Overview: Seeking high-level IT Professionals to provide Continuous Monitoring/POAM Management support and improving the Continuous Cyber Security posture within the National Military Command Center
Roles and Responsibilities:
Experience with continuous monitoring and Plans of Actions and Milestones (POA&Ms)
Must be able to work in a constantly changing regulatory environment with short, mid, and long term timelines for remediating any non-compliance
Must be able to work well within a team environment and able to adapt quickly to change
Maintain cybersecurity procedures and processes as assigned
Able to analyze, interpret, and apply Federal cybersecurity guidance to customer needs
Communicate the security posture of systems through designated reporting mechanism
Assist in preparation and review documentation to include System Security Plans (SSPs), Risk Assessment Reports (RAR), and other Assessment & Authorization (A&A) artifacts
Assist in the research and address information security issues as required, and develop and maintain the Plan of Action and Milestones (POA&M) and support remediation activities
Develop and advise development of Assessment and Authorization (A&A) artifacts and security documentation to include, but not limited to System Security Plans (SSP), Plan of Action and Milestone (POAM), Contingency Plan, Incident Response Plan, ConfigurationManagement Plan
Assist with pre-assessment preparation
Perform Risk Management Framework (RMF) activities to achieve Authority to Operate (ATO).
Perform continuous monitoring of security controls to ensure that they are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the cybersecurity requirements for assigned IT systems.
Advise system owners on all matters, technical and otherwise, involving the security of assigned IT systems
Strong verbal and written skills required providing management status reports and document system changes
Analyze problems and provide focused solutions to effectively communicate information to various audiences verbally and through written communications.
Develops and maintains POA&Ms and supports remediation activities in coordination with the customer and Security Engineers
Maintains an inventory of hardware and software for information systems for the client
Conduct reviews of closed Plan of Actions and Milestones (POA&M) for completeness and compliance
Develop and support the ongoing authorization (OA) process that includes continuous monitoring
Monitor security controls for ISs to maintain security Authorized To Operate (ATO)
Upload all security control evidence to the Governance, Risk, and Compliance (GRC) application to support security control implementation during the monitoring phase
Will manage A&A document repository and assure IT system security documents are current and compliant
Develop and update assessment and authorization documentation (Body of Evidence) for management and continuous monitoring of information systems
Ensure that changes to IS, its environment, and/or operational needs that may affect the authorization status are reported to the system owner and IS Security Manager (ISSM)
Shift Hours: Day-Shift; core support hours are 0600 -1800
Required Skills:
Bachelor Degree or equivalent work experience and certifications
Active TS/SCI Security Clearance
Current DoD 8570 baseline certification for IAT II (one of the following: GSEC, Security+CE, SCNP and SSCP certifications)
3-5 years of Cyber Security experience
2 Years of IT experience (Networking/System Administration)
Working knowledge of security system controls, policies, technical security safeguards, and operational security measures
Familiarity with DoD STIG process
Excellent verbal and written communication skills.
Executing the security assessment and authorization (or ATO) process with independent assessors
Executing Continuous Monitoring and maintaining the security posture of IT systems day to day
Desired Skills:
Past or current ISSM/ISSO experience
DoD IS knowledge and experience
Must be highly organized and detail oriented
Must be able to take initiative and work independently or as a member of a team
Must demonstrate proficiency in the following areas: multi-tasking, critical thinking; and the ability to work quickly, efficiently and accurately in a dynamic and fluid environment
Familiar with NIST publications, specifically RMF and NIST controls
Experience developing A&A documentation from scratch and performing assessments; RMF step 1 through 6
Working knowledge of Enterprise Mission Assurance Support Services (eMASS) and XACTA