Job ID: 2306368

Location: REMOTE WORK, AL, US

Date Posted: 2023-05-18

Category: Cyber

Subcategory: Cybersecurity Spec

Schedule: Full-time

Shift: Day Job

Travel: No

Minimum Clearance Required: Interim Secret

Clearance Level Must Be Able to Obtain: Secret

Potential for Remote Work: No

Description

• Assist in the completion of eMASS tasks for coordination through all applicable parties
• Develop security artifacts IAW AFI 17-101 & Army Regulation 25-2
• Perform on-going RMF Step 2 through Step 6 to maintain the customer ATO packages in eMASS
• Support reviews and analysis of system changes to determine any security impacts
• Assist in assessing the data Impact Level (IL) of migrating applications in accordance with the DoD Cloud Computing Security Requirements Guide (SRG)
• Analyze and recommended risk mitigations for identified vulnerabilities and weaknesses
• Support the documenting of the inheritable environment controls required to meet security standards as described in the RMF for an A&A package
• Support security assessments and the resolution of concerns/issues identified by assessment team(s) including security reviews, test, and exercises
• Develop, deliver and execute a contractor Security Assessment Plan (SAP)
• Record actual results of the Security Control Assessment in the Security Assessment Report (SAR) and Plan of Action and Milestones (POA&M)
• Conduct security testing and continuous vulnerability monitoring to include delivering a continuous monitoring plan and vulnerability management reports.
• Work with the CSSP to ensure applications are properly configured for auditing/monitoring
• Ensure DoD Public Key Infrastructure (PKI) is enabled/implemented where appropriate according to policy
• Provide timely remediation recommendations for audit findings
• Provide updates to both the USAF and USA instances of EMASS in tandem
• Provide support to POA&M reviews and recommendations

Qualifications

Required Education and Experience:

• Bachelors and five (5) years or more of related experience; Masters and three (3) years or more related experience; PhD and 0 years experience
• Additional four (4) years of experience may be accepted in lieu of degree

• An Interim Secret clearance required to start; Must be able to obtain a Secret clearance to maintain employment
• US citizenship required

• Security + Certification

• Experience with DevSecOps
• Knowledge of the DoD suite of security tools including ACAS, HBSS, and eMASS
• Knowledge of cloud environments provided by Cloud Computing to include GCP, AWS, OCI or Azure
• Ability to collect and deliver the application ISSM identified Assess-Only security artifacts as defined by eMASS to include: Categorization and Selection Checklist; HW List; SW List; Identification of applicable STIGs; POA&M List; Signed Security Assessment Report; Scan results; Security configuration testing; Port, Protocols, and Services worksheet; Topology/System Authorization Boundary; CMP/CCB; and applicable SLA/MOU/A.
• Ability to support the updates to Risk Management Framework Artifacts
• Ability to create System Security Plan (SSP) templates that provides a common approved language for documenting common inherited security features
• Working knowledge of Microsoft Office Suite including Microsoft Visio

• Knowledge of DESMF
• Experience with Agile, Scrum, SAFe or other modern software development methods/practices
• Experience supporting USAF or USA software development projects
• Experience supporting software migration efforts
• Minimum Information Assurance Technical (IAT) Level II certified IAW DoD 8570.01M
• Compliant with DoD and USAF training requirements in DoDD 8570.01, DoD 8570.01-M, and AFMAN 17-1303.
• Knowledge of DoD Policies and procedures including DoD 8500.01 and DoD 8510.01.
• Experience with Risk Management Framework (RMF) and updating of security artifacts
• Experience with compliance verification methods including DISA STIG, SRGs, and best practices