CISSP Jobs - DoD Secret - IT Security Specialist (Validator), 16637

at Nesco Resource
Location North Charleston, SC
Date Posted November 18, 2020
Category Default
Job Type Full-time

Description

Candidate must be willing to accept this position as a full-time, 40-hour/week, primary job supporting mandatory core hours (9-3pm EST). Candidates seeking this position as a second or part-time job will not be considered. DoD Secret clearance is required. Candidate must supply proof of a valid (non-expired) DoD 8570 compliant security certification at time of application. Candidate must be willing to travel. Desiring Charleston, SC location but will consider remote depending on experience and salary requirements.

Currently seeking an RMF Assessment & Authorization (A&A) Validator to support an active government contract. This individual's primary responsibility will be to lead efforts and perform tasks related to A&A within the Defense Health Agency (DHA) to ensure assigned DoD systems/Enclaves/Networks can obtain and maintain Authorization to Operate (ATO) and Authorization to Connect (ATC) certifications. This individual will plan, coordinate and lead teams to conduct risk and vulnerability assessments of information systems to identify vulnerabilities, risks, and security requirements in accordance with DHA's A&A process. This individual will be responsible for supporting DHA Security Control Assessor Representatives (SCAR), Security Control Assessor (SCA) and other DHA cybersecurity leadership in the execution and enforcement of DHA's cybersecurity and Risk Management Framework (RMF) Process. Secondary responsibility will be the assessment of CCI, STIG's, and vulnerability scans of target systems identified in associated systems Security Assessment Plan (SAP).

Responsibilities include:

RMF Process Package and Process Management:

•Support and execute DHA RMF Independent Validation & Verification (IV&V) and Validator responsibilities and deliverables defined by the DHA RMF workflow. These include:
•Review of systems architecture diagrams, hardware/software lists, accreditation boundary documentation, security plans and eMASS records.
•Develop detailed Security Assessment Plans.
•Support Development of IV&V cost estimates.
•Execute reviews for and provide feedback to Program Offices within eMASS for Security Plan approvals, Authorization Packages, Risk Assessments and Annual Reviews.
•Coordination among various stakeholders, e.g., Security Engineers, Network Administrators, System Administrators, Information Assurance Managers (IAMs) / Information Systems Security Managers (ISSMs), SCA, SCAR, Authorization Officials (and representatives), program managers, vendors, etc., necessary to properly plan and coordinate IV&V and testing requirements for program office authorization efforts.
•Knowledge and experience identifying, assessing, and documenting compliance against applicable DoD IA security controls (technical, management, operational), and DISA Security Technical Implementation Guides (STIGs).
•Familiarity with the use of vulnerability scanning and assessment tools (e.g., ACAS/Nessus/Tanium) necessary to identify and document compliance)
•Knowledge of and ability to use applicable compliance and accreditation reporting environments (e.g., eMASS, CMRS) to validate compliance and accuracy of a program's RMF package.
•Knowledge of NIST SP 800-53 and 800-37, CNSSI 1254, and other DoD Risk Management policies.
•Experience with Steps 1-5 of the RMF process.

IV&V Execution / Assessment:

•Run automated scans (SCAP/ACAS/Nessus) along with supplemental scripts.
•Perform and assess manual DISA STIG checks.
•Properly annotate discrepancies for Failed STIG checks and produce justifiable N/A statements.
•Ability to troubleshoot technical issues on an adhoc basis.

QUALIFICATIONS

•Travel, 25%-40%
•15+ years of technical experience or a Bachelor's Degree and 7+ years of technical experience
•Secret Clearance.
•Minimum of active Security+ certification required upon start. CISSP preferred.
•Experience with DHA Cybersecurity Directorate a plus.
•Experience with A&A packages within eMASS a plus.
•Capable of providing thought leadership to the SCAR, SCA and other DHA cybersecurity leadership in his/her effort to identify risks, communicate recommended courses of action and recommend process improvements.
•Ability to lead teams and regularly interact with senior level program personnel.
•Ability to identify, interpret and evaluate major applications, infrastructure, enclaves, and Enterprise system environments based on proposed accreditation boundaries.
•Ability to manage multiple projects simultaneously.
•Ability to apply and assess STIG's.
•Ability to configure Nessus scans, and evaluate .nessus files for accuracy.
•Strong verbal and written communications and interpersonal skills.

DESIRED QUALIFICATIONS:

•CISSP, CISM, CASP
•Network device configuration: Switches, Routers, Load Balancers
•Microsoft IIS, Sharepoint, Apache Web Server/Tomcat
•Linux/Unix OS
•Microsoft SQL, MySQL, Oracle, PostgreSQL
•VMware ESXi or Microsoft Hyper-V
•Scripting knowledge/experience: generating scripts to remotely patch/audit systems.
•Knowledge of DISA STIGs/FDCC requirements, CTOs, TASKORDs, FRAGORDs, and emerging threats.
•Knowledge of defense-in-depth and other information security and assurance principles and associated supporting technologies.
•A self-leader, self-thinker, needs little direction, ability to work in a dynamic team environment, proven communication skills and client customer support.
•ACAS/Nessus scanning experience, building asset groups, creating audits, schedule scans and generating reports.

LOCATION:

•Preference for candidates local to the Charleston, SC area. However, we will consider other locations depending on the candidate.

•Travel, 25%-40%
•15+ years of technical experience or a Bachelor's Degree and 7+ years of technical experience
•Secret Clearance.
•Minimum of active Security+ certification required upon start. CISSP preferred.
•Experience with DHA Cybersecurity Directorate a plus.
•Experience with A&A packages within eMASS a plus.
•Capable of providing thought leadership to the SCAR, SCA and other DHA cybersecurity leadership in his/her effort to identify risks, communicate recommended courses of action and recommend process improvements.
•Ability to lead teams and regularly interact with senior level program personnel.
•Ability to identify, interpret and evaluate major applications, infrastructure, enclaves, and Enterprise system environments based on proposed accreditation boundaries.
•Ability to manage multiple projects simultaneously.
•Ability to apply and assess STIG's.
•Ability to configure Nessus scans, and evaluate .nessus files for accuracy.
•Strong verbal and written communications and interpersonal skills.

DoD 8570 Compliant. Requires either Security+, CISSP, or relevant security certification upon start.
15+ years of technical experience or a Bachelor's Degree and 7+ years of technical experience
15+ years of technical experience or a Bachelor's Degree and 7+ years of technical experience

•CISSP, CISM, CASP
•Network device configuration: Switches, Routers, Load Balancers
•Microsoft IIS, Sharepoint, Apache Web Server/Tomcat
•Linux/Unix OS
•Microsoft SQL, MySQL, Oracle, PostgreSQL
•VMware ESXi or Microsoft Hyper-V
•Scripting knowledge/experience: generating scripts to remotely patch/audit systems.
•Knowledge of DISA STIGs/FDCC requirements, CTOs, TASKORDs, FRAGORDs, and emerging threats.
•Knowledge of defense-in-depth and other information security and assurance principles and associated supporting technologies.
•A self-leader, self-thinker, needs little direction, ability to work in a dynamic team environment, proven communication skills and client customer support.
•ACAS/Nessus scanning experience, building asset groups, creating audits, schedule scans and generating reports.

Nesco Resource and affiliates (Lehigh G.I.T Inc, and Callos Resource, LLC) is an equal employment opportunity employer and does not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, disability, age, or veteran status, or any other legally protected characteristics with respect to employment opportunities.

Drop files here browse files ...