drjobs Cyber Vulnerability Assessment Analyst SME with TSSCI

Cyber Vulnerability Assessment Analyst SME with TSSCI

Employer Active

1 Vacancy
drjobs

Job Alert

You will be updated with latest job alerts via email
Valid email field required
Send jobs
Send me jobs like this
drjobs

Job Alert

You will be updated with latest job alerts via email

Valid email field required
Send jobs
Job Location drjobs

Arlington County - USA

Monthly Salary drjobs

$ $ 200 - 200

Vacancy

1 Vacancy

Job Description

Job Summary

Our client is seeking a Cyber Vulnerability Assessment Analyst SME to support a Federal cyber security program.

Position: Fulltime

Citizenship: U.S. Citizenship

Job Title:

Location: Arlington VA (or Pensacola FL) and Remote

Security Clearance: Top Secret SCI

Project overview:

POA&M Management
The POA&M tracker lists mitigation and milestones with completion dates and serves to track
the resolution of vulnerabilities and noncompliance with security controls identified during
assessments and at any point during the systems life cycle. The Contractor shall provide a
mechanism for vulnerability and POA&M management. The status must be updated on a weekly
basis. Recommendation for closure is based on changes made to the system to remediate issues
or to mitigate the risks with the necessaiy suppo1ting evidence presented for resolution. The
Contractor shall prepare a detailed weekly status of all activities including status of open/closed
action items POA&M status/milestones and any other pertinent data points as requested by the
Government.

Vulnerability lManagement
The Contractor shall perform management of technical and policy related findings as a result of
compliance vulnerability and penetration testing and internal reviews. The Contractor must
meet with product and service teams as required to track progress and serve as a security subject
matter expe1t on issues requiring clarification and resolution. The Contractor shall provide
guidance to ensure vulnerabilities are prioritized fixed mitigated or risk accepted. The
Contractor shall deliver remediation tracking for all outstanding issues using an automated
process to manage results trending and report. Risk mitigation strategies recommendations and
applicable security controls must be documented and must include cost effective solutions that
suppot mission goals.

Security Review of System Changes
The Contractor shall review change requests to ensure the proposed changes are in accordance
with all security requirements in effect at the time of the change request. The contractor must
provide a recommendation to the Government as to whether the change request should be
approved approved with certain conditions or disapproved citing the reason for disapproval.
The Contractor shall maintain a reposito1y where eve1y change request is stored along with the
analysis performed by the contract for each change request. The Contractor shall also caphll"e
and store pe1tinent a1tifacts for each change request in a location commensurate with the
classification level of the artifacts. The Contractor shall prepare a detailed weekly status of all
activities including status of change requests open/closed action items and any other pe1tinent
data points as request by the Government.

Comprehensive Security Technical Documentation
Activities related to managing organizational and program risk are paramount to an effective
information security program especially for complex information systems. The Contractor shall
work with the product and service teams throughout the RMF process. The Contractor shall
perform reviews of the policies procedures and related documentation currently maintained by
program staff to identify missing or outdated documentation. Subsequent reviews should be
performed on an annual basis at a minimum or as directed by the Government. In suppo1t of this
activity the Contractor shall develop and maintain documentation as required by security
controls outlined in NIST 80053a which include the following:
Program policies and common controls
Standard Operating Procedures (SOPs)/Guides
Program common controls
Security artifacts and a1tifact templates and
Concept of Operations (CONOPS)
Other securityrelated technical documentation as directed by the Government.
The Contractor shall update the aforementioned processes procedures and other living
documents as needed and create new work products to fill identified gaps. The Contractor shall
review and provide guidance for documentation developed by the service and product teams
ensuring that these work products are completed following NIST guidance commercial best
practices and the applicable federal policies. The Contractor shall provide guidance to service
and product teams for security information systems in accordance with CNSSI 1253 and NIST
SP. The Contractor shall review work products including
security artifacts to ensure that the target is secured/documented appropriately (i.e. in
accordance with CISA and DRSdefined security requirements) and that the documentation
reflects and properly addresses CISA and DHS security requirements. In addition the Contractor
shall support service and product teams with the selection and tailoring of security controls
appropriate to the information system and the systems security objectives for confidentiality
integrity and availability in accordance with NIST and CNSS guidance. The Contractor shall
perform this iteratively throughout the system life cycle. The Government shall make the final
determination as to the work product that is considered acceptable.
A scheme for storing and managing all documentation must be developed and/or maintained
under this contract and as appropriate disseminated via mechanisms such as Microsoft
SharePoint. The tools and methods selected to perform this function must be approved by the
COR/GOV POC prior to implementation if different than the tools currently in use.

Additional activities include ML Security Operations Offensive Security risk assessments consistent communication and detailed technical documentation.

Responsibilities and Duties:

The SME Cyber Vulnerability Assessment Analyst is responsible for leading penetration testing developing advanced security scenarios and testing systems against those scenarios developing advanced security architectures for the implementation of custom countermeasures provides security considerations to advise system engineering teams with the objective to reduce errors flaws and weaknesses that may constitute security vulnerability performing advanced code analysis and performing advanced protocol analysis for nationstate and statesponsored cyber threat actor capabilities.

Required skills:
  • 10 years of proven experience as a Security Engineer with supervisory/leadership abilities to oversee large teams responsible for planning analyzing implementing and maintaining many different projects.
  • This individual must have experience assessing security implementation of cloud and hybrid environments to include pipelines applications and services
  • Experience ensuring an industry best practice implementation utilizing agile practices for scanning and end to end vulnerability remediation
  • Expert in all information security planning compliance and risk management manage teams ensure they have appropriate skill sets and tie the teams and results together;
  • experience in identify vulnerabilities and understand and recommend countermeasures
  • Experience with analyzing the network to determine if appropriate security is applied; possess and apply knowledge NIST RMF;
  • Developed and implemented test plans and ensure execution; and evaluates the costs and benefits of security functions and considerations from analysis of alternatives engineering tradeoffs and risk treatment decisions.
  • The SME Cyber Vulnerability Assessment Analyst requires an active clearance up to TS/SCI security clearance.

Preferred Qualifications and Skills

  • Agency experience (ideally DHS CISA)
  • Cyber program experience
  • SAFe and DevSecOps experience

.



PM PMP Top Secret

Employment Type

Full Time

Company Industry

About Company

Report This Job
Disclaimer: Drjobpro.com is only a platform that connects job seekers and employers. Applicants are advised to conduct their own independent research into the credentials of the prospective employer.We always make certain that our clients do not endorse any request for money payments, thus we advise against sharing any personal or bank-related information with any third party. If you suspect fraud or malpractice, please contact us via contact us page.