Cyber Security Speacalist

Job DescriptionJob DescriptionCertification Requirement: CSWF IAM Lvl 2 (CASP,CISSP..etc), Cloud Foundations cert (i.e.AWS, Azure, CompTIA), ITILv3 or later foundations certification.

Qualifications listed on Contract (Copy and Paste from the Contract):
A minimum of ten (10) years of work experience in the area of providing security services including research, evaluation, design, implementation, systems accreditation, administration, monitoring, support, and maintenance of network hardware, software, and application systems.
Minimum of two (2) years of relevant experience in lieu of each year of formal education may be substituted for a formal degree.
Job Description:
Provide support to maintain program systems, networks, cloud, and application security, including managing and updating the Authority to Operate (ATO) accreditation packages. The support shall include, but is not limited to, the development and updating of the System Categorization Form; Hardware and Software Information Flows document and diagrams; Security Assessment Plan (SAP); Information Security Continuous Monitoring (ISCM); Ports, Protocols, and Service Management (PPSM) document and all other necessary artifacts as required by the Navy Authorizing Official (NAO).
Conduct applicable scanning, as specified by the NAO and perform mitigating actions for production and non-production networks to comply with ATO requirements.
Support the integration of all SIPR, NIPR, cloud, and standalone network Information Assurance Vulnerability Alerts (IAVA), EXORDs, FRAGORDs, and other Cyber Safe compliances.
Update system IATOs/ATOs/ATCs as required.
Provide support to maintain information assurance services for all program environments to comply with DOD and Navy regulations.
Input and update government database tracking systems such as but not limited to VRAM, DITPR-DON, DADMS, and eMASS like systems.
CYBERSECURITY AND CYBER RESILIENCY SUPPORT:
Support the planning and execution of cybersecurity Assessment and Authorizations (A&A) and Information Assurance (IA) compliance efforts for the program/s.
Research, assess and produce documentation, processes and tools in support of program security decisions and overall cyber resiliency efforts.
Cybersecurity and Cyber Resiliency activities include, but are not limited to, the following:
• Assist with the transition from DOD Information Assurance Certification and Accreditation Process (DIACAP) to the National Institute of Standards (NIST) based DOD Risk Management Framework (RMF) Authorization Process.
• Support the development, improvement, and execution of RMF compliance with DON/DOD strategies and objectives.
• Develop, review, update, and submit RMF package required documentation, diagrams, and electronic submissions across the RMF lifecycle.
• Provide RMF accreditation recommendations, network security reviews, and risk assessments.
• Perform Package Submitting Office level review and validation of RMF packages as required for Security Authorization Package level review.
• Collaborate with US Fleet Forces Command, OPNAV, Navy Authorization Office (NAO), and Security Control Assessor (SCA) on RMF package products and status.
• Assist in providing an efficient and repeatable process for all four of the DOD IT Types (IS, Platform IT, IT Services, IT Products) to support program initiatives.
• Conduct required RMF and Federal Information Security Management (FISMA) annual cybersecurity assessments and analysis.
• Perform Validator responsibilities in support of assessing and confirming systems has implemented the approved security control baseline.
• Assist in the management of eMASS to meet DOD and DON A&A requirements.
• Provide subject matter expertise and recommendations to improve, implement, and plan modernization cybersecurity programs.
• Support cyber-security assessments and investigations.
• Support development of cyber-security policies and plans.
• Develop, plan, coordinate, deliver and/or evaluate cyber-security training products and materials.
• Conduct threat and vulnerability assessments and develop mitigation countermeasures.
• Conduct research and analysis and provide recommendations in support of network security, risk, and compliance policy and implementation guidance.
• Support cyber-security processes including asset registration and tracking, program services management and tracking, Clinger-Cohen Act compliance, and applicable DON/DOD directed compliance requirements and actions.
• Conduct program compliance reviews to ensure alignment with applicable statutes, regulations, policy, and guidance for cyber-security management, interoperability, and planning.
• Apply Best Business Practices (BBP) across program accreditation packages ensuring uniformity and the capability to capture performance metrics.
• Research, assess, and monitor network security documentation submissions for the program systems and networks.
• Support the analysis and management of program Cybersecurity and Computer Network Defense (CS/CND) requirements, investments, and cyber resiliency efforts.
NETWORK SECURITY:
Provide network security services including research, evaluation, design, implementation, administration, monitoring, operations support, DevSecOps support, and maintenance of network hardware, software, application and cloud-base systems.
Review requirements, design solutions, and implement security and systems administration procedures to set up new networks or modify existing networks to comply with DOD, Navy, and local regulations.
Provide network security services for all program environments to comply with DOD, Navy, and local regulations.
Performing duties as an Information Systems Security Manager (ISSM), Information Security Officer (ISO), and Risk Management Framework (RMF) subject matter expert (SME) for cloud, application, enterprise, and mission networks.
Perform duties as Information Security Manager, to oversee and ensure appropriate operational security posture (e.g., network and system security, physical and environmental protection, personnel security, incident handling, security training and awareness) is implemented and maintained for and in support of information systems and programs.

---