Verify data security access controls based on the Joint Special Access Program Implementation Guide (JSIG).
Implement media control procedures and continuously monitor for compliance.
Verify data security access controls and assign privileges based on need-to-know.
Investigate suspected cybersecurity incidents in accordance with Departmental directives and applicable Risk Management Implementation Plans (RMIPs).
Apply and maintain required confidentiality controls and processes.
Verify authenticator generation and verification requirements and processes.
Execute media sanitization (clearing, purging, or destroying) and reuse procedures.
Protect Controlled Unclassified Information (CUI), Special Access Programs (SAP), Sensitive Compartmented Information (SCI), and Personally Identifiable Information (PII).
Create and manage the Body of Evidence (BOE).
Maintain privilege access control logs.
Create and manage Interconnection Security Agreements (ISA).
Ensure JSIG compliance of applications within multiple accredited boundaries.
Track vulnerabilities by creating Plan of Action and Milestones (POA&M).
Manage the configuration and documentation in the program's instance of Enterprise Mission Assurance Support Services (eMASS).
Maintain and manage continuous monitoring of DoD Security Technical Implementation Guide (STIG) compliance.
Enforce continuous monitoring strategies using tools such as Splunk, Oracle Cloud Control, ACAS reports, and scripts for database/application user/privilege review.
Conduct code reviews for database and application development and configuration management activities.
Analyze events or test results and prepare POA&Ms.
Establish and satisfy information assurance and security requirements based on user, policy, regulatory, and resource demands.
Requirements:
Per contract requirements candidates must possess an active TS/SCI clearance with the ability to obtain CI Poly.
Bachelor's degree in a relevant field (e.g., Computer Science, Information Systems Management, Engineering) is required for this position. 4 years of relevant work experience may be considered in lieu of the degree requirement.
Security+ certification or equivalent (DoD 8570) if no current IAM Level II certification.
8+ years of experience in cybersecurity or a related field, 2+ years of experience Windows/Linux, 2+ years of cybersecurity experience in the Department of Defense (DoD) or Intelligence community.
2+ years of experience as a Cyber or Security Analyst for federal information systems.
2+ years of experience with the Federal Risk and Authorization Management Program (FedRAMP).
Preferred Requirements:
IAT level III certification (CASP+ CE, CCNP Security, CISA, CISSP (or Associate), GCED, GCIH), or ability to obtain certification within six months of hiring.
Experience with the Special Access Programs (SAPs) and Intelligence Community (IC).
Knowledge and/or understanding of Joint Special Access Program Implementation Guide (JSIG)
Strong familiarity with the Risk Management Framework (RMF), Federal Information Security Management Act (FISMA), and National Institute of Standards and Technology (NIST) FIPS 199/200 and Special Publications.
Experience with the Federal Risk and Authorization Management Program (FedRAMP).