Plan and conduct security authorization reviews and assurance case development for initial installation of systems and networks.
Develop specifications to ensure risk, compliance, and assurance efforts conform with security, resilience, and dependability requirements at software application, system, and network levels.
Verify application software/network/system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations.
Perform security reviews, identify gaps in security architecture, and develop a security risk management plan.
Assess the effectiveness of security controls.
Develop methods to monitor and measure risk, compliance, and assurance efforts.
Draft statements of preliminary or residual security risks for system operation.
Monitor and evaluate a system's compliance with information technology (IT) security, resilience, and dependability requirements.
Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change.
Maintain information systems assurance and accreditation materials.
Support site assistance visits (SAV)s as requested by the Security Control Assessor (SCA).

Requirements

Active Top Secret with SAP eligibility
Bachelor's degree in related discipline (or 4 additional years of relevant experience in lieu of degree)
10-12 years of relevant experience
DoD 8570 IAM III level certification (e.g., CISSP, CISM, GSLC, or CCISO) or DoD 8140 Advanced ISSM (e.g., CISM, CISSO, FITSP-M, GCIA, GCSA, GCIH, GSLC, GICSP, CISSP-ISSMP, CISSP) or DoD 8140 Advanced SCA (e.g., CISM, CISSO, CPTE, CySA+, FITSP-A, GCSA, CISA or CISSP, CISSP-ISSEP, GSLC, GSNA)
Expert knowledge of: Navy FLTCYBERCOM Authorization processes, GRC Experience (eMASS\Xacta), Risk Management Framework requirements, Cybersecurity (CS) principles, and organizational requirements relevant to confidentiality, integrity, availability, authentication, and non-repudiation, Information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption), Network security architecture concepts including topology, protocols, components, and principles, Security Assessment and Authorization process, Cyber defense and vulnerability assessment tools, including open-source tools, and their capabilities, Penetration testing principles, tools, and techniques, Relevant laws, policies, procedures, or governance related to critical infrastructure.
Skilled in: Discerning protection needs (i.e., security controls) of information systems and networks.
Determining how a security system should work and how changes in conditions, operations, or the environment will affect outcomes.

Benefits

healthcare benefits
paid leave
retirement plans
insurance programs
education and training assistance

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

security authorization reviewsrisk management plansecurity controls assessmentrisk analysissecurity architecturepenetration testinginformation systems assurancecompliance monitoringsecurity postures verificationsecurity assurance case development

Soft Skills

analytical skillsproblem-solvingcommunicationorganizational skillsattention to detail

Certifications

CISSPCISMGSLCCCISOCISACPTECySA+FITSP-ACISSP-ISSEPCISSP-ISSMP