Cyber Compliance SME

Snowcreek Consulting • Falls Church, Virginia, United States • 3w ago

Snowcreek Consulting, LLC

POSITION SUMMARY:

Snowcreek Consulting is hiring a Cyber Compliance SME to support the Defense Information Systems Agency (DISA) Joint Service Provider (JSP) on the Platform Services Contract.

As the Cyber Compliance SME you will:

Serve as the knowledge expert of all security related aspects of the JSP computing environment.
Provide expertise implementing and maintaining security postures within complex network architectures.
Provide expertise in Defense in Depth concepts supporting DoD infrastructures, C&A, physical and personnel security concepts.
Provide the appropriate level of confidentiality, integrity, availability, authentication, and non-repudiation IAW DoD 8500.01, DoD 8500.2, Chairman of the Joint Chiefs of Staff Manual (CJCSM) 6510.01, NIST 800-37 Risk Management Framework, NIST 800-137 Information Security Continuous Monitoring, as well as local security policies created and enforced by JSP’s Cyber Security Center.
Work in support of other JSP customer organizations to integrate and automate IA solutions.
Establish a robust security posture for JSP IT environments by independently identifying vulnerabilities, remediating found vulnerabilities, and improving processes to maintain a robust security posture as it pertains to the Information System (IS) vulnerability management.
Ensure that all managed assets are compliant and communicating with all required security tools, such as HBSS, ACAS, Splunk, Tanium and SCCM.
Provide System/Windows updates. Support all versions of the JSP standard image security updates and policies to include technology enhancements, upgrades, and/or replacements and address security vulnerabilities as prescribed by DoD orders which include U.S.Cyber Command (USCYBERCOM), JFHQ DODIN and DISA.
Provide computer security response support. Provide immediate response in the investigation of computer security incidents deemed to originate from the Platform Services in line with CJCSM 6510.01.
Ensure all assets supported by JSP are fully compliant with JFHQ-DODIN OPORDS, TASKORDs (10-12 a month), IAVM notifications and STIG requirements per published compliance dates.
Provide compliance support. Ensure all assets supported by JSP are fully compliant with JFHQ-DODIN OPORDS, TASKORDs (10-12 a month), IAVM notifications and STIG requirements per published compliance dates.
Provide compliance with IA, Hardware, Software, Procedural, Physical, and Personnel Security Inspections Support. Assist the Government Security/IA Manager(s) in the development, implementation, and execution of a facility-wide, fully compliant security program for all aspects of Physical Security, Personnel Security, IA Security, Communications Security, and Government-required compliance monitoring, reporting, and tracking.
Provide RMF program and processes that enables system owners to ensure systems are compliant and operating under appropriate security and assurance controls for the full system lifecycle.
Support the Connection Approval Program (CAP), A&A Support and Tenant Security Plan (TSP). Support all activities needed to obtain A&A on all the tenant networks, equipment, and systems at all classification levels with the JSP IT platform services and hosted levels.

REQUIRED QUALIFICATIONS:

Active DoD Top Secret clearance
Bachelor of Science Computer Engineering, Computer Information Systems, Telecommunications, or Management Information Systems, or 5 recent years of documented experience relevant to this key position.
Information Assurance (IA) Certification: DoD 8570 IAM II certification. (CAP, CASP+ CE, CCISO, CISM, CISSP, GSLC)
Computing Environment (CE) Certification: Recent and relevant technical certification.
Proven experience implementing and maintaining security postures within complex network architectures.
Possess knowledge of Defense in Depth concepts supporting DoD infrastructures, C&A, physical and personnel security concepts.
Demonstrated ability for oral and written communication with the highest levels of management.
Experience in a DoD Technology environment.
Experience/knowledge of the DoD IAVM programs.
Knowledge of the DISA VMS and CMRS.
Knowledge of the Army Automated Vulnerability Tracking & Reporting (AVT&R) System.
Knowledge of the DoD vulnerability scanning requirements utilizing DOD DRSI Standards and Tools.
Experience in FISMA, OMB, DoD IG Inspection, ACA, and other accreditation and certification programs.
3 years’ experience securing Operating Systems to comply with DISA STIGs; network experience configuring and maintain desktop firewalls.
Knowledge of the Defense in Depth concepts and implementation.
Knowledge of physical and personal security experience.
Knowledge of A&A processes RMF NIST SP-800-37.
Knowledge of NIST SP 800-53R Common Control documentation and validation.
Knowledge of Incident Response, Auditing, and CNDSP.
Knowledge of Cyber tools HBSS and ACAS.
Experience/Knowledge with Splunk, Tanium.
Knowledge of and comprehension on how to implemSent 8570.01-M./DoD 8140.
Demonstrated ability for oral and written communication with the highest levels of management
ITILv4 certification preferred