|Date Posted||March 27, 2021|
A&A Technical Lead
- Minimum of DOD 8570 IAM II or IAT II Certification. IAM II: CAP, GSLC, CISM, CASP CE, CISSP (or Associate), or IAT II: GSEC, Security + CE, SSCP, CCNA-Security
- Must have a final Secret clearance.
Telesis Corporation is sourcing for a Cybersecurity professional to perform as
an A&A Technical Lead to be responsible for coordination of A&A tasks of Telesis team members and designated Government personnel. Responsibilities include technical advice for complex network, platform, and system security solutions. The Technical Lead shall review project designs and implementations for security best practices, evaluate new and emerging products and technologies, Client information protection needs, define system security requirements, define system security architecture, and develop detail security design. The contractor shall assist in supplying system security engineering reviews, to include system security evaluations, ST&E execution, and review, and support the oversight of Marine Corps A&A and FISMA compliance.
The following experience is desired for the A&A Technical Lead:
Demonstrated experience with the Risk Management Framework (RMF) process to
ensure that all Marine Corps ISs remain in compliance with Federal laws and regulations as well as DoD, DON, NIST, and Marine Corps directives, instructions, and manuals.
Experience with security, system auditing and hacking tools.
Strong working knowledge of networking and router technologies, as well as network security issue.
Experience analyzing and communicating network security issues to peers and to management.
Familiarity with mobile code, malicious code, and Anti-Virus software.
Ability to stay abreast of internal and external security best practices.
- In depth knowledge of Windows Server System Administration.
- Developing and maintaining DoD polices.
The contractor shall support the Government with on-site support for this task at MCB Quantico, Virginia.
A&A Security Testing and Review
The contractor shall support the Marine Corps in validation reviews and documentation tracking and present their evaluations, based on technical expertise, as certification that security standards are met to the Government for approval.
Through the DoD A&A process, the contractor shall ensure that IT security standards are met and sustained for fielding and operational use of Automated Information Systems (AIS)/National Security Systems (NSS), including joint systems and applications operating in the Marine Corps domains.
The contractor shall monitor enterprise control to ensure applications and systems implemented across the MCEN are secure and reliable. The contractor shall identify and, when authorized by the Government, correct questionable IT or IT processes that may introduce threats to the MCEN and DODIN, by enforcing DoD and Marine Corps security policies through physical or technical methods/means (i.e., access controls, user permissions, education).
The contractor shall support the Government in reviewing the potential threats and vulnerabilities to proposed system architecture and implementation, and assist the Government in executing a robust and comprehensive system ST&E process to ensure system design and implementation meet the established security requirements.
The contractor shall provide recommendations of threat and vulnerability mitigation, to determine a level of risk to the MCEN for presentation to the Marine Corps AO. This analysis shall be conducted by means of architecture, documentation, policy, technical, security scanning, scanning results reviews, and configuration verification.
The contractor shall provide risk analysis documentation in accordance with USMC and DoD policy that shall form the basis of an authorization recommendation to the Government.
The contractor shall provide support to aid in the development of draft, for Government approval, Marine Corps specific A&A policies, procedures and manuals amplifying higher-level policy.
The contractor shall assist the Government in overseeing the implementation of policies, procedures, guidelines, and manuals on information security review, testing, and reporting according to FISMA, as well as the DoD, DON, and Marine Corps. The contractor shall assist the Government in implementing A&A actions and policies that enable and enforce very large scale system certification processes with focus on holistic risk management and responsive change management.
The contractor shall assist HQMC C4 CY by participating in strategy and requirements development for Marine Corps commands, units, bases, posts, stations, and other material solution providers during the lifecycle process of system acquisition and development.
A&A MCCAST Management
The contractor shall monitor and maintain a central repository of security documentation in the MCCAST. The contractor shall operate and expand the automated tool used by the Marine Corps, ensuring the data in this system is capable of being shared within the following criteria:
Maintain the MCCAST server to include Cybersecurity IAVM, log reviews, Web/Application/database administration, backup and patching
Accessible by internal Marine Corps organizations (e.g., the Marine Corps Systems Command, Marine Corps operational forces staff elements, the Marine Corps Cyber Operations Group, etc.)
Exportable to other Naval organizations (e.g., Naval Network Warfare Command, Space and Naval Warfare Systems Command, DON CIO, etc.)
Exportable to external DoD organizations, (e.g., DISA, Office of the Secretary of Defense, Joint Chiefs, Unified & Specified Combatant Commands, etc.).
The contractor shall assist the Government in providing A&A process training documentation to Marine Corps cybersecurity staff and personnel. This support shall primarily be in the form of Microsoft PowerPoint presentations and hand-outs for platform classes and script input on Microsoft Word documents in support of distributive training products, computer based training products, and distance learning classes that the Marine Corps has in current production. The contractor shall support the Government in providing ad hoc platform instruction. The contractor shall assist the Government in providing training as periodically requested by the deployable MARFORs, MSCs, and MCIs. Typical classes are held up to four times per year with an average of 25 students per class.