• Create, maintain, and submit information system security documents (e.g., IA SOP, SSP, RAR, SCTM).
• Report to regulatory agencies and internal and external business partners.
• Assess and mitigate system security threats and risks throughout the program life cycle.
• Validate system security requirements definition and analysis.
• Establish system security documentation.
• Assist with the implementation of security procedures.
• Verify information system security requirements.
• Perform information system certification and accreditation planning, testing, assessment, and liaison activities.
• Conduct and facilitate meetings and presentations.
• Schedule, coordinate, and lead tasks, meetings, and projects.

Skills: Security Documentation, Compliance Reporting, Risk Assessment, Requirements Validation, Certification & Accreditation, Procedure Implementation, Meeting Facilitation, Project Coordination

• Deliver success through empowerment and accountability by modeling, coaching, and caring.
• Model culture, embody values, and practice leadership principles.
• Coach by defining team objectives and outcomes, enabling success across boundaries, and helping the team adapt and learn.
• Care by attracting and retaining great people, knowing each individual’s capabilities and aspirations, and investing in the growth of others.
• Identify and detect control failures.
• Design solutions to address identified control issues (e.g., network, identity, high security), taking intended and unintended consequences into account.
• Operationalize and scale programs and solutions appropriately.
• Understand engineering requirements to apply controls in compliance with the NIST Risk Management Framework (RMF).
• Translate security policy and standards into effective controls.
• Contribute to and maintain accurate and comprehensive security policy and standards.

Skills: Leadership Empowerment, Cultural Modeling, Team Coaching, Talent Development, Control Assessment, Security Solution Design, Program Operationalization, Policy Compliance

• Ensure system security measures comply with applicable government policies.
• Provide configuration management and accurately assess the impact of modifications and vulnerabilities for each system.
• Conduct internal vulnerability assessments of the IS to identify and mitigate potential security weaknesses.
• Ensure that all security features applied to a system are implemented and functional.
• Draft and/or prepare and maintain security Assessment and Authorization documentation (e.g., IA SOP, SSP, RAR, test results).
• Maintain a thorough understanding of NIST 800-53 controls.
• Determine which controls apply to the system, as well as document implementation in applicable policies and eMASS test results.
• Maintain awareness of upcoming customer/government-driven changes and challenges, and suggest approaches to meet those challenges.
• Take responsibility for the information listed in DAAPM 2.0 Section 3.6 Information System Security Manager (ISSM).
• Manage System Administrator and ISSO activities.

Skills: Policy Compliance, Config Management, Vulnerability Testing, Security Implementation, A&A Documentation, NIST Controls, Change Management, Security Oversight

• Serve as a Subject Matter Expert with respect to National-level Security Policies, including ICD 503, NIST SP-800 Series, and CNSS Instruction 1253.
• Communicate and interact with all system stakeholders, including Senior Management and the Authorizing Official.
• Ensure ISSOs and stakeholders follow all information security policies, standards, and methodologies to obtain and/or maintain security authorizations for information systems.
• Provide support to organizations in maintaining the appropriate operational IA posture for systems, programs, or enclaves.
• Provide support on all matters (technical and otherwise) involving the security of the information system.
• Assist in the development and execution of an enterprise-level continuous monitoring program to minimize security risks and ensure compliance with that program on a routine basis.
• Guide the development and updating of the system security plan, as well as managing and controlling changes to the system, and assessing the security impact of those changes.
• Provide support to plan, coordinate, and implement IT security programs and policies.
• Provide configuration management guidance for security-relevant information system software, hardware, and firmware.

Skills: Policy Expertise, Stakeholder Communication, Compliance Oversight, IA Support, Security Support, Continuous Monitoring, Plan Management, Config Guidance

• Plan and coordinate security accreditation reviews and risk analysis for new and installed systems/networks.
• Assess and advise on security measures and countermeasures based on the results of reviews
• Utilize the NIST Risk Management Framework and serve as the point of contact (POC) for all security matters related to assigned systems.
• Collaborate with stakeholders to develop security plans and policies.
• Defend against unauthorized access to systems, networks, and data, including advising Bureau leadership on cybersecurity status and educating stakeholders on cybersecurity and processes.
• Develop and implement security programs, policies, and procedures to ensure the security, reliability, and accessibility of information systems, networks, and data, in accordance with the Security Plan (SP)
• Provide input to the Risk Management Framework process activities and related documentation.
• Participate in network and systems design to ensure implementation of appropriate security controls according to defined security implementation plans.
• Assist with other IS/security tasks.
• Work as the Information System team’s point of contact for the local office.

Skills: Accreditation Reviews, Risk Analysis, RMF Expertise, Security Planning, Cybersecurity Defense, Program Development, Security Integration, IS Point-of-Contact

• Provide mentoring and technical leadership to the information security program team.
• Lead the development and deployment of program information security for assigned systems to meet program and enterprise requirements, policies, standards, guidelines, and procedures.
• Manage Risk Management Framework (RMF) processes, product development, and product maintenance for assigned systems.
• Manage and perform security compliance continuous monitoring.
• Lead and participate in security assessments and audits.
• Prepare, review, and present technical reports and briefings.
• Identify root causes, prioritize threats, and recommend and implement corrective actions.
• Explore the enterprise and industry for evolving knowledge and methods regarding information security best practices.
• Develop enterprise-wide information security policies, standards, guidelines, and procedures across multiple stakeholder organizations.
• Conduct periodic hardware and software inventory assessments.

Skills: Leadership, Security Program Management, RMF Management, Compliance Monitoring, Security Audits, Technical Reporting, Threat Mitigation, Policy Development

• Recommend, implement, and maintain a secure document management system to streamline the Security Assessment and Authorization process, ensuring all documentation needed for system accreditation is efficiently handled.
• Apply detailed knowledge of DISA STIGs, SCAP Compliance Checker (SCC), and IAVA to enforce secure configurations across platforms.
• Evaluate current security procedures and suggest enhancements to ensure all changes are properly reviewed for their security impact.
• Conduct thorough analysis and deliver strategic recommendations to improve cybersecurity capabilities.
• Maintain secure system configurations for Microsoft, Linux, and third-party software using DISA and NSA guidelines.
• Coordinate and schedule system maintenance windows, ensuring minimal disruption and proper documentation of downtimes.
• Perform detailed vulnerability assessments and risk analyses on systems and applications to identify and mitigate threats.
• Enforce strict adherence to configuration management protocols and obtain necessary approvals before implementation.
• Collaborate closely with the ISSM, SCA, or designated Cybersecurity authority to align system changes with security requirements.
• Initiate, document, and track exceptions, deviations, or waivers from established cybersecurity policies.

Skills: Document Management, Secure Configurations, Procedure Enhancement, Cyber Analysis, System Hardening, Maintenance Coordination, Vulnerability Assessment, Config Compliance

• Ensure the confidentiality, integrity, and availability of classified Information Systems (IS) and data using approved network engineering, information security standards, and industry best practices.
• Provide expertise in the design, development, and implementation of information management (IM) measures that safeguard systems, networks, and data.
• Develop, implement, and update Information Management Plans.
• Develop, coordinate, and implement short- and long-term strategies for reliable and secure operation, evolution, and growth of automation hardware and software infrastructure.
• Ensure training and certification to DoD baseline requirements at IM Level II and provide expertise in continuous monitoring and maintenance of the IM posture of IM systems.
• Apply knowledge and expertise in cybersecurity requirements, network technologies, and computer security as applied to Department of Defense (DoD) networks.
• Assist in producing, maintaining, and revising Cybersecurity Operating Procedures, System Security Plans, and Approval to Operate documentation in eMass.
• Provide IT policy guidance for application development, planning, network implementation, systems integration, communication support, computer-communication maintenance, and asset management.
• Provide IT guidance for test area real-time computers, support computers, and network systems.
• Perform upgrades, security patches, backups, account maintenance, and access control maintenance.
• Perform security scans to ensure systems comply with STIG and patch-level requirements.
• Generate and collect audit logs for Information Systems.
• Perform system changes in accordance with Configuration Management processes.

Skills: Information Assurance, IM Planning, Strategy Development, Continuous Monitoring, Cybersecurity Expertise, Policy Guidance, System Maintenance, Compliance Auditing

• Coordinate BI/PIV background investigations and physical access for security personnel as related to security tools used by the organization.
• Ensure all information security evidence is accurate, complete, and less than one year old.
• Respond to data calls about information security and privacy in coordination with the CISO Office.
• Review security questionnaires periodically to ensure they reflect the current status.
• Review Governance, Risk, and Compliance (GRC) when system changes are implemented, determine impact, and implement plans to update ATO.
• Coordinate required scans with the CISO Office and security operations centers.
• Support Security Controls Assessments (SCAs) conducted in coordination with the CISO Office.
• Assist with the management of information security incidents related to data or systems.
• Comply with federal security and privacy laws, regulations, and standards.
• Ensure compliance with current cybersecurity policies, concepts, and measures.
• Monitor and ensure unauthorized personnel are not granted use of, or access to, an Information System requiring a background clearance.
• Monitor system recovery processes to ensure security features and procedures are properly restored in accordance with established policies and procedures.
• Document special security requirements identified by stakeholders and the protection measures implemented to fulfill these requirements for data contained in the information system.

Skills: Background Investigations, Evidence Management, Data Call Response, Security Reviews, GRC Oversight, Security Assessments, Incident Management, Compliance Monitoring

• Oversee the IS security program and policies for the assigned area of responsibility.
• Develop and maintain System Security Plans (SSPs) and associated artifacts such as the Plan of Action & Milestones (POA&M), Risk Assessment Report, and Continuous Monitoring Strategy.
• Manage the security configuration and advise changes to classified systems and networks in a variety of traditional and virtual environments, including Linux, Unix, Sun, Mac, and Windows.
• Ensure system information is protected while operated, maintained, and disposed of in accordance with organizational security policies and procedures.
• Ensure measures are taken to report, respond, and remediate IS incidents and spillages.
• Advise system owners of current cybersecurity policies and concepts when designing, procuring, adopting, and developing systems throughout the system life cycle.
• Ensure audit records are collected and analyzed in accordance with the SSP.
• Lead efforts to conduct network, system, and application vulnerability scanning, configuration assessment, risk assessment, continuous monitoring, and remediation.
• Maintain a working knowledge of system functions, security policies, technical security safeguards, and operational security measures.
• Implement an effective IS security education, training, and awareness program, including providing training.
• Lead efforts to prepare for and participate in periodic organization compliance assessments.
• Ensure account management occurs and related documentation is complete and updated.

Skills: Program Oversight, Security Documentation, Config Management, Data Protection, Incident Response, Policy Advisory, Vulnerability Management, Security Training

• Serve as a mentor to the ISSO and Information Systems Security Auditor (ISSA).
• Manage and coordinate information security monitoring, inspections, and incident response.
• Develop, implement, and manage a formal information security and information systems security program.
• Develop, review, sign, maintain, and oversee information systems security plans (SSPs) and Assessment and Authorization (A&A) in accordance with DoD-mandated policies.
• Perform audit reviews of systems comprised of multiple operating systems using security information and event management (SIEM) products to track multiple events, including signs of inappropriate or unusual activity, intrusion events, and data transfers, and report findings to the ISSM Team Lead.
• Perform recurring self-assessments on all systems under purview to ensure compliance with documented security requirements and to detect system-level vulnerabilities.
• Prepare detailed reports of findings and ensure proper protection and corrective measures are taken immediately, or develop a Plan of Action and Milestones (POA\&M) to document planned actions.
• Interact directly with U.S. Government Security Control Assessors (SCAs) during on-site assessments to demonstrate compliance with technical configuration requirements and enforcement of written security policy.
• Continuously update all required system documentation, including the SSP, POA&M, Risk Assessment Report, and system component inventories.
• Develop procedures for responding to security incidents, investigating, and reporting security violations and incidents.

Skills: Mentorship, Security Monitoring, Program Management, Security Documentation, Audit Reviews, Compliance Assessments, Reporting, Incident Procedures

• Develop, implement, and enforce information security policies and procedures.
• Perform the steps involved in the execution of the Risk Management Framework (RMF), including documentation generation, controls compliance testing, and continuous monitoring activities for systems.
• Develop and periodically review training materials and standard operating procedures covering all technical and administrative aspects of system operations.
• Work with IT to perform initial system assessments to ensure required security controls are implemented and operating correctly before production authorization.
• Work with IT to develop automated processes to assist in maintaining system compliance and documentation updates.
• Collaborate with IT to oversee effective change management policies and procedures for authorizing hardware and software use on information systems.
• Evaluate proposed changes against Government security requirements and recommend approval or denial based on a security impact analysis.
• Review and ensure implementation of bulletins and advisories that impact the security posture of information systems covered by SSPs.
• Review systems for compliance with Government requirements and provide recommendations for improvements.
• Develop an information systems security education, training, and awareness program.

Skills: Policy Enforcement, RMF Execution, Training Development, System Assessment, Automation Support, Change Management, Security Evaluation, Compliance Review

• Lead tactical and operational security delivery for all security programs and resources in a country or subregion, or manage multiple security programs focused on a fundamental aspect of the security strategy.
• Provide guidance and interpretation of security standards, practices, and programs to support regional and global business and security initiatives.
• Develop tailored training and audit programs to facilitate consistent quality program delivery.
• Oversee the provision of investigations within the region or elsewhere as requested by Global Security Management.
• Assess security exposures and implement programs to address them, influencing stakeholders and clients.
• Maintain data and utilize performance intelligence to assess program ROI, calibrate direction, and demonstrate value to clients.
• Manage operational budgets, financial reporting, and third-party vendor contracts for areas of responsibility under the supervision of the Director.
• Maintain liaison with government, industry, and intelligence professionals.
• Respond to security emergencies.
• Ensure implementation of security measures and the safeguarding of personnel, facilities, and information in compliance with applicable regulations, directives, executive orders, laws, and contractual requirements.
• Assist with coordinating classified meetings held in the secure facility.

Skills: Security Leadership, Standards Guidance, Training Programs, Investigation Oversight, Risk Mitigation, Performance Analysis, Budget Management, Emergency Response

• Control, track, and process incoming and outgoing intelligence community classified visit requests.
• Provide support to the Site Security Manager, including interfacing with program management to address security-related concerns.
• Support business development, review and provide input to RFPs, and author security volumes.
• Implement and operate classified systems.
• Assist with the Security Awareness, Training, and Education program.
• Ensure that all classified computing systems (standalone systems, LANs, and WANs) are established and maintained in compliance with customer requirements, that users correctly follow security procedures, and that all classified information systems are properly secured.
• Generate and maintain Security Standard Operating Procedures associated with classified systems.
• Conduct weekly security checks of all accredited systems.
• Perform system administration functions for modern operating systems and applications, including installing and configuring operating systems, installing patches and updates, adjusting security controls to meet federal requirements, monitoring operation, and creating and managing system backups.
• Ensure System Security Plans for all classified computing areas are maintained.

Skills: Visit Management, Security Support, Proposal Input, Classified Systems, Security Training, SOP Management, System Administration, Plan Maintenance

• Support IS Security Management and oversight for both classified and unclassified information systems to meet corporate and mission-critical requirements.
• Provide technical expertise in protecting internal G&C information systems across all security levels.
• Assist in implementing cybersecurity policies, procedures, and hardening measures to ensure the availability, integrity, authentication, and confidentiality of systems.
• Maintain in-depth knowledge of network security tools such as SIEMs, IDS/IPS, and firewalls, with the ability to modify and update configurations.
• Apply technology, structured processes, and governance policies to proactively detect, prevent, and respond to security threats and incidents.
• Continuously monitor systems, address vulnerabilities, and allocate resources to deploy cost-effective and up-to-date security solutions.
• Work in coordination with internal IT teams and external security vendors to ensure consistent application of security best practices.
• Generate regular reports and provide critical security updates to executive leadership and stakeholders.
• Plan and execute security-focused initiatives and special projects to support the strategic vision of the F-35 LOG IS Director.
• Develop, manage, and complete project and program plans using standard U.S. Government IT tools and compliance practices.
• Prepare and maintain Information System Security Plans (SSPs) and Protection Profiles to guide secure system operation.
• Collaborate closely with DCSA representatives and government ISSPs to achieve and sustain system accreditation in line with NISPOM, JSIG, ICD 503, JAFAN, and customer requirements.
• Conduct system audits, investigations of security violations, and training programs to promote awareness and ensure continuous compliance with computer security standards.

Skills: Security Oversight, Technical Expertise, Policy Implementation, Network Security, Threat Response, Continuous Monitoring, Project Management, Compliance Auditing

• Experience in the information technology field, with DoD 8570 IAM Level II certification.
• Experience supporting Air Force ISR operations.
• Knowledge of RMF process, eMass, and XACTA workflow tools.
• Experience using relevant USAF systems and databases.
• Knowledge of USAF policies and procedures relating to information technology.
• Experience working with cloud computing and infrastructure (AWS, Azure, etc.).
• AWS Security Engineering Course.
• ISC2 Certified Information Systems Security Professional Course and ISC2 Certified Cloud Security Professional Course.
• Experience working with Jira and Confluence.
• Experience with Air Force ISR units.
• Skill in analyzing complex cyber and operational issues, identifying root causes, and recommending practical solutions.
• Proficiency in translating technical requirements into clear, actionable guidance for both technical and non-technical stakeholders.

Qualifications: BS in Network Engineering with 5 years of Experience

• Must be DoDM 8140.03 compliant with certifications, preferably CISSP or Associate, and RHCSA to correspond to an IA Management Level III designation.
• Previous ISSM/ISSO experience.
• Linux operating system experience.
• Familiarity with Jira, Confluence, Portfolio, Service Desk, and MS Project.
• Expertise in using tools like Nessus, OpenVAS, or ACAS to assess, remediate, and track vulnerabilities across enterprise systems.
• Ability to lead or support cybersecurity incident handling, root cause analysis, and digital forensics investigations.
• Practical experience applying DISA STIGs, CIS Benchmarks, or other hardening guidelines to Linux and Windows systems.
• A general commitment to excellence, a dedication to producing quality work results, and an ability to learn and apply new skills.
• Must be a flexible, positive, and energetic team player.
• Able to work in a fast-paced environment, adapt to changes, and work with minimal supervision.
• Must be courteous and professional when interacting with colleagues and customers.
• Solid ability to identify and solve problems, plan and prioritize personal tasks, and effectively communicate verbally and in writing.

Qualifications: BS in Information Systems with 7 years of Experience

• Strong knowledge of information systems security components and best practices, including firewalls, intrusion detection systems, anti-virus software, data encryption, and other industry-standard techniques and practices.
• ISSO or ISSM experience in the defence industry or information system security or both.
• Experience implementing Risk Management Framework (RMF).
• Possess DoD Approved 8570 IAM Level III Certification.
• Experience with Defense Security Service (DCSA) accreditation process and Intelligence Community Directives for information systems.
• Experience with the SCAP Compliance Checker and the DISA STIG Viewer.
• Experience with Windows Server 2016 and Microsoft Exchange Server 2016.
• Ability to assess threats, interpret logs, and anticipate risks beyond the obvious.
• Strong problem-solving and troubleshooting abilities.
• Clear communication, both written and verbal, explaining security concepts to both technical and non-technical stakeholders, including leadership.
• Good collaboration and teamwork skills.
• Can stay current with evolving DoD policies, emerging threats, and new tools.

Qualifications: BS in Software Engineering with 8 years of Experience

• Hands-on experience in IT, System Security, or Cybersecurity/Risk Compliance, managing a server and Active Directory policies (GPOs) in either the Defense Industry, Information Systems Security, or a combination of both.
• Experience with SIEM solutions (e.g., Splunk, ArcSight, or Elastic) and endpoint detection/response (EDR) platforms.
• Working knowledge of firewalls, IDS/IPS, VPNs, and secure network design principles.
• Familiarity with CM tools (e.g., Ansible, Puppet, or SCCM) and formal change management processes in secure environments.
• Ability to implement and maintain ongoing monitoring per NIST SP 800-137 and DoD guidelines.
• Proven skill in drafting security plans, standard operating procedures (SOPs), and assessment reports for accreditation and compliance.
• Solid analytical ability to understand and interpret Department of Defense (DoD) and company security policies and procedures.
• Substantial communication and interpersonal skills to advise customers of DoD and company industrial security policies and procedures.
• Confidence in developing presentations and effectively leading meetings and conference calls.
• A team-based mentality with exceptional attention to detail.
• Be a self-starter, able to work under pressure and with limited supervision, and work well with others in a large and diverse environment.
• Ability to successfully prioritize and manage to completion multiple complex tasks and deliverables, and demonstrate the highest degree of integrity and accountability in all actions.

Qualifications: BS in Data Analytics with 5 years of Experience

• Experience with System Administration functions in a networked environment.
• Experience with eMASS, Security Technical Implementation Guides (STIGs), computer networking, and one or more operating systems.
• Ability to be briefed on Special Access Programs (SAPs).
• Experience as an ISSM or ISSO, and the ability to complete required ISSM training within 90 days of hire.
• CISSP or IAM Level III Certification within DoD 8140 requirements.
• Knowledge of National Industrial Security Program Operating Manual (NISPOM), Joint Special Access Program Implementation Guide (JSIG), Intelligence Community Directives (ICD) 503/703, STIGs, the RMF process, or associated National Institute of Standards and Technology (NIST) publications.
• Knowledge of government classified contracts and DD 254 requirements from an information security perspective.
• Ability to evaluate complex technical and policy situations, weigh risks, and make sound security decisions quickly.
• Skill in guiding junior staff, delegating tasks, and fostering professional development in security teams.
• Excellent organizational skills.
• Strong oral and written communication skills.
• Ability to work in a team environment, be highly motivated, learn and acquire new skills, and adapt to an ever-changing security environment.

Qualifications: BS in Computer Science with 9 years of Experience

• Experience with Special Access Programs (SAP).
• Direct experience with an intelligence community or signals intelligence activity.
• Experience in network and/or system administration, preferably in cloud computing.
• Information assurance experience, including evaluating, testing, certifying, and accrediting of classified and sensitive but unclassified information systems as well as Commercial Off The Shelf (COTS) and Government Off The Shelf (GOTS) products.
• Current CISSP Certification and IAM DoD Level 1 Security certification (CAP, GSLC, or Security+ CE).
• Experience with analysis and evaluation of both hardware and software in support of the Intelligence Community (IC), Department of Defense, and other Federal Government Agencies.
• Experience assessing and auditing network penetration testing, antivirus planning assistance, risk analysis, and incident response.
• Experience applying security risk assessment methodology to system development, including threat model development, vulnerability assessments, and resultant security risk analysis.
• Experience or knowledge of construction for a secure area, ICD 705.
• Experience managing COMSEC, keying devices, and lifecycle planning.
• Strong communication and presentation skills, as well as the ability to interface effectively with employees and customers at all levels.
• Ability to travel to customer locations upon request.

Qualifications: BS in Information Systems with 12 years of Experience

• Experience in a similar systems security manager or officer role
• Must have the following Information Assurance certifications or security training: DSS NISPOM Risk Management Framework Courses, DOD 8570.01-M certification at IAT level 3, such as CISSP or CISM, and Certified Authorization Professional (CAP) through (ISC).
• Understanding of the technical configurations of Windows Operating Systems in physical and virtual environments, other operating systems, including Linux.
• Working knowledge of NIST security publications.
• Ability to read and understand event logs from Windows and Linux.
• Knowledge of tools to parse logs, scan operating systems for vulnerabilities, and perform compliance checking.
• Experience investigating, containing, and remediating security incidents, and familiarity with SOC workflows.
• Knowledge of PKI, certificate management, data-at-rest/data-in-transit encryption, and cryptographic standards.
• Skill in using Python, PowerShell, or Bash to automate security checks, log parsing, and compliance tasks.
• Experience preparing for and supporting DoD or federal security inspections, audits, and authorization packages.
• Good customer service skills, including good interpersonal skills and the ability to communicate effectively with all levels of employees.
• Ability to see the “big picture” and align security priorities with organizational and mission objectives.

Qualifications: BS in Management Information Systems with 10 years of Experience

• IAT Level III Certification (CISSP or equivalent).
• Expert knowledge and experience in A&A with ICD-503.
• Strong knowledge and experience with NIST SP 800-53 and associated security controls implementation and verification.
• Experience with system hardening, including STIGs.
• Proficiency in validating and verifying system security requirements, definitions, and analysis, and establishing system security designs for controls.
• Experience with building IA into systems and services, deploying into operational environments at multiple classification levels.
• Experience with assessing and mitigating system security threats/risks throughout the program life cycle.
• Knowledge of security planning, assessment, risk analysis, risk management, and awareness activities for system and networking operations.
• Experience with creating and reviewing A&A Body of Evidence documentation, providing feedback on completeness and compliance of its content.
• Ability to develop and execute Site-Based Security Assessment (SBSA) in close cooperation with team members.
• Outstanding communication skills, including verbal and written, with the ability to brief authorizing officials on the technical security-relevant aspects of software.
• Experience implementing A&A packages using XACTA and eMASS.
• Proficiency in the development and maintenance of Site-Based Security Assessment, Security Compliance Traceability Matrix, Security Test Plans, and Plan of Action & Milestones.
• Familiarity with the National Cross Domain Strategy & Management Office and its processes.
• Experience working with and implementing Cross Domain Solutions Design and Implementation requirements ("Raise the Bar").
• Experience working with Virtualization technologies (Xen, Citrix, VMware, OpenXT).
• Understanding of Linux-based systems (RHEL).

Qualifications: BS in Information Assurance with 14 years of Experience

• Knowledge of Information Security standards, legislation, and practices, and awareness of and operation within an ISO/IEC 27000 information systems security framework.
• Strong technical writing abilities.
• A professional information security qualification (CISMP, CISSP, or PCIRM qualification).
• Proven and comprehensive experience in information technology architecture, network infrastructure, or security operations.
• Leadership experience of a team of professionals.
• Working knowledge of operating, or compliance with Information Security principles or processes, in an environment of diverse business systems.
• Experience in a technical discipline such as Networking or IT Support, including technologies such as Anti-Virus, encryption, Microsoft Windows, Linux, and iOS.
• Proficient experience in identifying, classifying, prioritising, and remediating vulnerabilities.
• Experience in dealing with all elements of Information Security, operating in an ITIL-based environment.
• Comprehensive experience in responding to security events and incidents, including remediation with peer teams.
• Experience with Identity Management and Incident Response systems.
• An ability to change and improve processes, systems, and people to achieve outcomes.
• Can work with third-party security providers to complement internal teams.

Qualifications: BS in Applied Mathematics with 8 years of Experience

• Expertise in client/server application deployment, support, and activity tracking.
• Strong knowledge of IT architecture, security methodologies, and compliance auditing frameworks, including PCI-DSS and PA-DSS.
• Experience drafting information security standards, assessing risk, and defining effective controls.
• Skilled in administering enterprise-level Microsoft and Unix-based server applications such as Microsoft System Centre, MBAM, and Advanced Threat Analytics.
• Advanced scripting ability in PowerShell, Python, and Shell with experience automating tasks and processes.
• Proficient in configuring and managing databases and database-backed applications (SQL Server, MySQL).
• Extensive experience with network and security analysis tools, intrusion detection and prevention (host and network), and misuse prevention technologies (Anti-Spam, Anti-Virus, Anti-DDoS).
• Skilled in penetration testing and vulnerability scanning with tools such as Metasploit and Nessus.
• Expertise in deploying, configuring, and securing virtualized and cloud environments (IaaS, SaaS, PaaS, VMware).
• Strong background in federated access control technologies, including Shibboleth and ADFS.
• Expert-level knowledge of Windows and Unix-like operating systems (Solaris, Linux, OpenBSD, macOS) across server and client environments.
• Comprehensive understanding of TCP/IP networking, client-server architecture, and protocols.
• Strong hands-on experience with next-generation firewalls and IPS technologies (Cisco ASA, Juniper, Fortinet, Palo Alto, FireEye).
• Expert knowledge of access control technologies (LDAP, Kerberos, Active Directory), VPNs, and multi-factor authentication tools.
• Advanced expertise in encryption technologies at the network, file, and file-system levels, as well as cryptographic certificates and certificate authorities.
• Excellent communication, presentation, and training skills with the ability to explain complex concepts across all technical levels and deliver impactful security awareness programs.

Qualifications: BS in Software Security Engineering with 15 years of Experience

• Experience with information systems security engineering for classified environments.
• Hands-on experience with IA and Cybersecurity architecture, requirements, determination, development, and implementation.
• Experience with security features and vulnerabilities of various operating systems as defined by NSA, NIST, DISA (STIGs), and USCYBERCOM.
• Experience with network and system security administration, including operating system security configuration and account management best practices for Windows and Linux.
• Experience with IA-related testing and assessment tools, for example, Security Content Automation Protocol (SCAP), Security Technical Implementation Guide (STIG) Viewer, and so on.
• Experience with information security tool sets such as anti-virus, security information and event management (SIEM), and HIDS/NIDS.
• Successfully taken on and resolved projects with limited direction and supervision.
• Experience working with eMASS, ACAS, NESSUS, Splunk, SCAP, POA&Ms, and system security audits.
• Experience implementing DoD and Federal Risk Management Framework, IA Certification and Accreditation Processes, and IA controls.
• Ability to use system testing, integration, and evaluation methods in relation to RMF assessment methodologies and processes.
• Ability to develop and maintain certification and accreditation documentation.
• Can apply analytical reasoning to anticipate threats, evaluate risks, and develop pragmatic security solutions under pressure.
• Good collaboration and teamwork abilities with clear communication skills.

Qualifications: BS in Artificial Intelligence with 9 years of Experience

• Experience in cyber security or information assurance, including in a DoD environment.
• Must hold one of the following certifications: CISSP, CAP, CASP+ CE, CISM, and CCISO.
• Experience with the certification and accreditation process.
• Significant experience in vulnerability scanning and analysis, including the use of automated tools and vulnerability management systems.
• Knowledge of intrusion prevention and network access control tools/systems.
• Understanding of system audit principles and security risk assessment.
• Strong understanding of security policy advocated by the U.S. Government, including the Department of Defense and appropriate civil agencies, e.g., NIST.
• General experience includes the development of both common user and special-purpose command and control/information systems with increasing responsibilities in the scope and magnitude of the systems for which solutions have been implemented.
• Solid understanding of network infrastructure and mission assurance.
• Familiar with Federal government and DOD standards for IA/security, including DIACAP, FISMA, NIST, and OMB.
• Solid communication skills and the ability to work with all levels of an organization.

Qualifications: BS in Digital Forensics with 7 years of Experience

• Proven experience implementing security policies, procedures, and compliance frameworks.
• Strong knowledge of continuous monitoring, audit processes, and vulnerability management.
• Hands-on experience administering Active Directory domain environments and virtualized environments (e.g., VMware, Hyper-V).
• Experience with security software solutions, including vulnerability scanners, SIEM platforms, and Data Loss Prevention (DLP) tools.
• Solid understanding of Ethernet networking, including wiring, switch configuration, and network management.
• Industry certifications such as CompTIA A+, CompTIA Security+, and Microsoft Certified Systems Engineer (MCSE).
• Familiarity with Risk Management Framework (RMF) processes and eMASS.
• Working knowledge of Defense Counterintelligence and Security Agency (DCSA) Assessment and Authorization Process Manual (DAAPM) and National Industrial Security Program Operating Manual (NISPOM).
• Demonstrated ability to educate and train users on proper system usage and security practices.
• Excellent communication skills with experience supporting end users and computer systems.
• Strong problem-solving abilities with proficiency in documentation and technical writing.

Qualifications: BS in Information Technology with 6 years of Experience

• Information Technology, Information Assurance, or Cyber Security engineering experience.
• Experience in conducting security assessments by reviewing security controls with the ISSO/ISSM and guiding programs through the RMF process.
• Proven expertise with assessing security controls in accordance with NIST Special Publications (i.e., NIST 800 Series).
• Proven in-depth knowledge of Cybersecurity principles, technologies, and processes.
• Experience with NIST 800-53, Security Development.
• Familiarity with performing assessments within cloud environments.
• Familiarity with performing assessments for Unclassified and Classified environments.
• Ability to adapt to process changes.
• Ability to interface with senior leadership.
• Ability to support high-visibility or high-priority projects.
• Excellent oral and written communication skills.
• IAM Level III Certification per DoD Directive 8140.01.

Qualifications: BS in Cloud Computing with 8 years of Experience

• Working knowledge of Risk Management Framework as defined in NIST 800-53 and CNSSI 1253.
• Experience in conducting vulnerability and compliance scanning for federal information systems.
• In-depth knowledge and experience with technical configuration standards relating to information system security.
• Experience configuring Windows operating systems, and experience with server systems, thin client architecture, system virtualization, and other related peripherals.
• Extensive knowledge and experience with assessment & authorization (A&A) requirements as outlined in the NISPOM/DAAPM, JSIG, RMF, NIST, and other USG IS/Security-related policies.
• Knowledge and experience with configuration/certification and auditing/analysis of Windows.
• Experience supporting various system configurations (Stand Alone, Local Area Networks, Wide Area Networks, Government, and Contractor connections).
• Experience with Interconnected Security Agreements (ISA), Network Security Plans (NSP), Memorandum of Agreement/Understanding (MOA/U).
• Experience in implementing Windows Active Directory Services and Group Policy.
• Applied experience with Windows PowerShell, and experience with security information and event management (SIEM) and data loss prevention (DLP) solutions.
• Experience with audit reviews such as physical security, network and application, password administration, file access privileges, etc. 
• Must provide evidence of DoD 8570 IAM III compliance, such as CISSP, CISA, CISM, etc, or obtain requisite certification within 6 months of hire date.
• Ability to balance mission needs with security requirements and persuade stakeholders toward secure solutions.
• Skill in working effectively with non-technical staff, contractors, and cross-functional teams.

Qualifications: BS in Computer Engineering with 13 years of Experience