Job Details

Overview

Performs assessment and authorization coordination. Advises and assists the customer with Risk Management Framework (RMF) and develops a Plan of Action and Milestones for resolving network deficiencies in accordance with DODI 8510.01 and ICD 503. The duties include assessing network compliance against controls listed in NIST 800-53 and creating A&A packages. Performs assessment, compliance, and validation of IT systems to support the Cybersecurity program at USSOCOM, its Component Commands, TSOCs, and deployed forces.

The contractor shall execute a comprehensive assessment, compliance and validation of customer networks to ensure compliance with regulations and security standards. The end goal is to ensure the integrity of customer systems by identifying and mitigating potential shortcomings and vulnerabilities. Advises USSOCOM, its Component Commands, TSOCs, and deployed forces on network and system risks, risk mitigation courses of action, and operational considerations.

Responsibilities

• Advise USSOCOM, its Component Commands, TSOCs, and deployed forces on network and system risks, risk mitigation courses of action, and operational considerations.
• Perform security evaluations and vulnerability assessments using DoD ACAS, Nessus, and Security Content Automation Protocol tools; identify applicable STIGs and perform assessments using SCAP tools.
• Liaise with network and system administrators to correct identified deficiencies; review scans for new systems and applications introduced into the SOF environment and draft certification letters for the government.
• Coordinate with the Site Integration Facility (SIF) to ensure systems and applications meet DISA STIG requirements.
• Maintain awareness of cyber network defense tools such as endpoint security, SIEM, and related protections.

Typical duties

• Track A&A status of SIE-governed ISs and ensure artifacts and documentation are available in USSOCOM-chosen automated tools.
• Provide DoD & IC RMF subject matter expertise to USSOCOM and partners; assist with development and execution of the RMF program.
• Maintain, track, and validate DISN, cloud, and DIA connection approval packages across USSOCOM and subordinate commands.
• Develop and maintain documentation for networks, cloud environments, information systems, and technologies as they introduce into the SIE.
• Develop and review A&A for networks, cloud environments, systems, services, and devices to obtain an ATO/IATT/ATC.
• Perform risk and vulnerability assessments of IT/IS for authorization; prepare risk assessment reports for submission to the AO/DAO/DAA per applicable policies.
• Support enforcement of A&A and connection standards; track and report compliance with cybersecurity directives to higher headquarters (e.g., USCYBERCOM, DIA).
• Develop ISCM plan and address ongoing awareness of vulnerabilities, controls, and threats to support risk management decisions.
• Coordinate with USCYBERCOM, DoD, DIA, NSA, DISA to resolve security issues, waivers, and approvals.
• Perform security authorization and assessments for networks, cloud, information systems, hardware, software; implement policy and provide project management support.
• Validate patching, perform validation scans, develop POA&Ms, and report per policies and regulations.
• Provide COA development and implementation of cybersecurity mitigation strategies; implement processes to mitigate vulnerabilities for software and hardware deployments.
• Identify, implement, and validate continued effectiveness of key performance parameters and security measures; perform analytics on cybersecurity posture and report to AO/DAO and stakeholders as required by ISCM directions.

Knowledge, Skills and Abilities

• Experience with US Combatant Commands (USCENTCOM/USSOCOM) is desired.
• Technical background with system administration, architecture, and engineering; networking, identity management, Microsoft and Linux OS, databases, and mobility.
• Working knowledge of RMF; familiarity with Telos Xacta or eMASS is desired.
• Excellent written and verbal communication and interpersonal skills.
• Knowledge of DoD IA processes and policies (DODI 8510.01, NIST, CNSS, CJCSM 65101.01, Incident Response, etc.).
• Active TS/SCI clearance required.

Experience, Education & Certifications

• Years of Experience Required: 8+ years
• Education Required: BA / BS
• Certification Required: Current DoD 8570.01-M, IAT- Level III or IAM Level III
• Example Certs: CISSP (or Associate), CASP+CE, CISA, CISM, CCISO, GCED, GCIH, CCSP, or GSLC

Essential Functions & Work Environment

• Work Environment: Most work is in a cubical environment inside a large facility. Travel to CONUS/OCONUS locations may be required.
• Physical Requirements: Sitting at desk, PC use, filing; may lift up to 25 lbs.
• Equipment: Office equipment and Microsoft Office Suite (Project, Visio).
• Attendance: 8 hours/day, 5 days/week; standard hours 07:30–16:30 with 1-hour lunch.
• Other Essential Functions: Professional conduct, organization, task prioritization, effective communication, and client-aligned presentation standards.
• Security: The position requires a US government security clearance. If you possess dual citizenship, you may be required to relinquish foreign citizenship to obtain clearance.