DESCRIPTION: Working independently and at other times together as a team, this position provides technical security assistance and guidance to SecureStrux customers in support both Defense Security Service’s Security Vulnerability Assessments (SVAs) and Defense Information Systems Agency (DISA) and USCYBERCOM CCRI Phase IV program. The position requires technical knowledge of how to secure network and application architectures and how they interact with other systems. As a SVA and CCRI Lead and or Reviewer, you will use the DoD Security Technical Implementation Guides (STIGs), relevant CTO’s, CND Directives, Contributing Factors, and various DoD auditing and reporting tools to provide customers with a risk assessment of the target to the DoD customer and Team Lead throughout the entire review process.
LOCATION: Telework, but must live in Northeast
TRAVEL: Up to 65%
CITIZENSHIP/CLEARANCE REQUIREMENT: US Citizen / Secret
- Perform vulnerability assessments using DoD security content automation protocol (SCAP) compliant tools on various Operating Systems, Network Appliances, and Applications
- Perform various manual assessments using the appropriate DISA STIG, Security Readiness Guide (SRG) or
- Security Checklists in cases where automated tools cannot provide proper assessment of security controls
- Prepare Status reports and Gap Analysis Reports
- Prepare sites for upcoming CCRI
- Provide Risk Assessment guidance and assist in preparing After Action Plans (AAPs)
- Experience with conducting DSS SVA or CCRIs
- Familiar with the DoD 8500.2 or FISMA 800-53 Information Assurance (IA) Controls, Certification and Accreditation (C&A) and Risk Management Frameworks (RMF)
- Experience with many of the following technologies: Network Routing, Switching/Firewall/ACL administration, Cisco, Foundry, Juniper, Nessus and ACAS, and other Vulnerability Scanning Tools, DHCP, DNS, Active Directory or other Directory Services, UNIX/Linux OS Experience, Windows 2008, SharePoint, Exchange and Blackberry Enterprise Services, McAfee ePolicy Orchestrator and HBSS, SQL Databases, Web Applications Services, other Microsoft User and Server Applications)
HIGHLY DESIRED SKILLS:
- 5+ years of solid experience in IT Security / Cybersecurity / Information Assurance field
- Ability to communicate complex technical and programmatic information to both technical engineers and leadership
- Ability to work with a team and be team minded.
- Strong writing, presentation and professional communication skills
- Excellent organizational skills and ability to develop and execute multiple priorities and approaches to meet objectives
- Already obtained or at a minimum have the willingness to quickly take and pass Security+ and/or equivalent certification within 30 days of employment
HIGHLY DESIRED CERTIFICATIONS:
CISSP, CISM, MCSE, MCSA, CCNA, RHCSA, CAP, Security +, other industry standard IT Security certification(s), and/or other DoD approved 8570 IAM Level II & III Certifications.
When responding, please include the following questions and answers in your email:
1. When will you be available to start?
2. What is your expected salary?
3. What is your daytime phone number?
4. Are you a United States citizen?
5. Do you have an active DoD Clearance?
6. What certifications do you have?
This is a great opportunity for those who have a strong background with CCRIs and cybersecurity and in an enterprise-wide systems management environment. We offer a competitive salary and a flexible and relaxed working environment. If you are ready to join a winning team and take the next step in your career, apply today by sending the answers to the above questions, a cover letter, and your résumé.
SecureStrux is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to age, race, color, religion, gender, national origin, protected veteran status, or disability status.