Cyber Security SME Technical 2

Cyber Security SME Technical 2 Level III (Senior Security Project Manager)

San Antonio may have an incredibly rich history, but it's also a destination rife with exciting new developments and attractions. One major new draw is the redevelopment of the legendary Pearl Brewery into a hip and artsy Urban Village along a newly completed extension of the enchanting River Walk - this bustling, eco-friendly complex includes shops, restaurants, entertainment and residences. Farther north along the river, the very first public golf venue in Texas, Brackenridge Golf Course, completed a stunning $4.6 million refurbishment in 2009, and in arts news, the prestigious McNay Art Museum nearly doubled in size with the opening of a dramatic new wing done in modernist style. With swank, see-and-be-seen restaurants, shops, and nightspots opening around the city, San Antonio has plenty to offer both new and repeat visitors.

Requirements (Duties Include But Are Not Limited)

• General Cybersecurity requirements – Information Systems include design, development, developmental testing, operational testing, integration, implementation, operation, upgrade, or replacement of DHA IT in support of DHA tasks and missions.
• Shall comply with DoDI 8582.01 "Security of Unclassified DoD Information on Non-DoD Information Systems" and "Cybersecurity" and National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53/53a and NIST SP 800-37, "Risk Management Framework (RMF)" Guide for Applying the Risk Management Framework to Federal Information Systems, as well as emerging DoD Cybersecurity policy designed to address evolving threats and submit requirements contain in Contract Data Requirements List (CDRL) A002.
• Shall identify the security controls in accordance with Committee on National Security Systems (CNSS) Instruction No. 1253, "Security Categorization and Control Selection for National Security Systems" as outlined within NIST SP 800-171, based on the categorization of confidentiality, availability and integrity of the information type and information technology provided by the government.
• Shall implement security controls in accordance with NIST implementation and validation requirements specified in the NIST SP 800-37 Risk Management Framework (RMF).
• Shall configure the information system in accordance with Defense Information Agency (DISA) security technical implementation guides (STIGs).
• Shall ensure that the information system conforms to the requirements of DoDI 8551.01 "Ports, Protocols, and Services Management (PPSM)".
• Shall ensure that the information system shall authenticate all entities as specified in DoDI 8520.03 "Identity Authentication for Information Systems" prior to granting access.
• Shall Public Key enable the information system, implementing digital signature and encryption requirements specified in DoDI 8520.02, "Public Key Infrastructure (PKI) and Public Key (PK) Enabling."
• Will be responsible for compliance with the United States Cyber Command issuances and Information Assurance Vulnerability Management (IAVM) issuances by ensuring that the issuances are assessed, implemented and maintained throughout development and sustainment in accordance with specified timelines.
• Shall support reciprocity, by providing all NIST security documents directed information to the government.
• Shall implement system level protection and detection capabilities that are consistent with their contract for NIST Security requirements that meet DoD and DHA Cybersecurity Architectures.
• Shall self-certify that the information system is compliant with the applicable NIST security controls annually by submission of a Security Assessment Report (SAR) and security test plan for compliance of testing IA controls.
• Shall comply with the incident management requirements of Chairman of the Joint Chiefs of Staff Manual (CJCSM) 6510.01B, "Cyber Incident Handling Program".
• Risk Management Framework for DoD IT: Shall comply with DoDI 8510.01.

Qualifications

• Minimum of 6 years of demonstrated cybersecurity experience.
• Required Bachelor's degree in Information Technology Related field and/or 4 years hands on experience, Master's degree desirable.
• Meets IAM Level III requirements per DoD 8570.01-M.
• CISSP or CompTIA Security + and or equivalent certification required.
• Minimum of 5 years demonstrated experience with DoD directives, Instructions and Guidance i.e. DIACAP / RMF for DoD IT (DOD 8510.01, DOD 8500.01).
• Minimum of 5 years demonstrated experience working with DHA information systems is preferred.
• Demonstrated experience leading teams performing security vulnerability assessments.
• Experience with DoD cybersecurity policy and guidelines highly recommended.
• Must have demonstrated experience in a position demanding strong verbal, written and interpersonal communication skills and the ability to: read, analyze, and interpret technical procedures and regulatory requirements; write reports, business correspondence, and procedure manuals.
• Have a working knowledge of eMASS, CMRS, COAMs, DISA PPSM Registry, DMZ Whitelist, STIGs and SRGs.

KurzSolutions is committed to improving health outcomes by providing well-managed companies with the top healthcare talent in the market.