Serve as a cyber subject matter expert . Provide cyber system architecture and engineering expertise, technical advice, develop and review cyber security policy and threat models and support expanding CSSP offerings and C5ISR efforts. Support the Risk Management Framework Cloud (RMFc) process, assist in developing RMFc documentation for customers and application owners across all Cloud service models and shared services. Review and make recommendations of customer RMFc documentation as required and assist the authorizing official (AO) with the certification of all Army cloud instantiations. Provide support to streamline inheritable controls from the Cloud Service provider down to Application owners. Provide recommendation process and procedures to further automate validation checks of STIGs, vulnerability detection, and static code analysis.
\n
\n$155,000 - $160,000 a year
Support business continuity activities to include continuity planning, conducting business impact assessments, creating systems and processes of prevention and recovery to deal with potential threats to the Army. In addition to prevention, will enable on-going operations before and during service interruptions or actual execution of a disaster recovery operations. Additionally, will assist with creating spillage processes, ultimately enabling Army customers to immediately remediate. Support data security throughout the lifecycle in cloud environments (Create, Store, Use, Share, Archive and Delete). Provide expertise in selecting relevant technical solutions to ensure data is secure within all cloud service models. In this role, provide expertise in selection and deployment of a Security Information and Event Management (SIEM) system that is user-friendly and relevant to mission-sets across the Army. Experience with Incident Response and SOC operations Monitoring and analysis of potential threat activity. Providing engineering support, operations, and maintenance of security tools. Must be able to run vulnerability and patching reports, analyze data, and respond/resolve customer support tickets relating to aforementioned tools. In-depth familiarity with Systems Security Categorization, Federal Information Processing Standard (FIPS 199 & 200), Federal Information Security Management Act (FISMA) 2014, Security Assessment Plan (SAP), aggregating risk, remediation of findings, and Ports Protocols Services Management (PPSM) In-depth operational and technical knowledge of security concepts including, but not limited to Security, Information, and Event Monitoring (SIEM) tools Practical knowledge of security management processes including, but not limited to, risk management, security planning, IT security control implementation, testing, and logical access controls Exceptional verbal and written communication skills. Practical knowledge of Federal Cybersecurity - FISMA, NIST, OMB Proven ability to meet schedule and performance requirements for IT Security projects Serves as a subject matter expert to advise for RMF packages, strategies, and technical components to ensure compliance of NIST 800-53 security controls. Assess solutions' architectural designs for compliance with NIST 800-53 rev 5 and DOD related policies for on premise and cloud-based solutions; prepare assessment documentation. Develop security artifacts to support the IA program to include System Security Plans (SSP), Security Assessment Reports (SAR), Risk Assessment Reports (RAR), Security Control Traceability Matrix (SCTM), Plan of Action and Milestones (POA&M), System Design and Installation Procedures, System User Guides, Privileged User Guides, Security Test Procedures and other documents as needed. Support systems through all steps of RMF and enable Gov Client to achieve and or maintain authorities. Review vulnerability scan results at the operating system (OS) and application level and work with stakeholders to architect and implement mitigations. #pmf Requirements Bachelor's degree in Engineering or IT related field Active IAM III certification 7+ years professional experience in a related field 3+ years of experience in Army, DoD, or IC at the Headquarters, Department of the Army, or major command level (e.g. ARCYBER, NETCOM, 7th Signal Command, Program Executive Office) or in industry implementing similar solutions Active SECRET clearance (or higher) Strong working knowledge of large, complex IT environments Experience implementing solutions and services in a similar sized organization Expert ability to communicate effectively in both oral and written forms with all levels of staff Ability to effectively present information to, and interact well with, different levels of the organization. Strong technical writing expertise. Ability to work well in a strong collaborative team-oriented environment. Strong working knowledge of large, complex IT environments \nMust have active Secret clearance