Jacobs
Overview
Performs assessment and authorization coordination. Advises and assists the customer with Risk Management Framework (RMF) and develops a Plan of Action and Milestones for resolving network deficiencies in accordance with DoD guidance. The duties include assessing network compliance against controls listed in NIST 800-53 and creating A&A packages. Performs assessment, compliance, and validation of IT systems to support the Cybersecurity program at USSOCOM, its Component Commands, TSOCs, and deployed forces. The contractor shall execute a comprehensive assessment, compliance and validation of customer networks to ensure compliance with regulations, security, and standards. The end goal is to ensure the integrity of customer systems by identifying and mitigating potential shortcomings and vulnerabilities. Advise USSOCOM, its Component Commands, TSOCs, and deployed forces on network and system risks, risk mitigation courses of action, and operational considerations. Additionally, the Cybersecurity Systems Analyst should be able to perform security evaluations and vulnerability assessments using the DoD Assured Compliance Assessment Solution (ACAS), Nessus vulnerability scanning tool, and Security Content Automation Protocol (SCAP) tools. Identify applicable STIGs and perform assessments using SCAP tooling. The Analyst will liaison with network and system administrators to correct identified deficiencies, scan new systems and applications being introduced into the SOF environment, identify issues, and draft certification letters for the government. The contractor will liaison with the Site Integration Facility (SIF) to ensure systems and applications meet DISA STIG standards. The Cybersecurity Systems Analyst should be knowledgeable in cyber network defense tools such as endpoint security, SIEM, and other security controls. Typical duties
Tracks A&A status of SIE governed ISs. Ensures artifacts and documentation are available in the USSOCOM-chosen automated tool. Documentation and implementation of cybersecurity requirements. Provide DoD & IC RMF subject matter expertise to USSOCOM, its Component Commands, TSOCs, deployed forces and their delegates, including other Contractors, and assist with the development and execution of the RMF program. Maintain, track, and validate DISN, cloud and DIA connection approval packages. Develop and maintain supporting documentation for new and existing networks, cloud environments, information systems and technologies as they are introduced into the SIE. Develop and review the A&A of SIE networks, cloud environments, systems, services, telecommunication circuits, mobile devices, hardware, and software using the DoD & IC RMF to obtain an ATO, IATT, or ATC. Perform risk and vulnerability assessments of IT and IS for authorization; prepare risk assessment reports for submission to the SCA and AO/DAO/DAA in accordance with DoD, DIA, USCYBERCOM, USSOCOM, Component Commands, TSOCs, and deployed forces’ policies and procedures. Assist USSOCOM and subordinate organizations with enforcement of A&A, as well as DoD, DIA, USSOCOM, Component Commands, TSOCs, and deployed forces’ connection standards for networks and systems. Track and maintain A&A databases, websites and tools to ensure networks, systems and devices are properly documented and managed from a cybersecurity perspective. Track and report to higher headquarters organizations (e.g., USCYBERCOM, DIA) compliance with applicable Cybersecurity regulations and directives. Ensure timely notifications to responsible individuals to prevent lapses in accreditations (e.g., 30/60/90 day notices). Develop and maintain an Information Security Continuous Monitoring (ISCM) Plan addressing ongoing awareness of information security, vulnerabilities, controls, and threats to support risk management decisions. Identify, assess, and advise on cybersecurity control compliance and associated risks. Coordinate with USCYBERCOM, DoD, DIA, NSA, DISA, and subordinate organizations to support issue resolution with security, A&A, connection approvals, and waiver requests. Perform network, cloud, information systems, hardware, software and device security authorization and assessments, and apply policy with project management support services. Validate patching of systems, perform validation scanning, develop Plans of Action & Milestones (POA&Ms), and report as directed by policies and regulations. Provide subject matter expertise for COA development and the implementation of cybersecurity mitigation strategies. Develop and implement required processes, procedures, and capabilities to mitigate vulnerabilities for software and hardware deployment. Identify, implement and validate continued effectiveness of key performance parameters and security measures. Perform analytics on cybersecurity posture and provide reports to the AO/DAO and stakeholders as required per ISCM and AO/DAO direction. Knowledge, Skills and Abilities
Experience with the US Combatant Commands (USCENTCOM/USSOCOM) is desired. Technical background with system administration, architecture and engineering experience preferred. Technical background in networking, identity management, Microsoft and Linux operating systems, database, and mobility. Working knowledge of RMF. Knowledge of Telos Xacta or eMASS is desired. Excellent communications skills (written and oral) and interpersonal skills. Knowledge and experience with DoD IA processes and policies (e.g., DODI 8510.01, NIST, CNSS, CJCSM 65101.01, Incident Response and other IA policies). Active TS/SCI clearance required. Experience, Education, & Certification Requirements
Years of Experience Required: 8+ years Education Required: BA/BS Certification Required: Current DoD 8570.01-M, IAT- Level III or IAM Level III. Example Certs: CISSP (or Associate), CASP+CE, CISA, CISM, CCISO, GCED, GCIH, CCSP, or GSLC Physical Requirements: May include lifting up to 40 pounds as necessary. Work Environment: Can involve inside or outside work depending on the task. Indoor environments may include cubicle settings with considerations for noise and lighting. Outside work may include warmth or cold climates. Travel may be required (up to 10%). Equipment and Machines: Ability to operate office equipment and other work-related tools. Possess heavy and light equipment licenses or the ability to obtain them. Attendance: Normal hours are Monday – Thursday; flexibility may be required to meet deadlines. Attendance is essential except for approved leave. Other Essential Functions: Must demonstrate professional behavior, clear communications, appropriate grooming, and the ability to work with diverse stakeholders. Independent transportation to work locations is required. Travel to customer and test locations may be required (up to 10%), including potential airline travel. When operating a vehicle for work, seat belts must be worn and no cellular devices used while the vehicle is in motion.
#J-18808-Ljbffr
Performs assessment and authorization coordination. Advises and assists the customer with Risk Management Framework (RMF) and develops a Plan of Action and Milestones for resolving network deficiencies in accordance with DoD guidance. The duties include assessing network compliance against controls listed in NIST 800-53 and creating A&A packages. Performs assessment, compliance, and validation of IT systems to support the Cybersecurity program at USSOCOM, its Component Commands, TSOCs, and deployed forces. The contractor shall execute a comprehensive assessment, compliance and validation of customer networks to ensure compliance with regulations, security, and standards. The end goal is to ensure the integrity of customer systems by identifying and mitigating potential shortcomings and vulnerabilities. Advise USSOCOM, its Component Commands, TSOCs, and deployed forces on network and system risks, risk mitigation courses of action, and operational considerations. Additionally, the Cybersecurity Systems Analyst should be able to perform security evaluations and vulnerability assessments using the DoD Assured Compliance Assessment Solution (ACAS), Nessus vulnerability scanning tool, and Security Content Automation Protocol (SCAP) tools. Identify applicable STIGs and perform assessments using SCAP tooling. The Analyst will liaison with network and system administrators to correct identified deficiencies, scan new systems and applications being introduced into the SOF environment, identify issues, and draft certification letters for the government. The contractor will liaison with the Site Integration Facility (SIF) to ensure systems and applications meet DISA STIG standards. The Cybersecurity Systems Analyst should be knowledgeable in cyber network defense tools such as endpoint security, SIEM, and other security controls. Typical duties
Tracks A&A status of SIE governed ISs. Ensures artifacts and documentation are available in the USSOCOM-chosen automated tool. Documentation and implementation of cybersecurity requirements. Provide DoD & IC RMF subject matter expertise to USSOCOM, its Component Commands, TSOCs, deployed forces and their delegates, including other Contractors, and assist with the development and execution of the RMF program. Maintain, track, and validate DISN, cloud and DIA connection approval packages. Develop and maintain supporting documentation for new and existing networks, cloud environments, information systems and technologies as they are introduced into the SIE. Develop and review the A&A of SIE networks, cloud environments, systems, services, telecommunication circuits, mobile devices, hardware, and software using the DoD & IC RMF to obtain an ATO, IATT, or ATC. Perform risk and vulnerability assessments of IT and IS for authorization; prepare risk assessment reports for submission to the SCA and AO/DAO/DAA in accordance with DoD, DIA, USCYBERCOM, USSOCOM, Component Commands, TSOCs, and deployed forces’ policies and procedures. Assist USSOCOM and subordinate organizations with enforcement of A&A, as well as DoD, DIA, USSOCOM, Component Commands, TSOCs, and deployed forces’ connection standards for networks and systems. Track and maintain A&A databases, websites and tools to ensure networks, systems and devices are properly documented and managed from a cybersecurity perspective. Track and report to higher headquarters organizations (e.g., USCYBERCOM, DIA) compliance with applicable Cybersecurity regulations and directives. Ensure timely notifications to responsible individuals to prevent lapses in accreditations (e.g., 30/60/90 day notices). Develop and maintain an Information Security Continuous Monitoring (ISCM) Plan addressing ongoing awareness of information security, vulnerabilities, controls, and threats to support risk management decisions. Identify, assess, and advise on cybersecurity control compliance and associated risks. Coordinate with USCYBERCOM, DoD, DIA, NSA, DISA, and subordinate organizations to support issue resolution with security, A&A, connection approvals, and waiver requests. Perform network, cloud, information systems, hardware, software and device security authorization and assessments, and apply policy with project management support services. Validate patching of systems, perform validation scanning, develop Plans of Action & Milestones (POA&Ms), and report as directed by policies and regulations. Provide subject matter expertise for COA development and the implementation of cybersecurity mitigation strategies. Develop and implement required processes, procedures, and capabilities to mitigate vulnerabilities for software and hardware deployment. Identify, implement and validate continued effectiveness of key performance parameters and security measures. Perform analytics on cybersecurity posture and provide reports to the AO/DAO and stakeholders as required per ISCM and AO/DAO direction. Knowledge, Skills and Abilities
Experience with the US Combatant Commands (USCENTCOM/USSOCOM) is desired. Technical background with system administration, architecture and engineering experience preferred. Technical background in networking, identity management, Microsoft and Linux operating systems, database, and mobility. Working knowledge of RMF. Knowledge of Telos Xacta or eMASS is desired. Excellent communications skills (written and oral) and interpersonal skills. Knowledge and experience with DoD IA processes and policies (e.g., DODI 8510.01, NIST, CNSS, CJCSM 65101.01, Incident Response and other IA policies). Active TS/SCI clearance required. Experience, Education, & Certification Requirements
Years of Experience Required: 8+ years Education Required: BA/BS Certification Required: Current DoD 8570.01-M, IAT- Level III or IAM Level III. Example Certs: CISSP (or Associate), CASP+CE, CISA, CISM, CCISO, GCED, GCIH, CCSP, or GSLC Physical Requirements: May include lifting up to 40 pounds as necessary. Work Environment: Can involve inside or outside work depending on the task. Indoor environments may include cubicle settings with considerations for noise and lighting. Outside work may include warmth or cold climates. Travel may be required (up to 10%). Equipment and Machines: Ability to operate office equipment and other work-related tools. Possess heavy and light equipment licenses or the ability to obtain them. Attendance: Normal hours are Monday – Thursday; flexibility may be required to meet deadlines. Attendance is essential except for approved leave. Other Essential Functions: Must demonstrate professional behavior, clear communications, appropriate grooming, and the ability to work with diverse stakeholders. Independent transportation to work locations is required. Travel to customer and test locations may be required (up to 10%), including potential airline travel. When operating a vehicle for work, seat belts must be worn and no cellular devices used while the vehicle is in motion.
#J-18808-Ljbffr