The Sponsor requires assistance in applying cyber security best practices, national security standards, applicable laws, policies, and directives to enable cyber security and information security operation by proactively assisting in the monitoring, evaluating, and managing of system risk. The Cyber Security Subject Matter Expert (SME) shall be part of a larger team responsible for ensuring information security best practices, standards, and guidelines, consistent with Sponsor regulations, are managed throughout the system lifecycle.
The Sponsor requires a SME to serve as a lead to provide support of large scale, enterprise systems. The Contractor shall participate in forums, communicate regularly with multiple offices within Sponsor purview, and be expected to lead, manage, collaborate, and ultimately assist with information security risk assessments of Sponsor systems. The Contractor shall be responsible for providing technical security assistance such as proposing, coordinating, implementing and enforcing information systems security policies, standards, and methodologies. The Contractor shall lead and plan for new technology insertion by keeping up with new technologies and capabilities such as encryption, transport, networking, routing, among other things. The Contractor shall support the development or modification of System Security Plans (SSPs), security requirements, and other supporting documentation for the Assessment and Authorization process. The Contractor team shall interface directly with the Sponsor in support of this effort.
**Please note: This job requires an existing Top Secret Clearance and Polygraph**
Responsibilities and Duties
The Contractor shall manage and provide cyber security support to a large number of systems in the Sponsor's environment. The Contractor shall maintain awareness of security threats, risks, and exploits across the Internet. The Contractor shall communicate policies supportive of the Sponsor's InfoSec vision, goals, and objectives. The Contractor shall review and provide recommendations for system security plans for IT projects and work with various teams in advising on security measures to safeguard information against accidental or unauthorized modification, destruction or disclosure. The Contractor shall serve as a main focal point on the team and shall be responsible for working with Sponsor's customers to identify the systems' cyber risks, possible exploits, existence of vulnerabilities, and what mitigations are technically feasible to implement taking into consideration the known threats against a given system.
The Contractor shall be on the team and serve as the technical expert in support of assisting the Sponsor's customers in the Assessment and Authorization (A&A) of large scale, enterprise systems. The Contractor shall be required to engage and participate in information security related tasks as directed by the Sponsor, in forums, communicate regularly with multiple offices within Sponsor purview, and shall lead, manage, collaborate, and assist with information security risk assessments of Sponsor systems. The Contractor shall provide recommendations on network firewall configurations, best practices used in further securing these devices and processes on which the Sponsor security groups provide approval for devices being brought into the Sponsor's buildings. The Contractor shall communicate with the Sponsor's incident response team when resolving cyber incidents and shall do so in the context of applying the Risk Management Framework (RMF). The Contractor shall be responsible for providing technical security and commercial cloud as they shall provide security guidance to customers looking to migrate their systems into this environment. The Contractor shall manage all documentation/Body of Evidence and completed artifacts and maintain them in the Sponsor's database management system.
Must Be a US Citizen
Clearance Required: Active TS/SCI and Poly
Demonstrated ability to determine security requirements by analyzing business needs.
Demonstrated experience performing quality control on RMF body of evidence documentation.
Demonstrated ability to identify security risks to ensure all systems assigned to Contractor by Sponsor receive formal Authorization to Operate in a timely manner.
Demonstrated experience providing security review/approval for changes to accredited systems (installation of new software, opening new ports, etc.) and determination of Security Relevant Changes.
Demonstrated experience recording lessons learned, creating Standard Operating Procedures (SOPs), developing security plans, and identifying mitigations to address cyber vulnerabilities.
Demonstrated working knowledge of Amazon Web Services (AWS) architecture and other cloud computing environments such as from Microsoft, Google, and IBM; encryption technologies; and understanding of CLSE, Slim, Red Hat, Windows operating systems.
Demonstrated understanding of cyber threats associated with database technologies such as Oracle RDS, MySQL, and Mongo db for example.
Demonstrated ability to identify and manage information security risks in an enterprise environment.
Demonstrated ability to assess operating systems' level of information compliance with security requirements for Windows, Unix, CLSE, and Ubuntu.
Demonstrated experience in utilizing NIST Special Publications in support of enabling information security across an enterprise.
Demonstrated experience assessing virtual machine technology such as VMWare for vulnerabilities.
Demonstrated experience in recommending and deploying effective information security mitigations to reduce cyber risks and exploits on physical and cloud environments.
Demonstrated experience providing technical guidance and oversight both to technical and non-technical senior-level personnel.
Demonstrated knowledge of the Sponsor's diverse information technology infrastructure including commercial cloud, major application systems, and network architecture.
Experience in supporting the Sponsor's cloud computing and other physically hosted operating environments.
Demonstrated understanding of the Sponsor information security policies, guidelines, and regulations.
Bachelor's degree in computer science, management information systems, cyber security, information assurance, computer engineering or other technical field, or equivalent experience.
Demonstrated experience with the Sponsor's Certification and Accreditation (C&A, now A/A) process and the Project Management Framework.
Demonstrated experience in configuring and assessing for vulnerabilities of routers, switches, container services, and firewalls.
Certified Information Systems Security Professional (CISSP).
At Dezign Concepts, we are building a collaboration of professionals to help supply commercial, government and the intelligence communities with the services they need to excel in current and future endeavors. We are a growing company where providing outstanding solutions and delivering impeccable service is our highest priority. We believe that great people make great companies and every day we strive to provide the type of environment that encourages creativity, growth and satisfaction.
Dezign Concepts provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.
This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.