- Support Centrix Network from an IT Security perspective
- Oversees Network Accreditation Packages for three Networks
- Create and maintain accreditation documentation for all systems and record artifacts in eMASS
- Facilitate communication between the RMF/A&A team, technical teams, and the customer/organization
- Provide Certification and Accreditation (C&A) support in the development of security and contingency plans by conducting risk and vulnerability assessments
- Provide timely notification to the Government for any critical or high incidents impacting critical systems and services.
- Develop and/or maintain SOPs, TTPs, and White Boards associated with current knowledge of relevant technologies as assigned
- Manage Commercial Solutions for Classified (CSfC) registration and annual recertifications package accreditation (NSA)
- Change Management – Validate site security for new requirements, managed system accounts and privileges, and asset management to the three networks.
- Manage Cyber Task Orders (CTO) Management
- Evaluate IS for compliance in accordance with Risk Management Framework (RMF) 800-53 Controls, Special Directives, and other regulatory guidance
- Advise technical teams on valid Exceptions to Policy, document any security deficiencies, and track and maintain Body of Evidence in support of system risk posture
- Assess and upload RMF documentation into the Enterprise Mission Assurance Support Service (eMASS) portal
- Develop and sustain RMF Assessment and Authorization (A&A) eMASS packages to maintain Authorization to Operate (ATO) for A&A and Authorization to Use (ATU) for Reciprocity
- Assess security controls and documents in the Risk Management Framework (RMF) eMASS package, to include: the SSP, SAR, PIA, Categorization Form, Implementation Plan, Network Topology, HW/SW Listing, and Plan of Actions and Milestones (POA&Ms)
- Correspond with Government customer and system administrators to communicate any unacceptable risks identified and correct deficient RMF POA&M to meet Army and DoD standards
- Develop and submit Plans of Action and Milestones (POA&Ms)
- Develop System Security Plans (SSP) for all A&A packages
- Review and update all SOPs to be used as compelling evidence
- Support Cybersecurity IT internal and embedded inspection teams
- Review Assured Compliance Assessment Solution (ACAS) scan reports to ensure security updates are being implemented
- Ensure DISA STIGs are implemented and enforced
- Perform enterprise-wide risk analysis and vulnerability assessments
- Ensure compliance with regulations and privacy laws
- May coach and provide guidance to less-experienced professionals
- May serve as a team or task lead
BA/BS Degree (relevant experience can be considered in lieu of degree).
At least 8 years of IT and IT Security related experience
IAT level II Compliant certification (i.e. Security+ CE, SSCP etc). Full list here of IAT level II compliant certs: https://public.cyber.mil/cw/cwmp/dod-approved-8570-baseline– certifications/
Prefer a Secret clearance with ability to obtain TS/SCI level access. Must have clearance (and relevant certifications) prior to start in role. Must be able to obtain TS/SCI eventually.
Equal Employment Opportunity:
GovTact and Insperity provide equal employment opportunities to all employees and applicants in all company facilities without regard to race, color, religious creed, sex, national origin, ancestry, citizenship status, pregnancy, childbirth, (or related medical conditions, including, but not limited to lactation), physical disability, mental and/or intellectual disability, age, military status or status as a Vietnam-era or special disabled veteran, marital status, registered domestic partner or civil union status, gender (including sex stereotyping and gender identity or expression), medical condition (including, but not limited to, cancer related or HIV/AIDS related), genetic information, or sexual orientation in accordance with applicable federal, state and local laws.
This applies to all terms and conditions of employment, including, but not limited to, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.