• Contribute to the implementation and continuous improvement of security GRC processes such as Policy Management, Information Risk Management, Compliance Management, etc
• Support, configure, test, implement, and maintain the GRC processes in the applicable GRC product
• Working closely with the business, IT, security and 3rd party development/implementation partners
• Assess and advise on the impact of GRC process design options and changes
• Track remediation activities and relevant metrics to help communicate status, demonstrate progress and build awareness of GRC processes
• Ensure security compliance objectives through the design, implementation, and management of regulatory program requirements
• Contribute to the strategy and execution of the overall security governance and risk management program
• Cultivate relationships with security, IT, legal, risk, and business stakeholders to strengthen security governance and risk management
• Support Thales UK in ensuring all technical security measures are enhanced and developed, to ensure successful and timely system accreditations and re-accreditations
• Provide a central point of contact for all technical security matters and concerns, supporting IS project teams and businesses throughout project lifecycles
• Provide assurance and ensure the successful and secure delivery of all Code of Connections (CoCs), associated cryptographic products, key material and documentation
• Responsibility for developing and implementing formal and regular technical risk assessments of Thales’ IS environments, recommending remedial action 
• Work collaboratively with technical project delivery teams to ensure proposed solutions provide the level of security assurance in line with data processing requirements and Thales and customer risk appetites
• Ensure that technical requirements for Thales assurance activities are delivered in the functional area in line with risk appetite
• Devise, develop and maintain Information Security design principles and Technology Standards and requirements 
• Document and publish these Information Security Principles, Standards and requirements for use in the design and architecture of all Thales IT systems
• Review new and proposed technologies to evolve the list of acceptable Technology Standards

Skills: GRC Process Management, Risk Assessment, Compliance Tracking, Security Governance, Policy Development, Technical Assurance, Stakeholder Collaboration, Security Standards

• Understand the certification and accreditation process for a DoD and/or Federal government system
• Ensure that all the system or application deliverables meet the requirements of DoD and Air Force Information Assurance (IA) policy
• Sustain Client for the production/test/development environments
• Ensure all application deliverables comply with the Defense Information Systems Agency (DISA) Application Security and Development Security Technical Implementation Guide (STIG)
• Support activities and meet the requirements of DoDI 8520.02, Public Key Infrastructure (PKI) and Public Key (PK) Enabling
• Achieve standardized, PKI-supported capabilities for biometrics, digital signatures, encryption, identification and authentication
• Support the review and update of documentation (SSP, IRP, ISCP, etc.) about IA/security policies
• Review PO&AMs for completeness to ensure all system deficiencies are properly identified
• Validate POA&Ms are associated with a SAR-generated finding 
• Close out POA&Ms based on the POA&M Closure process
• Provide input to the overall security compliance strategy
• Prepare and oversee the preparation of IA certification and accreditation documentation
• Manage performance standards for IA activities
• Identify IT security program implications of new technologies or technology upgrades
• Register systems in the Enterprise Mission Assurance Support Service (eMASS) with all necessary artifacts to attain Authority to Operate (ATO)

Skills: Certification Process, STIG Compliance, PKI Support, Documentation Review, POA&M Management, Security Compliance, ATO Preparation, eMASS Registration

• Coordinate and collaborate with the government and other Contractor support about and documentation of connectivity and problem resolution issues for HQ AFSOC and HQ USSOCOM
• Coordinate all Information Assurance (IA) documentation and feedback with the HQ USSOCOM IA office while keeping SGIP Program Managers abreast on system IA posture
• Patches, updates, and upgrades to systems provide a coordination plan to the Government for communication of schedule, potential impacts, and applicable mitigation measures
• Assist in the formulation of adequate regulatory procedures in the safeguarding of classified defense and other protected information
• Provide system, technical and permissions (i.e., security, policy, access) training
• Perform Information Systems Security Manager (ISSM) duties for AFSOC SGIP systems
• Compile supporting data, submit and manage AFSOC-related SGIP Risk Management Framework (RMF) projects
• Perform continuous monitoring functions
• Manage system security patching as directed by SOF Information Enterprise (SIE) owners with minimum impact to operations
• Test and identify impacts to operations before updating systems

Skills: IA Documentation, Problem Resolution, Patch Coordination, Regulatory Procedures, Security Training, ISSM Duties, RMF Projects, System Monitoring

• Implementing ATO requirements and maintaining the appropriate impact levels of the classified system
• Developing and maintaining Risk Management Framework (RMF) documentation
• Work with network monitoring tools for the purpose of identifying deficiencies with approved software
• Administrative and general cybersecurity support to include preparing presentations
• Work with program and Cyber Security leadership to develop RMF security artifacts, respond to controls, create/update POA&Ms, attend and participate in status meetings
• Active participation in providing resolution to the Authorization to Operate (ATO), Risk Management Framework (RMF) Process
• Review, update, or the creation of documents to support the closure of findings, execution of associated actions and coordination for submission to the government for review and approval
• Attend enterprise Information Assurance (IA) related working groups and meetings to identify and execute emerging Information Assurance (IA) policies and/or creation and staffing of new IA policies
• Review and generate correspondence and response as directed on Cyber Security policies and instructions, DISA Information Assurance Vulnerability Alert (IAVA), and other operation orders
• Facilitates cybersecurity management oversight and technical evaluation
• Provide effective analysis of cybersecurity policies and processes and ensure timely solutions are provided in accordance with the Risk Management Framework Process lifecycle

Skills: ATO Implementation, RMF Documentation, Network Monitoring, Cybersecurity Support, POA&M Creation, IA Coordination, Policy Review, Security Analysis

• Supports the implementation of new security solutions, participation in the creation and or maintenance of policies, standards, baselines, guidelines and procedures as well as conducting vulnerability audits and assessments
• Participates in the design of vulnerability assessments, penetration tests and security audits and provides recommendations for application design
• Uses encryption technology, penetration and vulnerability analysis of various security technologies, and information technology security research
• Participates in the design and development of new systems, applications, and solutions for external customer enterprise-wide cyber systems and networks
• Participates in integrating new architectural features into existing infrastructures, designs cyber security architectural artifacts, provides architectural analysis and relates existing systems to future needs and trends
• Embeds forensic tools and techniques for attack reconstruction, provides engineering recommendations, and resolves integration/testing issues
• Participates in the creation and enforcement of enterprise security documents (policies, standards, baselines, guidelines and procedures)
• Maintains documentation, procedures and working instructions in accordance with federal and departmental guidelines
• Reviews logs and reports and interprets the implications
• Participates in investigations into problematic activity and assists with plans for appropriate resolution
• Assist with proposals, including gathering facts, analyzing data and preparing a project overview which compares alternatives in terms of cost, time, availability of equipment and personnel, etc.

Skills: Security Implementation, Policy Maintenance, Vulnerability Audits, Penetration Testing, Encryption Analysis, System Design, Log Review, Incident Investigation

• Maintaining the database server and all database instances supporting the IMO system applications
• Installing, configuring, and maintaining SQL Database servers and instances
• Implementing DISA STIG requirements for all IMO databases and instances
• Tuning/optimizing databases, maintaining database interfaces, monitoring database use and size, and archiving databases
• Evaluate and recommend available DBMS products to meet user requirements
• Determine file organization, indexing methods, and security procedures for a specific user application
• Working with developers, system engineers, and program managers to create, process, and manage certification and accreditation packages using eMASS
• Communicate complex concepts to both technical personnel and mid and senior level management
• Apply DISA STIGs and patches to mitigate vulnerabilities
• Aid in the development of new cybersecurity plans and the reaccreditation of existing plans
• Perform cyber review and assessments for information technologies from across the labs
• Determine security requirement gaps and provide recommendations or mitigations for addressing those gaps
• Work closely with Information Security Site Manager (ISSM), Information System Security Officers (ISSOs) and system administrators
• Provide interpretation of NIST/CNSSI requirements and guidelines, along with validation testing
• Establish Operational Technology (OT) sanitization procedures or periods for processing protocols
• Perform cyber or telecommunications security assessments
• Capture, prioritize, and present information requested via federal cybersecurity data calls
• Handle a high-pressure environment while partnering with customers in multiple Sandia mission areas

Skills: Database Management, SQL Configuration, STIG Implementation, Performance Tuning, eMASS Processing, Cyber Assessments, Security Gap Analysis, NIST Interpretation

• Provide support regarding DoD RMF assessment and authorization (A&A) processes and matters
• Maintains information and data regarding end-user issues within the tracking system and according to policies and standards
• Perform vulnerability scans, conduct risk assessments, and implement vulnerability assessments
• Reviews, develops, and implements security plans for existing and new computer assets
• Experience in running Security Content Automation Protocol (SCAP) or Nessus, compliance and hardening tools on systems, to provide risk input to the ISSM
• Coordinates and performs information security inspections, tests, and reviews
• Supports the implementation and development of an organization's IT security program
• Ensures security policies, standards and procedures are established and enforced
• Trains and briefs employees on the IS systems
• Ensures users have appropriate security clearance and access to information
• Verify that applicable security measures identified by the IA Vulnerability Management (IAVM) program are applied
• Understand classification management, classified document control, and classified media control
• Submit and track accreditation packages, to include annual reviews of accredited networks/systems
• Knowledge of techniques to perform clearing, purging, declassifying, and releasing of system memory, media, and output
• Conduct evaluation and analysis of software/hardware intended for use on the secured IT assets
• Conducts hardware and software implementations
• Investigates and reports IS security incidents
• Ensures proper protection or corrective measures have been taken
• Supporting the Greenbelt, MD, location and assisting other regional areas

Skills: RMF Support, Risk Assessment, Vulnerability Scanning, Security Planning, SCAP Experience, Policy Enforcement, Clearance Verification, Incident Investigation

• Working experience in performing DIACAP and RMF compliance as a Cybersecurity specialist/engineer
• Demonstrated knowledge and the ability to analyze systems for Cybersecurity compliance
• Ability to work in a fast-paced, team-oriented environment
• Knowledge of DoD policies and risk assessment methodologies
• Experience in writing or executing system security documentation, authorization to operate packages, POA&Ms, and policies
• Experience in reviewing/editing/writing technical documents
• Presentation and public speaking skills
• Must be comfortable presenting technical information to a group
• Knowledge of the NIST Risk Management Framework
• Knowledge and understanding of systems and networking technologies and concepts
• Ability to interpret and assess network diagrams and drawings using Visio
• Familiarity with Testing, Development, Staging, and pre-production environment CS support

Qualifications: BS in Information Systems with 6 years of Experience

• Experience with Intrusion Prevention/Detection systems, network monitoring, syslog, encryptors, and other cybersecurity tool families
• Familiar with DoD network security practices and Security Technical Implementation Guides (stigs)
• Understanding of encryption technologies including Hardware Security Modules (HSMs)
• Must be able to exchange accurate information in these situations
• Previous experience of providing security input and advice to projects in the Government sector or commercial organisations
• In-depth knowledge of HMG security policy, NIST, DEFSTAN 05-138 and good practice guidance and their application
• Wide-ranging knowledge of application, infrastructure and security technologies and familiarity with implementing them in a secure configuration
• Experience of working in a project environment and awareness of system development lifecycle methodologies
• Experience within each expertise area of security policy, vulnerability management, and security assessment and authorization
• In-depth knowledge and experience implementing NIST guidance relating to SA&A, including System Security Plans, Security Test and Evaluation Plans, Risk Assessments, Contingency Plans, and Business Impact Analysis
• Ability to work and set priorities on multiple projects/tasks at once and operate in a dynamic, fast-paced team-oriented environment
• Must have IAM Level III Certification (CISSP, CISM or GSLC)

Qualifications: BS in Computer Engineering with 8 years of Experience

• Experience working with Salesforce.com or a similar CRM
• High aptitude for working with dynamic information systems
• Highly organized with strong follow-through ability
• Effective communication ability, with collaboration skills
• Strong problem-solving skills
• Ability to organize and deliver information in an understandable manner
• Information security or Information System Security Officer (ISSO) experience
• Must be able to obtain Security Plus Certification (DOD 8570 certification)
• Strong Microsoft Office experience, above-average Excel skills, and some Microsoft Project skills
• Cross-functional coordination/communication to achieve project goals
• Strong computer proficiency, accuracy, and attention to detail
• Knowledge of manufacturing business processes

Qualifications: BA in Intelligence Studies with 5 years of Experience

• Ability to facilitate engagement with peers
• Able to be eager to share knowledge and help team members develop their security awareness
• Proven dedication and willingness towards continuous improvement and learning new skills and capabilities
• Able to be open-minded, experienced, or ready to adapt to new ways of working (agile)
• Experience in systems/security engineering
• Experience with the Risk Management Framework (RMF) or FedRAMP ATO process, to include a working knowledge of the various steps/stages within the process
• Knowledgeable of relevant NIST Special Publications guidance as it pertains to the RMF
• Experience leading RMF Cybersecurity/IA Activities
• Strong knowledge and experience with DISA Security Technical Implementation Guides (STIG)
• Must have current CompTIA Security Certification or the ability to obtain CompTIA
• Able to obtain or utilize technical certifications as part of continuous professional growth

Qualifications: BA in International Relations with 6 years of Experience

• Demonstrated experience in creating, processing, and managing certification and accreditation packages
• Demonstrated experience using automated management information systems to perform fact-finding, analytical, and advisory functions related to information assurance activities
• Demonstrated experience developing solutions to problems relating to improving information assurance effectiveness, work methods, resource requirements, and utilization and controls
• Suitable interpersonal and customer service skills to interface with corporate customers
• Ability to effectively communicate with the Customer, Naval Information Warfare Center - Pacific Center's staff, and peer contractor personnel
• Software and application security evaluation skills using automated software evaluation tools
• Network and/or System Administration technical expertise with Microsoft operating systems, Linux/Unix operating systems, Cisco products, and VMWare/virtualization
• Ability to prepare and execute detailed computer system analysis, including interim and final reports and presentation of analysis data
• Ability to research policies, procedures, standards, and guidance, and apply under specific conditions for the protection of information and information systems
• Ability to conduct vulnerability assessments, risk mitigation, and Plan of Action and Milestone (POA&M) development and tracking
• Understanding and application of mitigation strategies
• Strong understanding of DIACAP, RMF, ACAS, and Vulnerability Management
• Good communication skills, both written and oral, to interact with team members and customers
• Experience in a team environment

Qualifications: BA in Emergency Management with 2 years of Experience

• Excellent analytical and strong communication skills
• Knowledge of current industry trends
• Excellent problem-solving ability and able to prioritize workload to ensure timely completion
• Must have an active/current Secret Security Clearance with the ability to obtain Top Secret
• Strong communication skills to interact with customers, management personnel, and team members, including documentation and writing skills
• Must have an ability to present simple, easily understood solutions to executive leadership and customers where complex technical problems exist
• Experience using eMASS, POA&Ms, HBSS, Nessus, Tanium, and ACAS
• Must have IAM Level I or IAT Level II certification - CISSP
• Experience with Microsoft Office, including Word, Excel, and PowerPoint
• Experience with Nessus, SCAP Compliance Checker, STIGs, hardening systems, and applying IA controls

Qualifications: BS in Information Assurance with 5 years of Experience

• Must possess comprehensive knowledge of the Navy Information Assurance (IA) and Navy Assessment and Authorization (A&A) process
• Experience in systems and infrastructure security and knowledge of the Department of the Navy (DON) RMF Process Guide 
• Experience in Information Technology
• Experience working with the Risk Management Framework (RMF) Assessment and Authorization (A&A) process
• Able to research and interpret government regulations and standards
• Able to provide guidance and assistance to all levels of A&A technical and non-technical personnel
• Experience with Information Assurance Assessment tools
• Experience with Encryption technologies
• Experience with Identity and authentication technologies tools,
• Knowledge of risk management methodology and strong technical skills and analytic ability
• Demonstrated ability to act independently when making technical and business judgements
• Excellent communication and writing skills
• Ability to conduct vulnerability assessments utilizing scanning tools

Qualifications: BS in Information Systems with 6 years of Experience