Cyber Security Specialist

Cyber Security Specialist, Senior

We are seeking a Cyber Security Specialist, Senior position supporting the US Army in Oahu, Hawaii. This person will work on high-visibility or mission critical aspects of a given program and performs all functional duties independently.

Major Duties and Responsibilities:

• Provide assistance in identifying and resolving highly complex Cybersecurity/Information Assurance (IA) problems which are not subject to resolution through conventional methods
• Provide assistance in the development of Cybersecurity/IA briefings to obtain leadership/management consensus/approval on potential security solutions
• Provide assistance in network security implementation, including preparation and oversight of the execution of policies and procedures to ensure the continuous security of PEO EIS project architectures
• Provide assistance in the oversight to ensure implemented security safeguards are adequate to assure the integrity, availability, and confidentiality of the information being processed, transmitted, or stored are consistent with the level of sensitivity of that information
• Provide analysis of information processing needs and proposed system changes for security requirements and implications
• Form a weekly CY IPT that at a minimum will have as members the contractor CY Lead, ICAN ISSM involved with this project, the contractor PM and the government PM
• Ensure that the independent IV&V is scheduled and executed
• Perform a complete system self-assessment prior to the IV&V with CY in attendance; consistently communicate with the major CY stakeholders of the project
• Be responsible for all CY actions (at a minimum any Interim Authority to Test (IATT), Authority to Connect (ATC), Authority to Operate (ATO) using the security controls of CNSSI-1253, and include life-cycle CY maintenance of the system; have experience with Enterprise Mission Assurance Support Service (eMASS)
• Deliver to the GENM-O CY a weekly progress report that documents the RMF
• Provide engineering design that incorporates IA criteria for the components IAW applicable Army Regulations (ARs), DoD regulations, and DISA STIGs.
• Provide for the system scanning with DISA approval ACAS and SCAP vulnerability scanning tools during a self-assessment of the entire system(s).
• Discovered vulnerabilities, Not Applicable (N/A) security controls and mitigation actions will be recorded in a Plan of Action and Milestones (POA&M) template formatted per NIST 800-18 (current).
• In addition plan, coordinate and ensure that the Independent Validation and Verification (IV&V) is funded, planned and executed with the local ICAN ISSM or appropriate USG CY representative.
• Ensure the hardware/software inventory demonstrates compliance with the Unified Capabilities UC APL for all software in the SDP and EIP.
• Ensure that the Network Topology Diagram in the, OV-1, SV-1 format and the Data Flow Logical Diagram in the SV-2 format demonstrate adequate security controls compliant with CNSSI-1253 to protect the System in the System Design Plan (SDP) and Engineering Implementation Plan (EIP).
• Ensure the diagrams are prepared in the Department of Defense Architecture Framework (DoDAF) format.
• Confirm the IA Test Plan defines all appropriate STIGs to be applied to the System, vulnerability scans to be conducted, remediation and system hardening efforts to secure the System.
• Ensure that each contract and project integrator shall provide patching, system hardening, fixing and mitigating findings from vulnerability scan results or manual assessments on a system POA&M template found in NIST 800-18.
• Submit a POA&M for the system to include identification of control vulnerabilities for Non-compliant Test Result findings, corrective actions with mitigation/resolution alternatives and associated risk analyses, and Not Applicable (N/A) findings to include the reason why the security control is N/A and the artifact that validates this status. For each RMF security control an artifact will be included.
• Utilize vulnerability scanning tools and execute the vulnerability scans using an Army approved method (e.g., Assured Compliance Assessment Solution (ACAS)).
• Analyze the vulnerability scan results to include Non-compliant findings.
• Submit artifacts to the Enterprise/ICAN ISSM, if agreeable, or have the ability to create and modify a separate eMASS package.
• Provide a CNSSI-1253 Excel spreadsheet that includes security control its ID number (AC-1, AC-2(1), security control title, status of each security control (Compliant, Not Compliant, N/A, Inherited) and the artifact that validates the status.
• Produce a separate traceability matrix showing each hardware device, the software on each device and the DISA STIG used to harden the software.
• Work on high-visibility or mission critical aspects of a given program and performs all functional duties independently.
• May oversee the efforts of less senior staff and/or be responsible for the efforts of all staff assigned to a specific job.

Travel will consist of weeks' long trips both CONUS and OCONUS.

Travel can be expected 50% of the time.

Must be readily deployable (medically and administratively) to travel within 72 hours in any environment including contingency operations.

Active Secret Clearance

• 8-10 years experience of related experience performing a variety of Cyber Security/ IA coordinating security programs for P2E preferred.
• Implementing IA and security standards, procedures, doctrine and policies
• Knowledgeable of commercial and military standards and best practices applicable to Army communication sites

Education/Certification

• Bachelor's Degree in Computer Science or related field; prefer Master's Degree in Computer Science or related field

Desired

• IAT Level II (CCNA Security, Security+ CE, CySA, GICSP, GSEC, CND, SSCP)