Get new jobs for this search by email

Performs assessment and authorization coordination. Advises and assists the customer with Risk Management Framework (RMF) and develops a Plan of Action and Milestones for resolving network deficiencies in accordance with DODI 8510.01 and ICD. The duties of this task include assessing network compliance against controls listed in NIST 800-53 and creating A&A packages. Performs assessment, compliance, and validation of IT systems to support the Cybersecurity program at USSOCOM, its Component Commands, TSOCs, and deployed forces. The Contractor shall execute a comprehensive assessment, compliance and validation of customer networks to ensure compliance with regulations and security standards. The end goal is to ensure the integrity of customer systems by identifying and mitigating potential shortcomings and vulnerabilities. Advise USSOCOM, its Component Commands, TSOCs, and deployed forces on network and system risks, risk mitigation courses of action, and operational strategies. Additionally, the Cybersecurity Systems Analyst should be able to perform security evaluations and vulnerability assessments using the DOD Assured Compliance Assessment Solution (ACAS), Nessus vulnerability scanning tool, and Security Content Automation Protocol tool. Identify applicable STIGs and perform assessments using the Security Content Automation Protocol tool. The Cybersecurity Systems Analyst will liaise with network and system administrators to correct identified deficiencies. The Cybersecurity Systems Analyst will also review scans for new systems and applications being introduced into the SOF environment, identify issues, and draft certification letters for the government. The contractor will liaise with the Site Integration Facility (SIF) to ensure systems and applications meet the standards in the DISA Security Technical Implementation Guides (STIG). The Cybersecurity Systems Analyst should be knowledgeable of cyber network defense tools such as endpoint security, SIEM, and comply to connect. Typical duties include: Tracks A&A status of SIE governed ISs. Ensures these artifacts and documentation are available in the USSOCOM-chosen automated tool. Implementation of cybersecurity requirements. Provide DoD & IC RMF subject matter expertise to USSOCOM, its Component Commands, TSOCs, deployed forces, and their delegates, including other Contractors, and assist with the development and execution of the RMF program. Maintain, track, and validate connection approval packages, including those from USSOCOM, its Component Commands, TSOCs, and other subordinate organizations. Develop and maintain supporting documentation for new and existing networks, cloud environments, information systems, and technologies. Develop and review the A&A of networks, cloud environments, systems, services, telecommunication circuits, mobile devices, and software using the DoD & IC RMF to obtain an ATO, IATT, or ATC. Perform risk and vulnerability assessments of IT and IS for authorization; prepare risk assessment reports for submission to the SCA and AO/DAO/DAA in accordance with policies and regulations. Assist USSOCOM, its Component Commands, TSOCs, and deployed forces with the enforcement of A&A and connection standards. Track and maintain A&A databases, websites, and tools to ensure proper documentation and management from a cybersecurity perspective. Report to higher organizations on compliance with cybersecurity regulations and directives. Ensure timely notifications to responsible individuals to prevent lapses in accreditation. Develop and maintain an ISCM Plan addressing ongoing awareness of information security, vulnerabilities, controls, and threats. Identify, assess, and advise on cybersecurity control compliance and risks. Coordinate with USCYBERCOM, DoD, DIA, NSA, DISA, and subordinate organizations to support issue resolution. Perform security authorization and assessments for networks, cloud, information systems, hardware, software, and devices. Validate system patching, conduct scans, develop POA&Ms, and report as per policies. Provide SME for COA development and cybersecurity mitigation strategies. Develop and implement processes to mitigate vulnerabilities for software and hardware deployment. Identify, implement, and validate the effectiveness of security measures. Perform analytics on cybersecurity posture and report as required. Knowledge, Skills, and Abilities: Experience with US Combatant Commands (USCENTCOM/USSOCOM) is desired. Technical background in system administration, architecture, and engineering preferred. Knowledge of networking, identity management, Microsoft and Linux OS, databases, and mobility. Working knowledge of the RMF. Knowledge of Telos Xacta or eMASS is desired. Excellent communication skills (written and oral) and interpersonal skills. Knowledge of DoD IA processes and policies (e.g., DODI 8510.01, NIST, CNSS, CJCSM 65101.01, Incident Response). Active TS/SCI clearance required. Experience, Education, & Certification Requirements: 5+ years of experience (intermediate level). BA/BS degree. Current DoD 8570.01-M, DoD IAT Level II certification required. Physical requirements include sitting for extended periods, walking on sites, and climbing on military vehicles for inspections. The work environment is primarily office-based with partial telework. Equipment includes standard office tools and hardware/software evaluation capabilities. Attendance is critical, with work hours typically Monday-Friday, 8 hours per day, with possible overtime. Effective communication and professionalism are essential. #J-18808-Ljbffr