monitors RMF Assessment and Authorization (A&A) packages
• Ensures A&A packages are evaluated and maintained in a compliant status
• Implements and validates A&A packages to ensure security controls and vulnerabilities meet DON RMF authorization compliance requirements

Skills on Resume: 

• ACAS Scanning (Hard Skills)
• RMF Packaging (Hard Skills)
• Vulnerability Reporting (Hard Skills)
• Continuous Monitoring (Hard Skills)
• Asset Management (Hard Skills)
• Risk Analysis (Hard Skills)
• eMASS Registration (Hard Skills)
• Compliance Validation (Hard Skills)

Job Summary: 

• Performs all RMF STEPS and processes required to obtain Authorization to Operate (ATO) for multiple classified and unclassified systems
• Designs, develops, engineers, and implements cybersecurity solutions that meet DON security requirements
• Responsible for ensuring the integration and implementation of the computer system security meets Navy compliance requirements
• Identifies test requirements and tools based on system architectures
• Develops, reviews and implements security test plans and procedures
• Establishes and satisfies system-wide information security requirements based on analysis of user, policy, regulatory, and resource demands
• Supports the Government Cyber Security Managers in the development and implementation of cyber security doctrine and policies
• Manages and maintains A&A packages using eMASS and XACTA tools
• Reviews and assesses system engineering documentation (CONOPS, Contingency Plans, and installation and configuration specifications) to ensure security compliance and to identify security risks
• Prepares briefing slides, status charts and support documentation for presentation to the client
• Reviews and assess system diagrams for accuracy, consistency and traceability to hardware, ports, protocols, and services (PPS) and authorization boundaries

Skills on Resume: 

• RMF Execution (Hard Skills)
• Cyber Solutions (Hard Skills)
• System Integration (Hard Skills)
• Test Planning (Hard Skills)
• Security Analysis (Hard Skills)
• Policy Support (Soft Skills)
• eMASS Management (Hard Skills)
• Diagram Review (Hard Skills)

Job Summary: 

• Develop methods to monitor and measure risk, compliance, and assurance efforts
• Develop specifications to ensure risk, compliance, and assurance efforts conform with security, resilience, and dependability requirements at the software application, system, and network environment level
• Draft statements of preliminary or residual security risks for system operation
• Maintain information systems assurance and accreditation materials
• Monitor and evaluate a system's compliance with information technology (IT) security, resilience, and dependability requirements
• Develop and implement cybersecurity independent audit processes for application software/networks/systems and oversee ongoing independent audits 
• Ensure that operational and Research and Design (R&D) processes and procedures are in compliance with organizational and mandatory cybersecurity requirements and accurately followed by Systems Administrators and other cybersecurity staff when performing their day-to-day activities
• Develop security compliance processes and/or audits for external services (e.g., cloud service providers, data centers)
• Perform validation steps, comparing actual results with expected results and analyze the differences to identify impact and risks
• Plan and conduct security authorization reviews and assurance case development for the initial installation of systems and networks

Skills on Resume: 

• Risk Monitoring (Hard Skills)
• Compliance Specs (Hard Skills)
• Security Auditing (Hard Skills)
• Accreditation Support (Hard Skills)
• IT Evaluation (Hard Skills)
• Audit Oversight (Soft Skills)
• Process Compliance (Hard Skills)
• Authorization Review (Hard Skills)

Job Summary: 

• Performs or leads system security engineering, specializing in Cyber Design, Engineering, Integration, and Deployment
• Work with a multi-disciplined program team and make decisions related to resource allocation, work assignment, schedule management, risk and opportunity management, and quality attainment in meeting program milestones and cyber objectives
• Contribute to cyber resiliency and security risk management of national significance
• Perform as a Subject Matter Expert (SME) for a range of cybersecurity capabilities and products
• Develop security documentation including items such as system security design, requirements compliance matrices, system security plans, contingency plans, and standard operating procedures in compliance with the IA policy
• Performs or leads technical planning, cost and risk analyses, and supportability and effectiveness analyses for subsystems and system elements
• Performs or leads evaluations of systems, networks and information systems to ensure designs meet applicable governmental security specifications
• Researches and analyzes data, such as vendor products, COTS components, GFE/CFE, specifications, and manuals to determine the feasibility of the design or application
• Effectively chooses the appropriate standards, processes, procedures, and tools throughout the system development life cycle to support the generation of technical engineering products
• Exercises considerable latitude in determining the technical objectives of assignments
• Defines processes for technical platforms, system specifications, input/output and working parameters for hardware and/or software compatibility
• Exercises independent judgment in methods, techniques and evaluation criteria for obtaining results
• Identifies, analyzes and resolves system design weaknesses
• Serves as a consultant to management and customers on projects and applications

Skills on Resume: 

• Cyber Engineering (Hard Skills)
• Program Leadership (Soft Skills)
• Risk Management (Hard Skills)
• Subject Expertise (Soft Skills)
• Security Documentation (Hard Skills)
• System Evaluation (Hard Skills)
• Standards Selection (Hard Skills)
• Design Resolution (Soft Skills)