Bravura Inc.
Dahlgren, VA
Education/Certifications: Bachelor’s Degree or CNSSI 4012 certificate/comparable military training (desired); Security+, CAP, CASP, or PMP (required); IAT Level II (required) [CySA+; Security+; CND; RHCSA; CCNA-Security; GICSP; GSEC; or SSCP)
Years of Experience: 4+ years in cybersecurity
Clearance Level & Investigation: Secret / T3 investigation
Citizenship: U.S.
IA Cert Level (DoD 8570.01): IAT Level II
Responsibilities :
Oversees and manages information security program implementation within organization or other areas of responsibility.
Manages strategy, personnel, infrastructure, policy enforcement, emergency planning, security awareness, and/or other resources.
Acquire and manage necessary resources, including leadership support, financial resources, and key security personnel, to support IT security goals, and reduce overall organizational risk.
Advise and assist ISSM/ISSO in A&A process for command.
Evaluate and support documentation, validation, and accreditation processes necessary to ensure that new IT systems meet NIST Special Publications Risk Management Framework (RMF) Cybersecurity requirements.
Develop, review, and obtain Government approval of plans to assess security controls to include creating Security Assessment plan (SAP).
Develop SAP and Rules of Engagement (ROE) for Government approval, outlining assessment scope, methodology, and resources.
Conduct security control assessment, including activities such as Security Categorization Review, System Security Plan Analysis, and other assessments as defined in SAP; deliver comprehensive Security Assessment Report (SAR), documenting findings, vulnerabilities, and recommendations for remediation; include Vulnerability Assessment Report and Executive Briefing in report.
Implement initial remediation actions based on SAR recommendations; deliver Issue Resolution Report and Remediation Status Report within timeline.
Review, revise, develop, update, and maintain all RMF required artifacts associated with command’s A&A program.
Provide direct support for accreditation of systems/networks utilizing RMF process.
Identify and recommend corrections for security deficiencies discovered during security and certification testing and continuous monitoring or identify risk acceptance for authorized representatives.
Attend meetings and submit associated minutes/trip reports.
Develop Plan of Actions (POAs) addressing outstanding security weaknesses identified in SAR, outlining remediation tasks and timelines; compile comprehensive Security Authorization Package, including SAR, POA, System Security Plan, and other relevant documents for Navy Authorizing Official review.
Conduct comprehensive risk assessment, determining potential risks to organizational operations, assets, individuals, and organizations.
Include Residual Risk Statement documenting remaining risks i; provide recommendation to NAO on residual risk acceptability, supported by Risk Acceptance Recommendation Report and briefing.
Perform additional actions required to support electronic classroom deployment.
Conduct Functional Area Needs Analyses and provide recommendations on Cybersecurity architecture, requirements, objectives, and policies.
Provide research and analysis of new and emerging technologies in hardware, software, and applications and applicability to mission.
Assess impacts of system modifications and technological advances; consult staff to gather and evaluate functional requirements, translate into technical solutions.
Provide guidance on applicability of information systems to meet business needs.
Guide, gather, and evaluate functional and security requirements.
Translate requirements into guidance on applicability of information systems.
Develop and document requirements, capabilities, and constraints for design procedures/processes; translate functional requirements into technical solutions.
Integrate and align information security and IA policies to ensure system analyses meet security requirements.
Specify power supply and heating, ventilation, and air conditioning (HVAC) requirements and configurations based on system performance expectations and design specifications.
Attend meetings and submit associated minutes/trip reports.
Qualifications:
Four (4) years of experience in Cybersecurity.
Bachelor’s Degree or CNSSI 4012 certificate or ADQ GA7 desired but not required.
May substitute successful completion of at least one of the following military training courses for desired education: NEC 2779 or 3372 or CIN W-3B-1500 or A-4C-1340
Requires a CompTIA Security+, Certified Authorization Professional (CAP), CompTIA Advanced Security Practitioner (CASP), or Project Management Professional (PMP) certification.
Requires IAT Level II certification, covered by one of the following: CompTIA Cybersecurity Analyst (CySA+); CompTIA Security; EC-Council Certified Network Defense (CND) v3; Red Hat Certified System Administrator (RHCSA); CCNA Security; Global Industrial Cyber Security Professional (GICSP); GIAC Security Essentials (GSEC); or Systems Security Certified Practitioner (SSCP).
Must maintain a Secret clearance / T3 investigation and be a U.S. citizen.
Required Cybersecurity Expertise:
Cybersecurity principles, threats, vulnerabilities, and risk management processes
Encryption algorithms (e.g., Internet Protocol Security (IPSEC), Advanced Encryption Standard (AES), General Routing Encapsulation (GRE), Internet Key Exchange (IKE), Message Digest 5 (MD5), Secure Hash Algorithm (SHA), Triple Data Encryption Algorithm (3DES))
Data backup and recovery concepts and tools
Disaster recovery and continuity of operations planning/network access control mechanisms (e.g., Access Control Lists (ACLs))
Incident response and handling methodologies
Intrusion detection methodologies and techniques
Network traffic analysis methods
Network protocols (Transmission Control Protocol /Internet Protocol (TCP/IP), and Open System Interconnection (OSI) model)
System and application security threats and vulnerabilities (e.g., buffer overflow, cross-site scripting, SQL injection)
Security architecture concepts, enterprise architecture reference models
National/international cybersecurity laws, regulations, policies, and ethics
Current and emerging threats and threat vectors
Enterprise incident response program, roles, and responsibilities
Penetration testing principles, tools, and techniques
Required Technical Proficiency:
Computer networking concepts, protocols, and security methodologies
System performance and availability monitoring
System software and organizational design standards
System life cycle management principles, software security and usability
System/server administration & systems engineering concepts/methods
Server and client operating systems
Network security architecture concepts (topology, protocols, defense-in-depth)
Network systems management principles and tools
Basic system administration, network, and operating system hardening techniques
Cloud computing service and deployment models (SaaS, IaaS, PaaS)
Cloud security strategy and architecture
Data security standards
Leadership and Management Expertise:
Information security program management & project management principles
Resource management principles and techniques
Risk management processes (assessment and mitigation)
Secure acquisitions (e.g., Contracting duties, secure procurement, supply chain risk management)
IT supply chain security and risk management
Applicable laws, statutes, Presidential Directives, and guidelines related to cybersecurity and privacy
Organizational risk tolerance and risk management approach
Critical IT procurement requirements
#J-18808-Ljbffr
Years of Experience: 4+ years in cybersecurity
Clearance Level & Investigation: Secret / T3 investigation
Citizenship: U.S.
IA Cert Level (DoD 8570.01): IAT Level II
Responsibilities :
Oversees and manages information security program implementation within organization or other areas of responsibility.
Manages strategy, personnel, infrastructure, policy enforcement, emergency planning, security awareness, and/or other resources.
Acquire and manage necessary resources, including leadership support, financial resources, and key security personnel, to support IT security goals, and reduce overall organizational risk.
Advise and assist ISSM/ISSO in A&A process for command.
Evaluate and support documentation, validation, and accreditation processes necessary to ensure that new IT systems meet NIST Special Publications Risk Management Framework (RMF) Cybersecurity requirements.
Develop, review, and obtain Government approval of plans to assess security controls to include creating Security Assessment plan (SAP).
Develop SAP and Rules of Engagement (ROE) for Government approval, outlining assessment scope, methodology, and resources.
Conduct security control assessment, including activities such as Security Categorization Review, System Security Plan Analysis, and other assessments as defined in SAP; deliver comprehensive Security Assessment Report (SAR), documenting findings, vulnerabilities, and recommendations for remediation; include Vulnerability Assessment Report and Executive Briefing in report.
Implement initial remediation actions based on SAR recommendations; deliver Issue Resolution Report and Remediation Status Report within timeline.
Review, revise, develop, update, and maintain all RMF required artifacts associated with command’s A&A program.
Provide direct support for accreditation of systems/networks utilizing RMF process.
Identify and recommend corrections for security deficiencies discovered during security and certification testing and continuous monitoring or identify risk acceptance for authorized representatives.
Attend meetings and submit associated minutes/trip reports.
Develop Plan of Actions (POAs) addressing outstanding security weaknesses identified in SAR, outlining remediation tasks and timelines; compile comprehensive Security Authorization Package, including SAR, POA, System Security Plan, and other relevant documents for Navy Authorizing Official review.
Conduct comprehensive risk assessment, determining potential risks to organizational operations, assets, individuals, and organizations.
Include Residual Risk Statement documenting remaining risks i; provide recommendation to NAO on residual risk acceptability, supported by Risk Acceptance Recommendation Report and briefing.
Perform additional actions required to support electronic classroom deployment.
Conduct Functional Area Needs Analyses and provide recommendations on Cybersecurity architecture, requirements, objectives, and policies.
Provide research and analysis of new and emerging technologies in hardware, software, and applications and applicability to mission.
Assess impacts of system modifications and technological advances; consult staff to gather and evaluate functional requirements, translate into technical solutions.
Provide guidance on applicability of information systems to meet business needs.
Guide, gather, and evaluate functional and security requirements.
Translate requirements into guidance on applicability of information systems.
Develop and document requirements, capabilities, and constraints for design procedures/processes; translate functional requirements into technical solutions.
Integrate and align information security and IA policies to ensure system analyses meet security requirements.
Specify power supply and heating, ventilation, and air conditioning (HVAC) requirements and configurations based on system performance expectations and design specifications.
Attend meetings and submit associated minutes/trip reports.
Qualifications:
Four (4) years of experience in Cybersecurity.
Bachelor’s Degree or CNSSI 4012 certificate or ADQ GA7 desired but not required.
May substitute successful completion of at least one of the following military training courses for desired education: NEC 2779 or 3372 or CIN W-3B-1500 or A-4C-1340
Requires a CompTIA Security+, Certified Authorization Professional (CAP), CompTIA Advanced Security Practitioner (CASP), or Project Management Professional (PMP) certification.
Requires IAT Level II certification, covered by one of the following: CompTIA Cybersecurity Analyst (CySA+); CompTIA Security; EC-Council Certified Network Defense (CND) v3; Red Hat Certified System Administrator (RHCSA); CCNA Security; Global Industrial Cyber Security Professional (GICSP); GIAC Security Essentials (GSEC); or Systems Security Certified Practitioner (SSCP).
Must maintain a Secret clearance / T3 investigation and be a U.S. citizen.
Required Cybersecurity Expertise:
Cybersecurity principles, threats, vulnerabilities, and risk management processes
Encryption algorithms (e.g., Internet Protocol Security (IPSEC), Advanced Encryption Standard (AES), General Routing Encapsulation (GRE), Internet Key Exchange (IKE), Message Digest 5 (MD5), Secure Hash Algorithm (SHA), Triple Data Encryption Algorithm (3DES))
Data backup and recovery concepts and tools
Disaster recovery and continuity of operations planning/network access control mechanisms (e.g., Access Control Lists (ACLs))
Incident response and handling methodologies
Intrusion detection methodologies and techniques
Network traffic analysis methods
Network protocols (Transmission Control Protocol /Internet Protocol (TCP/IP), and Open System Interconnection (OSI) model)
System and application security threats and vulnerabilities (e.g., buffer overflow, cross-site scripting, SQL injection)
Security architecture concepts, enterprise architecture reference models
National/international cybersecurity laws, regulations, policies, and ethics
Current and emerging threats and threat vectors
Enterprise incident response program, roles, and responsibilities
Penetration testing principles, tools, and techniques
Required Technical Proficiency:
Computer networking concepts, protocols, and security methodologies
System performance and availability monitoring
System software and organizational design standards
System life cycle management principles, software security and usability
System/server administration & systems engineering concepts/methods
Server and client operating systems
Network security architecture concepts (topology, protocols, defense-in-depth)
Network systems management principles and tools
Basic system administration, network, and operating system hardening techniques
Cloud computing service and deployment models (SaaS, IaaS, PaaS)
Cloud security strategy and architecture
Data security standards
Leadership and Management Expertise:
Information security program management & project management principles
Resource management principles and techniques
Risk management processes (assessment and mitigation)
Secure acquisitions (e.g., Contracting duties, secure procurement, supply chain risk management)
IT supply chain security and risk management
Applicable laws, statutes, Presidential Directives, and guidelines related to cybersecurity and privacy
Organizational risk tolerance and risk management approach
Critical IT procurement requirements
#J-18808-Ljbffr