Serve as a cybersecurity project liaison with multiple system ISSOs working to ensure security objectives are met as well as ensuring security improvement actions are evaluated, validated, and implemented as required
Serve as the cybersecurity leader assisting with conduct of Assessments and Authorizations, including responsibility to maintain security controls and related artifacts for compliance with FISMA, NIST, and IRS standards in the agency cybersecurity information management system
Assessment and Authorization (A&A) work includes, but not limited to, technical documentation, working authorization packages in Xacta assessing cybersecurity vulnerabilities, engineering responses for system Plan of Action and Milestones (POAM), conducting risk analysis for Risk Acceptance Requests (RAR) and providing cybersecurity support for the program
Support all Risk Management Framework (RMF) activities to include obtaining Interim Authority to Test (IATT), Authority to Operate (ATO) and supporting Ongoing Security Assessments (OSA) including updating control implementation statements and providing evidence to compliance assessment activities
Support creating or updating security documentation such as System Security Plan, Contingency Plan, Incident Response Plan, Privacy Impact Assessment, and other similar documents
Assist determining typical sets of controls such as firewalls, security of business systems, data leakage protection systems, patching, encryption, vulnerability scanning, pen testing
Document and maintain all security tools and technology
Keep the management informed on the state of the information security program
Any other tasks as required / tasked by the management team

Requirements

US Citizen with active Top Secret or SCI clearance, preference given to candidates with active SCI DoD security clearance
Must be local to DC metro area for working in SCIF approximately 3-4 days per week
7+ years' experience in cybersecurity documentation and system authorization artifacts in DoD environment (system security plan, lifecycle documentation, continuous monitoring plan, security assessment plan, security assessment report, risk assessment, etc.)
Strong working knowledge of Information Assurance (IA) concepts such as patch management, multi-factor authentication, host-based security, intrusion detection, security event management and defense-in-depth is required
Working knowledge of cybersecurity controls for the assessment of mission systems
Working knowledge of Information Assurance (IA) technologies, NIST standards, DoDI 8500.2 and SP 800-53, DoD cyber security policy requirements set forth in DoDI 8500.01, “Cybersecurity,” and DoDI 8510.01, “Risk Management Framework (RMF) for DoD Information Technology (IT)”
Recent hands-on Assessment and Authorization (A&A) experience with extensive Risk Management Framework (RMF) packages
Experience with Plan of Actions and Milestones (POAM), Information Assurance Vulnerability Management (IAVM), and compliance reporting for mission systems
DoDI 8570 certification (i.e., GSEC, Security+, SCNP, SSCP) or higher
At least one Security Certification (in order of preference): Certified Information Systems Security Professional (CISSP) Certified Info Sys Auditor (CISA)/Certified Info Sec Manager (CISM) Certified Ethical Hacker (CEH) Other similar certs may be acceptable on a case-by-case basis
Experience interpreting and implementing security controls for Impact Level 4 and higher systems
Experience with Department of Defense (DoD) Risk Management Framework requirements
Ability to use current industry methods for evaluating, implementing, and disseminating IT security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities

Benefits

Comprehensive medical, dental, and vision plans
Flexible Spending Account
4% 401K Match (immediate vesting)
Paid Time Off
Tuition reimbursement, certification programs, and professional development
Flexible work schedule
On-site gym and childcare option

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

cybersecurity documentationsystem authorization artifactsrisk analysisvulnerability scanningpenetration testingsecurity controlsincident responseencryptionpatch managementmulti-factor authentication

Soft Skills

leadershipcommunicationorganizational skillscollaboration

Certifications

DoDI 8570 certificationCertified Information Systems Security Professional (CISSP)Certified Info Sys Auditor (CISA)Certified Info Sec Manager (CISM)Certified Ethical Hacker (CEH)