TITLE: Sr. Command Cyber Readiness Inspection (CCRI) Analyst and RMF/FISMA Assessor- Immediate hire
DESCRIPTION: Working independently and at other times together as a team, this position provides technical security assistance and guidance to SecureStrux customers in support of the Defense Information Systems Agency (DISA) and USCYBERCOM CCRI Phase IV program, Staff Assist Visits (SAVs) and Assessment & Authorization (A&A) Support. The position requires technical knowledge of how to use ACAS (Tenable Security Center/Nessus Scanner), McAfee ePO Services and HBSS, Database, Web, and Active Directory, and network security reviews. As a CCRI consultant, you will use the DoD Security Technical Implementation Guides (STIGs), https://employers.indeed.com/j#relevant CTOs, CND Directives, Contributing Factors, and various DoD auditing and reporting tools to provide customers with a risk assessment of the target to the DoD customer and Team Lead throughout the entire review process.
LOCATION: This effort is centralized in the East Coast with some travel to the West Coast, however candidate location is flexible and telework allowed when not traveling.
TRAVEL: Up to 50-70% travel CONUS
MINIMUM CITIZENSHIP/CLEARANCE REQUIREMENT: US Citizen / DoD Secret
- Perform vulnerability assessments using DISA security content automation protocol (SCAP) compliant tools on various Operating Systems, Network Appliances, and Applications.
- Perform various manual assessments using the appropriate DISA STIG, or Security Checklists in cases where automated tools cannot provide proper assessment of security controls.
- Prepare Status reports and Gap Analysis Reports
- Prepare site for upcoming CCRIs
- Provide Risk Assessment guidance and assist in preparing After Action Plans (AAPs)
IDEAL CANIDATE’s SKILLSET:
- 8570 IAT/IAM LVL II or III Certified
- DISA RCP certified a plus
- Experience with CCRI SAVs
- Experience conducting CCRI Security Assessments
- Strong grasp of Network, Operating System and Applications Security
- Comprehensive, hands on experience with Information Assurance and Cybersecurity Assessments in securing Web, databases, and McAfee’s ePolicy Orchestrator (ePO) and Host Based Security System (HBSS) endpoint products
- Familiar with the DoD 8500.2 or NIST SP 800-53 Information Assurance (IA) Controls, Assessment and Authorization (A&A) and Risk Management Framework (RMF)
- Experience with Windows or UNIX security hardening and Network Security
- Experience with any of the following technologies: Network Routing, Switching/Firewall/ACL administration, Cisco, Foundry, Juniper, Nessus, and other Vulnerability Scanning Tools, DHCP, DNS, Active Directory or other Directory Services, UNIX/Linux OS Experience, Windows 2008, SharePoint, Exchange and Blackberry Enterprise Services, McAfee ePO, and HBSS, SQL Databases, Web Applications Services, other Microsoft User and Server Applications
HIGHLY DESIRED SKILLS:
- 3+ years of solid experience in IT Security / Cyber Security / Information Assurance field
- Ability to communicate complex technical and programmatic information
- Ability to work with a team in a diverse environment
- Strong writing, presentation and professional communication skills
- Excellent organizational skills and ability to develop and execute multiple priorities and approaches to meet objectives.
HIGHLY DESIRED CERTIFICATIONS: Security+, CISA, CISSP, CASP, GCIH, GCED.
When responding, please include the following questions and answers in your email:
1. When will you be available to start?
2. What is your expected salary?
3. What is your daytime phone number?
This is a great opportunity for those who have a strong background in IA and Cybesecurity. We offer a competitive salary and a flexible and relaxed working environment. If you are ready to join a winning team and take the next step in your career, apply today.
SecureStrux is proud of our diverse environment, EOE, M/F/Disability/Vet.