Information Assurance/Cybersecurity

Job Type Full-time Description

Are you detail oriented, motivated and a self-starter? If so, we want you to join our team! in this role you will support the Cyber Security Branch of the Agency. Responsible for conducting information assurance and cybersecurity tasks, including security audits, accreditations, and PCI compliance. Individual will operate as part of the Security Branch team working closely with department ISSO’s and Senior Leadership to meet mission requirements. Utilizes experience and judgment to plan and accomplish enclave security related goals.  Supports system or network designs that encompass multiple data center or networks to include those with differing data protection/classification requirements. 

Primary Duties To Include:

• Conduct security assessments and evaluate the risk to the Agency’s information systems, enclaves, products, technology, and applications in accordance with DoD 8510.01, “Risk Management Framework for DoD Information Technology” and required National Institute of Standards and Technology (NIST) and Payment Card Industry (PCI) standards.
• Document the results of security assessments within the Enterprise Mission Assurance Support System (eMASS) and Security Assessment Report as directed by the Cybersecurity Branch Chief.
• Execute Risk Management Framework (RMF) and NIST related cybersecurity tasks including technical and programmatic related research.
• Analyze changes to assess Agency cybersecurity related risks to include written Risk Assessment Reports and emerging, innovative mitigation strategies reports.
• Assess planned system / network changes for cybersecurity compliance and for adverse effect on compliance status including DoD Information Systems (IS), products and services; industrial control systems (ICS); privacy; and PCI DSS compliance. Document risk determinations and recommendations to the Government.
• Analyze and verify remediation of internal and external system security audit findings including PCI, Cybersecurity Service Provider, and CCRI/CCORI .Work with Agency PCI ISAs, system administrators, and Information System Security Managers/Officers, provide remediation guidance, validate remediation, and obtain appropriate artifacts and documentation using the current standards in effect.
• Track and verify Agency compliance with JFHQ-DoDIN directives. Document, distribute, and brief metrics, trends, and status of JFHQ-DoDIN directives as the CyberSecurity Branch Action Officer. Research and provide guidance on the proper implementation of directives.
• Review Plan of Action and Milestones (POA&Ms) for accuracy, verification of mitigations, and risk determinations as submitted by the Program Manager/System Manager.
• Schedule, Coordinate and Participate in working groups, meetings, and focus groups. .
• Track and verify compliance with vulnerability management requirements and timelines to ensure an acceptable level of enterprise risk is maintained. Draft reports on compliance with DoD Directive 8140.01, DoD Directive 8570, or other relevant directives. Develop, coordinate, and/or deliver cybersecurity training for the Cybersecurity Branch workforce. This training would include, but is not limited to, current security trends, internal processes, use of tools (e.g., eMASS), and new policies/guidance.
• Education/Experience: BA/BS in a technical discipline with at least 10 years of experience
• Certifications: DoD 8570.01-M IAT Level III and CSSP-Auditor required at time of Hire 
• PCIP certification within 6 months of hire
• eMass and prior Security Accessor experience 

Requirements

Personnel must hold required certifications at time of hire, and must maintain certifications for the entire performance period. Must be knowledgeable of Defense Department and industry-standard vulnerability assessment, risk assessment, security assessment, and penetration testing methods and practices. Be proficient with industry-standard information system auditing methods and practices, and Defense Department certification and accreditation methods and practices, including (but not limited to) DIACAP and NIST RMF, as well as security auditing methods and practices regarding Microsoft Windows domain administration, Windows and Non-Windows OS platforms such as UNIX variants, network devices, SQL and Oracle security, and virtual computing platforms, system access and authorization, and centralized management and logging. Proven experience working with teams in a dynamic matrix reporting environment. Handles multiple assignments and may lead concurrent projects. Experience interacting on a frequent basis with upper-level management. Experience reviewing audit work papers. ACL or data analytics experience a plus. Excellent written and verbal communications skills.

Proven analytical & problem solving skills. Ability to travel (up to 5%). 

Emass Experience Required.

Candidate must have a Secret security clearance.

Full-time position located in Fort Lee, Virginia. 

Onsite Support required- telework Authorized –Applicant must be located within a 60 Mile radius of Ft. Lee, Va.