Pueo has an opportunity for an experienced TS/SCI cleared Policy Technical Reviewer to join our team in Reston, VA, Riverdale, MD, or Hanover, MD. The Policy Technical Reviewer is responsible to exercise technical support as a Reviewer during an inspection conducted within the Intelligence Community Integrated Environment (IC IE). This requires a Reviewer to be an expert in their technical area or multiple areas, to remain agile, and diligent in support of a groundbreaking effort to secure and modernize the JWICS environment.
** This is an on-site role**
**Must be willing to travel up to 30%, including local travel within the National Capital Region (NCR) of Northern Virginia, Maryland, and Washington, DC. **
Responsibilities:
JCIP Reviewers are integral to conducting inspections of environments across the Intelligence Community (IC). They are responsible for:
Interacting with leadership and site technical staff in advance of conducting inspections to facilitate scoping, data to support security controls assessment input, and execution of operational inspection plan,
Responsible for interviewing organizational subject matter experts in conducting STIG, SRG, and IC policy checklists,
Participating in the planning, execution, and reporting of security audits and network vulnerability assessments with minimal supervision
Assisting in preparation of assessment deliverables -Security Risk Assessments input, compliance data, STIG data, etc.,
Communicating on impact of vulnerabilities verbally, through presentations and written deliverables,
Plan, execute, and report on information technology, privacy, and operational reviews to identify mission, privacy, security, compliance, information technology, and regulatory risks,
Familiar with a variety of cybersecurity concepts, practices, and procedures. Relies on extensive experience and judgment to plan and accomplish goals.
The Policy Reviewer is responsible for reviews based on IC policies (Insider Threat, Host Based Security (HBS), Vulnerability Management, Auditing, Public Key Infrastructure/Enabling (PKI/PKE), Classification Management Tool (CMT), Password Management, User Training, Supply Chain Risk Management (SCRM), Incident Response Planning and Reporting, Physical/Traditional Security) This includes:
Coordination with multiple organizations and the reviewer staff,
Consolidating reports on an organization's enterprise,
Validating correct configurations,
Conducting interviews,
Completing checklists,
Providing input to written reports on compliance and associated risks,
Advanced writing skills; experience in coordinating multiple viewpoints into a cohesive document,
Attention to detail is an imperative skill for success,
Experience with DoD STIGs and STIG Viewer tool,
Ability to work independently.
Qualifications:
Clearance: TS/SCI with ability to obtain CI Poly
Education: Bachelor's degree from an accredited institute in an area applicable to the position in Cybersecurity, Computer Science, Software Engineering, Systems Engineering, Information Systems, or a related technical discipline; an additional four (4) years of relevant experience may be substituted in lieu of a degree.
Certifications: Certification in DoD 8570.01-M Cybersecurity workforce, compliance with DoD Directive 8140 Cyberspace Workforce Management, and IAT Level III.
Skills: Strong independent work ethic (auditor mentality), exceptional oral and written communication skills, and the ability to work unsupervised.
Preferred Qualifications
Technical Proficiency: Minimum 10 years of experience in compliance reporting related activities.
Advanced Skills: Experience working in a DoD or Intelligence Community Environment desired. Ability to develop vulnerability-based vignettes to support cyber tabletop exercises to evaluate effectiveness of protect and detect capabilities.
Interdivision Collaboration: Demonstrated ability to operate across departments to implement cybersecurity principles effectively.
Analytical Skills: Skilled in identifying network anomalies and applying cybersecurity and privacy principles to organizational requirements.
Multitasking and Time Management: Capable of multitasking with efficient time management and possessing a comprehensive understanding of cyber threats, vulnerabilities, and network security methodologies.
Pueo is an equal employment opportunity employer and affirmative action employer. All interested individuals will receive consideration and will not be discriminated against on the basis of race, color, religion, sex, national origin, disability, age, sexual orientation, gender identity, genetic information, or protected veteran status. Pueo takes affirmative action in support of its policy to advance diversity and inclusion of individuals who are minorities, women, protected veterans, and individuals with disabilities.