Job Summary: 

• Implement security and anti-tamper controls into training and simulation solutions.
• Define DoD cybersecurity and anti-tamper requirements and collaborate with external stakeholders to refine, derive, and allocate security control requirements.
• Perform trade studies, cost analysis, risk assessments, impact analysis, and effectiveness studies.
• Customize cybersecurity solutions based on cost and effectiveness.
• Assist programs and monitor execution throughout the product development lifecycle to ensure cyber and anti-tamper objectives are achieved.
• Lead, advise, and educate engineers on cybersecurity and anti-tamper concepts and solutions.
• Prepare briefings to obtain approvals from government agencies for contracted efforts.
• Perform cybersecurity tasks in each phase of the Risk Management Framework (RMF).
• Create full authorization packages to obtain an Authority to Operate (ATO) for DoD Information Systems.
• Engage with System Program Office and Authorizing Official personnel during all RMF phases.
• Support Information System Security Managers and Officers (ISSM/ISSO) during the Continuous Monitoring Phase of the RMF as a technical Subject Matter Expert.

Skills on Resume: 

• Cybersecurity Engineering (Hard Skills)
• Risk Management (Hard Skills)
• Cost Analysis (Hard Skills)
• Trade Studies (Hard Skills)
• Stakeholder Collaboration (Soft Skills)
• Technical Leadership (Soft Skills)
• Briefing Preparation (Soft Skills)
• System Authorization (Hard Skills)

Job Summary: 

• Bring a deep technical understanding (hands-on) of a broad set of back-office systems and applications (e.g., Windows operating systems, Active Directory, MS Office, internetworking, etc.).
• Understand, apply, and execute IA and cybersecurity policies and tasks (e.g., review SSPs and addenda, conduct audits of operational systems by reviewing logs, etc.).
• Advise and assist colleagues and stakeholders with defining and implementing IA and information system security requirements.
• Assess and implement the IA and cybersecurity posture of systems and the enclaves in which they reside, ensuring compliance with RMF and NIST 800-53 technical controls.
• Develop/maintain associated certification and accreditation documentation.
• Perform security systems engineering for various computer hardware and software operating systems.
• Protect and sustain information assurance requirements for system and information availability, access control, integrity, confidentiality, and non-repudiation across environments.
• Perform vulnerability assessments and implement security controls in networking devices, databases, operating systems, hardware, and software components.
• Administer and manage IA Vulnerability Alerts (IAVA) and security POAMs.
• Manage security features to mitigate vulnerabilities across various operating systems.
• Perform vulnerability testing and mitigation using tools such as HBSS, ACAS, and SCCM.

Skills on Resume: 

• Back-Office Systems (Hard Skills)
• Cybersecurity Policies (Hard Skills)
• Stakeholder Support (Soft Skills)
• RMF Compliance (Hard Skills)
• Security Engineering (Hard Skills)
• Information Assurance (Hard Skills)
• Vulnerability Assessment (Hard Skills)
• Security Mitigation (Hard Skills)

Job Summary: 

• Define CUI protection requirements in coordination with security stakeholders, including system engineers, program managers, contract specialists, security control assessors, and authorizing officials.
• Develop and review system security designs and architectures.
• Advise programs and system engineers on the best methods to achieve vulnerability and risk reduction.
• Support engineering analysis of alternatives, tradeoffs, and risk treatment decisions.
• Develop cybersecurity documentation in support of the customer Risk Management Framework (RMF) process.
• Work with interdisciplinary teams to deliver effective and efficient CUI protection capabilities.
• Review AWS security settings, IAM roles, privileges, and environmental configurations regularly.
• Perform vulnerability testing, risk analyses, and security assessments.
• Research security standards, systems, and authentication protocols.
• Test security structures to validate expected behavior.
• Determine the most effective methods to protect applications, networks, and information systems against external and insider threats.

Skills on Resume: 

• CUI Protection (Hard Skills)
• Security Architecture (Hard Skills)
• Risk Reduction (Hard Skills)
• Engineering Analysis (Hard Skills)
• Cybersecurity Documentation (Hard Skills)
• Interdisciplinary Collaboration (Soft Skills)
• AWS Security (Hard Skills)
• Vulnerability Testing (Hard Skills)

Job Summary: 

• Provide technical support as an Information Systems Security Engineer (ISSE) to ensure FP/AT systems are designed to meet DIA C&A and IA requirements and are properly certified and accredited.
• Support obtaining and maintaining Authorization to Operate (ATO) for DS&T systems.
• Design, develop, and recommend integrated security systems and physical control solutions to protect proprietary and confidential data and systems.
• Deliver technical engineering services for integrated security systems and solutions to manage information-related risks.
• Participate in strategic design processes with clients to translate security and business requirements into technical designs.
• Configure and validate secure systems and physical controls, and test security products and systems to detect weaknesses.
• Maintain XACTA records for supported systems.
• Contribute to the development of long-term strategies for continuous security improvement.
• Advise stakeholders on effective security risk treatment options.
• Ensure security measures remain effective against evolving threats.
• Promote cross-team collaboration to strengthen overall cybersecurity posture.

Skills on Resume: 

• ISSE Support (Hard Skills)
• ATO Management (Hard Skills)
• Integrated Security (Hard Skills)
• Risk Management (Hard Skills)
• Technical Design (Hard Skills)
• System Validation (Hard Skills)
• Security Strategy (Hard Skills)
• Cross-Team Collaboration (Soft Skills)

Job Summary: 

• Serve as the technical lead for the security engineering team and act as the single point of contact with a federal customer.
• Understand the RMF process to make recommendations and clearly articulate them to customers and security engineering teams for tasking.
• Implement cybersecurity requirements for IT systems and applications, documenting them in formal security engineering documents using the Risk Management Framework (RMF) and supporting artifacts associated with risk assessments.
• Perform security analyses to determine gaps, compensating or mitigating controls, and residual risk.
• Identify security risks through security impact analyses, system risk assessments, and technology security risk reports.
• Implement IT security solutions and ensure successful execution.
• Apply knowledge of security principles, policies, and regulations to daily tasks.
• Conduct security compliance evaluations on IT products using all-source analysis and test labs, and apply test results to develop secure configuration guidelines and baselines.
• Communicate and collaborate effectively with external and internal customers regarding hardware and software configuration changes that may impact system security or violate policies.

Skills on Resume: 

• Technical Leadership (Soft Skills)
• RMF Knowledge (Hard Skills)
• Cybersecurity Implementation (Hard Skills)
• Security Analysis (Hard Skills)
• Risk Assessment (Hard Skills)
• IT Security Solutions (Hard Skills)
• Compliance Evaluation (Hard Skills)
• Customer Communication (Soft Skills)

Job Summary: 

• Support the design, development, implementation, and integration of Information Assurance (IA) architectures, systems, and system components.
• Ensure the architecture and design of information systems are both functional and secure, including program of record systems and special-purpose environments with platform IT interconnectivity.
• Conduct system and network designs that encompass multiple enclaves, including those with differing data protection and classification requirements.
• Apply IA policies, procedures, and workforce structures to design, develop, and implement secure networking, computing, and enclave environments.
• Provide highly technical and specialized recommendations for automated solutions to complex information processing problems.
• Perform analyses and studies to support secure system engineering.
• Prepare detailed reports and deliver presentations.
• Develop and implement applied engineering solutions based on working knowledge of Federal, NSA, IC, and DoD Information Security regulations, publications, and policies.
• Assist the Government with the development of requirements from project inception to conclusion for IT subject matter areas ranging from simple to complex systems.
• Develop, implement, and enforce ICS security policies.

Skills on Resume: 

• IA Architecture (Hard Skills)
• Secure System Design (Hard Skills)
• Network Engineering (Hard Skills)
• Policy Application (Hard Skills)
• Technical Recommendations (Hard Skills)
• System Analysis (Hard Skills)
• Report Preparation (Soft Skills)
• ICS Security (Hard Skills)

Job Summary: 

• Develop and improve security architectures for applications, information systems, and microservices.
• Lead the analysis of security requirements and provide implementation recommendations to developers and systems engineers.
• Provide security engineering input throughout the program lifecycle to ensure systems meet ICD-503 controls.
• Leverage DAST and SAST tools in the DevSecOps CI/CD toolchain to analyze static and dynamic code for vulnerabilities, and work with developers, ISSOs, and SCAs to ensure remediation.
• Analyze code for vulnerabilities using Fortify and collaborate with developers to mitigate findings.
• Analyze the runtime security of applications using OWASP ZAP or Arachni for dynamic application security testing.
• Implement best practices for security controls using software engineering methodologies, system and security engineering principles, secure design, secure architecture, and secure coding techniques.
• Design unclassified and classified environments leveraging AWS and Azure clouds.
• Configure and maintain Virtual Machines (EC2 instances) to align with security requirements.
• Support application and infrastructure development teams by reviewing security engineering requirements.
• Implement DevOpsSec initiatives within the DevOpsSec Framework for IC IE.

Skills on Resume: 

• Security Architecture (Hard Skills)
• Requirements Analysis (Hard Skills)
• Lifecycle Support (Hard Skills)
• DevSecOps Tools (Hard Skills)
• Code Review (Hard Skills)
• Runtime Security (Hard Skills)
• Cloud Security (Hard Skills)
• DevOpsSec Implementation (Hard Skills)

Job Summary: 

• Provide security design and planning during the design, development, and maintenance of Department of Defense infrastructure environments.
• Apply cyber engineering expertise to determine security requirements by evaluating best practices, researching security standards and tools, conducting system security and vulnerability analyses, performing risk assessments, and identifying integration issues.
• Enhance software and security team competence by developing and directing secure application and architecture techniques and recommending improved processes.
• Evaluate network and security technologies and develop requirements for local area networks (LANs) and secure interfaces.
• Apply working knowledge of current government-mandated cybersecurity policies and procedures.
• Develop Information Assurance (IA) and cybersecurity strategies for new systems, as well as enhancements and overhauls of existing systems.
• Influence system requirements and design processes to ensure cyber requirements are identified early.
• Recommend architecture solutions that support both functional requirements and cyber/information assurance requirements.
• Identify poor cyber designs in systems and propose alternative designs.
• Support the development of Risk Management Framework (RMF) packages for certification and accreditation of new and existing networks, labs, and Programs of Record.

Skills on Resume: 

• Security Design (Hard Skills)
• Cyber Engineering (Hard Skills)
• Team Development (Soft Skills)
• Network Evaluation (Hard Skills)
• Policy Knowledge (Hard Skills)
• Cybersecurity Strategy (Hard Skills)
• Requirements Influence (Soft Skills)
• RMF Support (Hard Skills)

Job Summary: 

• Assess and mitigate system security threats and risks.
• Perform and analyze security audits for nonstandard events to ensure security posture integrity.
• Aid in the design and architecture of systems in compliance with cybersecurity requirements and programmatic needs.
• Assess and quantify cyber security risks and take appropriate actions, including analyzing, interpreting, and applying cyber security processes, procedures, and policies for efficiency, accuracy, and compliance with Federal requirements.
• Develop and manage continuous monitoring projects and tasks. Collaborate with other LLNL organizations to ensure consistency between continuous monitoring tools and projects.
• Design and execute project plans, meetings, metric gathering, and analyze data to report results, which includes researching, analyzing, and recommending risk strategies for cyber-related projects.
• Guide customers on policies, requirements, information resources, and the development of a common solution.
• Coordinate and lead working groups.
• Support compliance activities to ensure alignment with federal and industry cybersecurity requirements.
• Perform system reviews to validate adherence to established security frameworks.
• Assist in remediation planning to close identified gaps in security controls.

Skills on Resume: 

• Threat Mitigation (Hard Skills)
• Security Auditing (Hard Skills)
• System Architecture (Hard Skills)
• Risk Assessment (Hard Skills)
• Continuous Monitoring (Hard Skills)
• Project Management (Soft Skills)
• Policy Guidance (Soft Skills)
• Compliance Support (Hard Skills)

Job Summary: 

• Support CNRSE IAM/CIO with RMF package development as an ISSE.
• Assemble all required documentation as outlined by the ISSM and CNIC for RMF packages.
• Tailor security controls from NIST SP 800-53 Rev 4 for applicable systems.
• Develop a Security Assessment Plan (SAP) in accordance with Navy Security Control Assessor (SCA) A&A Testing Guidance.
• Assess security controls, Security Technical Implementation Guides (STIGs), and Assured Compliance Assessment Solution (ACAS) scans in alignment with the SAP.
• Build risk assessment reports (RARs) incorporating all findings from testing and provide analysis for each finding.
• Create system authorization boundary diagrams with traceability to hardware, firmware, software, and Ports, Protocols, and Services (PPS) lists.
• Document the status of all security controls, enhancements, and control correlation identifiers (CCIs) in eMASS.
• Prepare and deliver technical briefings at meetings with internal and external representatives.
• Interact frequently with internal personnel and outside representatives at various levels.
• Assist in developing schedules and Plans of Action and Milestones (POA&M) to produce deliverable products and reports within customer-directed timelines.
• Coordinate with field activities by obtaining statuses and providing RMF guidance for all CNIC CNRSE packages.

Skills on Resume: 

• RMF Development (Hard Skills)
• Documentation Assembly (Hard Skills)
• Security Control Tailoring (Hard Skills)
• Assessment Planning (Hard Skills)
• Risk Reporting (Hard Skills)
• System Diagrams (Hard Skills)
• Technical Briefings (Soft Skills)
• Stakeholder Coordination (Soft Skills)

Job Summary: 

• Conduct technical evaluations of information system designs with a focus on information security and accreditation.
• Utilize information system inspection tools to audit systems, analyze potential vulnerabilities, and identify mitigation approaches.
• Perform vulnerability and risk assessment analyses to support accreditation and program protection activities.
• Prepare and review program documentation, including Risk Assessment Reports, Accreditation Packages, and security policy guides.
• Coordinate with external organizations and guide accreditation packages through the customer approval process.
• Review software installation requests and conduct technical risk assessments on proposed implementations.
• Work closely with system administrators to validate that patching, antivirus definitions, and other security tools are current and effective.
• Coordinate and track security action requests and report on status updates.
• Assist contractors in designing systems with appropriate security features, conduct pre-accreditation inspections, and support the preparation of accreditation documentation.
• Conduct periodic assessments of contractor facilities to ensure compliance with tailored security requirements.
• Support customer staff in resolving operational security issues involving contractors.
• Maintain the program’s operational security posture.

Skills on Resume: 

• System Evaluation (Hard Skills)
• Vulnerability Auditing (Hard Skills)
• Risk Assessment (Hard Skills)
• Documentation Preparation (Hard Skills)
• Accreditation Coordination (Soft Skills)
• Technical Risk Review (Hard Skills)
• Security Validation (Hard Skills)
• Operational Support (Soft Skills)

Job Summary: 

• Support system security design efforts, security requirements analysis, and flow down of security requirements to program elements as a member of the security team.
• Execute or support the development of required security documentation, including security plans, contingency plans, and security test plans and procedures, in compliance with NASA policy.
• Support IT security concerns for missions throughout all stages of the mission lifecycle.
• Generate or support the generation of Assessment and Authorization (A&A) documentation for the program.
• Assess potential security issues and impacts, and develop remediation measures that account for project requirements and success.
• Provide technical input to Project or Engineering Management by linking task-related strategies to business goals.
• Interpret technical, organizational, and process aspects of assigned tasks and relate them to overall project or organizational needs.
• Plan and execute small projects or task elements within larger projects, organizations, or groups of projects.
• Complete assigned engineering tasks or small projects within budgetary and scheduling guidelines.
• Identify technical and organizational risks and ensure they are incorporated into risk mitigation plans.
• Participate in continuous process improvement efforts.
• Communicate regularly with project security personnel, system administrators, and other relevant points of contact.

Skills on Resume: 

• Security Design (Hard Skills)
• Security Documentation (Hard Skills)
• Mission Support (Hard Skills)
• A\&A Documentation (Hard Skills)
• Remediation Planning (Hard Skills)
• Technical Input (Soft Skills)
• Project Execution (Soft Skills)
• Risk Mitigation (Hard Skills)

Job Summary: 

• Work with development teams to design, integrate, install, configure, test, and administer systems and capabilities supporting scanning, monitoring, and reporting requirements.
• Assist with the design, development, integration, testing, implementation, and operations and maintenance (O&M) of tools to automate security testing in support of new and existing Assessment and Authorization (A&A) requirements.
• Integrate, install, configure, test, and administer tools and capabilities to implement A&A business processes, workflows, security control mappings, and reporting.
• Collaborate with security assessors to address questions, provide justifications, and deliver required updates promptly.
• Develop and implement security baselines for Linux and Windows operating systems and networking components.
• Write system security plans (SSPs) for existing and new systems.
• Assist with the development of Plans of Action and Milestones (POA&Ms) that outline corrective actions for unacceptable risks.
• Implement a Continuous Monitoring strategy tailored to systems by leveraging existing tools and incorporating automation where feasible.
• Recommend appropriate security measures for all systems to ensure compliance with customer security mandates.
• Track and mitigate customer system vulnerabilities.

Skills on Resume: 

• System Administration (Hard Skills)
• Automation Tools (Hard Skills)
• Process Integration (Hard Skills)
• Assessor Collaboration (Soft Skills)
• Security Baselines (Hard Skills)
• SSP Development (Hard Skills)
• POA&M Management (Hard Skills)
• Continuous Monitoring (Hard Skills)

Job Summary: 

• Serve as the Information System Security Engineer (ISSE) for hosted information systems.
• Communicate and enforce security policies, procedures, and safeguards for Industrial Control Systems (ICS) and IT/OT devices, equipment, and interfaces based on NIST requirements.
• Identify security capabilities and limitations of ICS and OT systems, and assist with applying, documenting, and justifying variances for required controls.
• Act as the primary technical interface with system engineering and a guide for establishing secure ICS in accordance with NIST 800-82 Rev 2.
• Secure Supervisory Control and Data Acquisition (SCADA) Systems, Distributed Control Systems (DCS), Programmable Logic Controllers (PLC), and other control system configurations.
• Restrict logical and physical access to ICS networks and devices, protect ICS components from exploitation, prevent unauthorized data modification, detect security events and incidents, maintain functionality during adverse conditions, and restore systems after incidents.
• Research and recommend compatible and approved replacements for legacy, End-of-Life (EoL), and End-of-Support (EoS) hardware, software, and equipment.
• Ensure ICS and Building Automation Systems (BAS) are operated, maintained, and disposed of in accordance with security policies, best practices, and NIST 800-37.
• Maintain Configuration Management (CM) for security-relevant ICS and BAS software, hardware, and firmware, ensuring inventory and documentation are up to date.
• Manage ATO artifacts and documentation and provide updates within the Information Security Management System.
• Assist with obtaining Authorization to Operate (ATO) for systems.

Skills on Resume: 

• ISSE Support (Hard Skills)
• Policy Enforcement (Hard Skills)
• ICS Security (Hard Skills)
• Technical Interface (Soft Skills)
• SCADA Protection (Hard Skills)
• Access Control (Hard Skills)
• Configuration Management (Hard Skills)
• ATO Management (Hard Skills)

Job Summary: 

• Identify, analyze, and verify information systems security requirements.
• Assist cybersecurity and IT teams with the Cybersecurity Maturity Model Certification (CMMC) assessment and authorization process, including system categorization, control selection, control implementation and testing, validation support, and continuous monitoring of authorized systems.
• Develop CMMC supporting documentation, including policies, procedures, system diagrams, data flow diagrams, hardware/software lists, System Security Plans, and risk assessments.
• Maintain and interpret the output of vulnerability scanning tools and manage the POA&M.
• Configure, segment, and implement firewall management solutions.
• Improve detection processes and tool analysis techniques to better identify threats and breaches promptly.
• Apply knowledge of computer and information security requirements defined in the NIST SP 800-171 series publications.
• Collaborate with stakeholders to align security strategies with organizational and contractual requirements.
• Evaluate technical solutions to ensure compliance with established protection measures.
• Continuously monitor and assess risks to identify mitigation opportunities.
• Provide expert guidance on integrating security best practices across program lifecycles.

Skills on Resume: 

• Security Requirements (Hard Skills)
• CMMC Support (Hard Skills)
• Documentation Development (Hard Skills)
• Vulnerability Management (Hard Skills)
• Firewall Management (Hard Skills)
• Threat Detection (Hard Skills)
• Stakeholder Collaboration (Soft Skills)
• Risk Monitoring (Hard Skills)

Job Summary: 

• Maintain an enterprise-level Information Technology system of access control, intrusion detection, and associated physical, electronic, and technical security elements.
• Perform or review technical security assessments of computing environments to identify vulnerabilities, non-compliance with Information Assurance (IA) standards and regulations, and recommend mitigation strategies.
• Validate and verify system security requirements, perform analysis, and establish secure system designs.
• Design, develop, implement, and integrate IA and security systems and components, including networking, computing, and enclave environments with multiple enclaves and differing data protection/classification requirements.
• Integrate IA into systems deployed to operational environments.
• Perform system scans and provide mitigation strategies to engineering staff.
• Participate as a security engineering representative on engineering teams for secure system design, development, implementation, and integration.
• Apply knowledge of IA policies, procedures, and workforce structures to design, develop, and implement secure environments.
• Support security planning, assessments, risk analysis, and risk management activities.
• Recommend system-level solutions to resolve security requirements.
• Interact with customers, IT staff, and corporate officers to define and achieve IA objectives.

Skills on Resume: 

• Access Control (Hard Skills)
• Security Assessment (Hard Skills)
• System Validation (Hard Skills)
• IA Integration (Hard Skills)
• Vulnerability Mitigation (Hard Skills)
• Risk Management (Hard Skills)
• Solution Development (Hard Skills)
• Customer Interaction (Soft Skills)

Job Summary: 

• Ensure appropriate operational security posture is obtained, monitored, and maintained for multiple mission information systems throughout their lifecycle.
• Apply knowledge of DCID 6/3, NIST 800-53, and CNSS 1253 security controls to system security requirements.
• Obtain, manage, and monitor all security aspects of an information system from inception through decommissioning.
• Coordinate day-to-day security operations with System Administrators, System Engineers, Software Distribution, Patch Management, and Sustainment Teams.
• Interpret and develop security policies, mentor and guide security engineers, lead security meetings, gather and report IT security metrics, and represent ISSO/ISSE interests at stakeholder meetings with customer representatives.
• Conduct system vulnerability testing using COTS and GOTS tools and generate security findings reports.
• Build and execute NIST 800-53 and CNSS 1253 security control test cases.
• Review, analyze, and document secure implementation of logical, physical, and environmental controls, personnel security, incident handling, security-relevant changes, continuous monitoring, audit log review, and reporting.
• Develop standard operating procedures (SOPs) and provide security training and awareness to both privileged and non-privileged users of the information system.
• Develop required system plans, including the Configuration Management Plan (CMP), Contingency Plan (CP), Continuity of Operations Plan (COOP), Disaster Recovery Plan (DRP), and Incident Response Plan (IRP).

Skills on Resume: 

• Security Posture (Hard Skills)
• Control Application (Hard Skills)
• Lifecycle Management (Hard Skills)
• Operations Coordination (Soft Skills)
• Policy Development (Hard Skills)
• Vulnerability Testing (Hard Skills)
• SOP Development (Hard Skills)
• Security Training (Soft Skills)

Job Summary: 

• Provide solutions for and implement the Risk Management Framework (RMF) security controls.
• Produce system design documents and support architectural analysis of cybersecurity features and existing systems in relation to future needs and trends.
• Perform requirements analysis, design, and integration for complex software applications and collaboration infrastructures.
• Conduct assessment testing and reporting in accordance with RMF and NIST 800-53, identify deficiencies (POA\&M), and recommend solutions.
• Participate in the change management process and assess the security impact of proposed changes.
• Write implementation and design documents describing how security features are implemented.
• Support a multi-disciplined team in designing and implementing cybersecurity system architectures to meet program needs.
• Review and provide input to system requirements based on cybersecurity posture.
• Compile industry best practices and lessons learned into future iterations and new system designs.
• Apply broad-based IT Service Management experience to specific cybersecurity initiatives for system design, development, operations, and maintenance.

Skills on Resume: 

• RMF Implementation (Hard Skills)
• System Design (Hard Skills)
• Requirements Analysis (Hard Skills)
• Assessment Testing (Hard Skills)
• Change Management (Hard Skills)
• Documentation Writing (Hard Skills)
• Cybersecurity Architecture (Hard Skills)
• IT Service Management (Hard Skills)

Job Summary: 

• Implement measures to ensure the deployed infrastructure is secure and available.
• Advise and assist team members in deploying and configuring collection services and tools.
• Oversee infrastructure operations and maintenance, and make recommendations for improvement.
• Provide mentoring to cybersecurity team members.
• Interface directly with customer representatives and external groups.
• Support the assessment and mitigation of system security threats and risks throughout the program lifecycle.
• Resolve diverse and complex problems using ingenuity and creativity.
• Contribute to the development of new theories and methods.
• Conduct continuous monitoring activities to support ongoing authorization.
• Ensure that plans of action and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.

Skills on Resume: 

• Infrastructure Security (Hard Skills)
• Tool Deployment (Hard Skills)
• Operations Oversight (Hard Skills)
• Team Mentoring (Soft Skills)
• Customer Interface (Soft Skills)
• Threat Mitigation (Hard Skills)
• Continuous Monitoring (Hard Skills)
• Remediation Planning (Hard Skills)

Job Summary: 

• Understand Information Assurance (IA) concepts, practices, and procedures using established policies and standards to minimize and mitigate security risks.
• Review and comment on technical documentation to ensure compliance with security standards and regulations.
• Recommend security monitoring solutions to meet IA requirements.
• Guide projects and programs through successful assessment and authorization of system components for Authority to Operate (ATO).
• Focus on threats, vulnerabilities, and the security of programs and systems.
• Prioritize intrusion detection, remediation of unprotected vulnerabilities, and securing remote access points.
• Coordinate with internal and external stakeholders to support, monitor, test, and troubleshoot software and hardware IA issues.
• Identify, develop, and implement security standards, procedures, and solutions appropriate to the RMF environment.
• Ensure compliance with security reporting requirements.
• Collaborate with Subject Matter Experts (SMEs) to identify user audit records to be captured and reported using designated processes.

Skills on Resume: 

• IA Knowledge (Hard Skills)
• Documentation Review (Hard Skills)
• Monitoring Solutions (Hard Skills)
• ATO Support (Hard Skills)
• Threat Focus (Hard Skills)
• Intrusion Remediation (Hard Skills)
• Stakeholder Coordination (Soft Skills)
• Standards Implementation (Hard Skills)

Job Summary: 

• Establish, maintain, and audit program IT enterprise infrastructure baseline configurations.
• Provide IA and RMF services such as System Security Plans (SSPs), risk assessments, audit policies, scanning policies, POA&Ms, HBSS implementation, Data Interface CONOPS, COOP/DR, IA Cert Checks, and MOUs/MOAs.
• Design information system (IS) architectures.
• Translate customer requirements into formal agreements and plans to ensure customer acceptance and results.
• Anticipate future customer, industry, and business trends.
• Create innovative solutions to problems involving finance, scheduling, technology, methodology, tools, and solution components.
• Apply expert knowledge of organizational operations and business objectives.
• Collect, analyze, and interpret process data in one or more areas.
• Apply process improvement, reengineering methodologies, and internet-related principles to conduct process modernization projects.
• Provide continuous monitoring support for information systems.

Skills on Resume: 

• Configuration Management (Hard Skills)
• RMF Services (Hard Skills)
• System Architecture (Hard Skills)
• Customer Agreements (Soft Skills)
• Trend Anticipation (Soft Skills)
• Innovative Solutions (Soft Skills)
• Process Improvement (Hard Skills)
• Continuous Monitoring (Hard Skills)

Job Summary: 

• Understand system architecture to maintain compliance with DoD’s RMF Assessment and Authorization (A&A) process.
• Interpret and implement DoD IT security policies and compliance measures.
• Identify appropriate RMF controls for various classified and unclassified systems.
• Interface with IA support staff to coordinate RMF A&A activities.
• Monitor computer usage and audit logs to ensure compliance with IA controls and reporting requirements.
• Maintain continuous awareness of operational status and vulnerabilities.
• Prepare, review, and process accreditation packages in alignment with established security plans.
• Initiate requests for temporary and permanent exceptions, deviations, or waivers to IA requirements.
• Ensure the successful implementation and functionality of security requirements and IT policies that align with organizational missions and goals.
• Define and implement policies and procedures to protect critical infrastructure.
• Ensure Plans of Action and Milestones (POA&Ms) or remediation plans are in place for vulnerabilities identified during risk assessments, audits, and inspections.
• Coordinate IA inspections, tests, and reviews for the network environment.

Skills on Resume: 

• System Architecture (Hard Skills)
• Policy Implementation (Hard Skills)
• RMF Controls (Hard Skills)
• IA Coordination (Soft Skills)
• Log Monitoring (Hard Skills)
• Accreditation Packages (Hard Skills)
• Policy Development (Hard Skills)
• Remediation Planning (Hard Skills)

Job Summary: 

• Integrate IA requirements into continuity planning for systems and organizations.
• Ensure protection and detection capabilities are acquired or developed using IS security engineering approaches consistent with organization-level IA architecture.
• Evaluate and approve development efforts to confirm baseline security safeguards are properly installed.
• Incorporate cost-benefit, economic, and risk analyses into decision-making processes.
• Identify IT system security requirements across all phases of the System Life Cycle.
• Participate in information security risk assessments during the Security Assessment and Authorization process.
• Engage in the acquisition process while applying supply chain risk management practices.
• Contribute to the development or modification of IA security program plans and requirements for computer environments.
• Prepare, distribute, and maintain plans, instructions, guidance, and standard operating procedures concerning network system security operations.
• Provide system-related input on IA security requirements for statements of work and procurement documents.
• Recognize potential security violations and take appropriate action to report incidents.
• Recommend resource allocations necessary to securely operate and maintain organizational systems.
• Supervise or manage protective and corrective measures when IA incidents or vulnerabilities are discovered.

Skills on Resume: 

• Continuity Planning (Hard Skills)
• Security Engineering (Hard Skills)
• Safeguard Evaluation (Hard Skills)
• Risk Analysis (Hard Skills)
• Lifecycle Security (Hard Skills)
• Supply Chain Risk (Hard Skills)
• Program Development (Hard Skills)
• Incident Management (Hard Skills)

Job Summary: 

• Support the Information Assurance (IA) program for local DMLSS-W applications, including information security, privacy, information assurance, assembly and integration, cross-discipline functions, data engineering, knowledge engineering, legacy evolution, and system infrastructure.
• Apply expertise with the Risk Management Framework (RMF) for DoD Information Technology (IT).
• Work with the DoD Information Assurance Certification and Accreditation Process (DIACAP).
• Utilize experience with the DoD Enterprise Mission Assurance Support Service (eMASS) to manage security compliance activities.
• Leverage a development background to review and resolve findings in the Application Security and Development Security Technical Implementation Guide (ASD STIG), supporting Microsoft C# .NET, ASP.NET Forms-based development, and ASP.NET MVC frameworks.
• Conduct vulnerability scanning using tools such as Fortify.
• Ensure DoD information system architectures and designs are functional and secure.
• Collaborate with the HQ Information System Security Manager (ISSM) to review, apply, and maintain IA policies and procedures, certification plans, and accreditation documentation.
• Perform security analyses and risk/vulnerability assessments to maintain compliance.
• Coordinate certification and accreditation activities for project teams, evaluate IA technologies for project/system applications, and support security engineering efforts.

Skills on Resume: 

• IA Program Support (Hard Skills)
• RMF Expertise (Hard Skills)
• DIACAP Knowledge (Hard Skills)
• eMASS Management (Hard Skills)
• STIG Compliance (Hard Skills)
• Vulnerability Scanning (Hard Skills)
• Secure Architecture (Hard Skills)
• Risk Assessment (Hard Skills)

Job Summary: 

• Participate in IA working groups and planning teams to align security with mission goals.
• Manage long-term IA projects locally and interface with senior management for oversight and reporting.
• Provide clear and concise guidance to customers, teams, and management, and interpret network diagrams and data flow documentation.
• Coordinate IA management activities with the DLA J-6 office.
• Develop and deliver technical advice to support IA components of the DMLSS-W effort.
• Enforce IA and security standards and procedures to ensure audit readiness and compliance.
• Ensure compliance with system security requirements throughout all phases of system lifecycles unless explicitly waived.
• Enforce awareness and precautionary measures to prevent unauthorized access or unapproved changes to ICS and OT assets.
• Ensure users and privileged users receive proper training in general security awareness and specialized knowledge required for safe operation and maintenance of assigned systems.
• Validate assessment and authorization documents and technical assessment results to confirm that the level of risk is within acceptable limits for each software application, system, and network.

Skills on Resume: 

• IA Project Management (Hard Skills)
• Customer Guidance (Soft Skills)
• IA Coordination (Soft Skills)
• Technical Advice (Hard Skills)
• Standards Enforcement (Hard Skills)
• Lifecycle Compliance (Hard Skills)
• Security Training (Soft Skills)
• Risk Validation (Hard Skills)

Job Summary: 

• Assist with the implementation of countermeasures and mitigating controls.
• Create, submit, and validate Risk Management Framework (RMF) packages in compliance with NIST 800-53.
• Ensure the integrity and protection of networks, systems, and applications by enforcing organizational security policies and monitoring vulnerability scanning devices.
• Use Enterprise Mission Assurance Support Service (eMASS) for RMF-related activities.
• Perform periodic and on-demand system audits and vulnerability assessments, including user accounts, application access, file system reviews, and external web integrity scans, to verify compliance.
• Prepare incident reports detailing analysis methodologies and results.
• Provide guidance and leadership to less experienced technical staff and assume supervisory responsibilities.
• Support system or enclave information assurance programs through security assessment and authorization activities in compliance with RMF.
• Prepare and review security-relevant artifacts, including System Security Plans (SSPs), Risk Assessment Reports, A&A packages, network/system diagrams, Incident Response Plans, Configuration Management (CM) Plans, and maintenance procedures.
• Conduct independent comprehensive assessments of management, operational, and technical security controls and control enhancements employed within or inherited by IT systems to determine overall control effectiveness.

Skills on Resume: 

• Mitigating Controls (Hard Skills)
• RMF Packages (Hard Skills)
• Network Protection (Hard Skills)
• eMASS Utilization (Hard Skills)
• System Auditing (Hard Skills)
• Incident Reporting (Hard Skills)
• Staff Leadership (Soft Skills)
• Control Assessment (Hard Skills)

Job Summary: 

• Act as lead Cybersecurity Engineer in accordance with AR 25-2 responsibilities.
• Assist customers in developing and maintaining secure Cybersecurity Baselines that comply with RMF for DoD IT and other required certifications and specifications.
• Update accreditation package artifacts or assist hosted system personnel in doing so, ensuring storage in the organizationally defined repository (e.g., system diagrams, hardware/software/firmware inventories, interface and PPS listings).
• Assist in preparing network infrastructure specifications or designs that incorporate required information security features.
• Review and evaluate Information System Design Plans, Continuity of Operation Plans, Communication Plans, engineering change proposals, and configuration changes for compliance with security regulations, policies, and industry best practices.
• Develop creative, technical, and procedural solutions to secure information systems effectively while minimizing operational overhead.
• Implement technical security functionality to comply with NIST SP 800-53A controls and ensure protection of computer systems, networks, and information.
• Validate the efficiency and effectiveness of security components through continuous monitoring.
• Maintain system security posture by applying periodic DISA STIG configurations and vulnerability patch updates.
• Perform self-assessments of information systems using manual and automated compliance tools to obtain or maintain a DoD RMF ATO.
• Propose justifications and mitigating countermeasures to reduce or eliminate risks associated with identified vulnerabilities.

Skills on Resume: 

• Cybersecurity Leadership (Soft Skills)
• Baseline Development (Hard Skills)
• Accreditation Artifacts (Hard Skills)
• Network Design (Hard Skills)
• Plan Evaluation (Hard Skills)
• Security Solutions (Hard Skills)
• Continuous Monitoring (Hard Skills)
• Risk Mitigation (Hard Skills)