ACTIVE SECRET CLEARANCE REQUIRED
Job Description
The position requires security engineering skills with a working knowledge of Information Assurance (IA) technology, NIST standards, DoDI 8500.2, and Risk Management Framework (RMF) Security Controls. The successful candidate must have experience in the Agile Development Lifecycle to include generating requirements, architecture design, configuring Cyber audit tools, conducting verification, and performing Cyber vulnerability, and Cyber configuration activities. Leadership experience and effective interpersonal skills are required with a demonstrated ability to support complex organizational relationships. Excellent technical document preparation and verbal communication skills are required for presentation of technical Cyber issues and reports to the Government, Program Management, and other C2BMC Functional Areas.
Recent hands-on experience with Agile execution, tools, and methodologies is highly preferred.
Highly Desired
Experience with using Scripting Languages such as Python and PowerShell to solve complex data analysis problems along with in depth cyber vulnerability analysis experience is highly desired. Familiarity with vulnerability scanning and analysis tools such as ACAS (Tenable.sc / Nessus Vulnerability scanner), Evaluate-STIG, STIG Manager, and Trivy are also highly desirable.
The position requires a strong working knowledge of Cyber capabilities such as patch management, multi-factor authentication, host-based security, intrusion detection, security event management, active/passive system scanning, and defense-in-depth. Recent experience and familiarity with creating/updating Assessment and Authorization (A&A) packages for RMF Authority to Operate (ATOs) is required. Application experience hardening Windows and Linux servers and workstations in accordance with GPOs, IAVMs, and STIGs is desired. Network design and software engineering backgrounds are a plus. IAT Level 2 certification required at start.
The successful candidate will be expected to communicate and work closely with C2BMC Operational ISSOs in direct support of the Operational eMASS packages managed by the A&A team. Additionally, a qualified candidate will need to work closely with System owners, Cyber peers, Program Office technical/management staff, and other C2BMC Functional Areas to ensure the C2BMC fielded system attains and maintains appropriate Authorization for Connection, Test, and Operational purposes. The selected candidate is expected to assist with Cyber Products analysis, Vulnerability mitigation, and POA&M Management to assist the team in the successful delivery of eMASS Packages and Ports Protocols, and Services (PPS) in accordance with contract schedules. Primary focus for the qualified candidate will rotate and blend technical documentation, surge support for authorization packages in eMASS, assessing vulnerabilities, engineering responses for system POA&Ms, proposal support, and conducting risk analysis for Risk Acceptance Requests (RARs).