IT Cyber Security Specialist (contingent 034)

Title : IT Cyber Security Specialist (contingent 034)

Journeyman to assess Cooperative Vulnerability and Penetration Assessments and Adversarial Assessments. TS/SCI required.

Requirements :

• Subject matter expert on Cybersecurity/Information Assurance activities based upon a comprehensive knowledge of the principles, policies such as DoD Instruction 8500.01, DoD Instruction 8510.01, AR 25-1 and AR 25-2, pertinent laws, regulatory requirements and procedures applicable to each CPE IEW&S program management office, HQ staff, and other external organizations.


• Review Cybersecurity packages (RMF), using eMASS, for content and presentation of evidence of proper implementation of Cybersecurity requirements for the Designated Approving Authority (DAA/AO).


• Provide feedback and consultation to Information System Security Officers (ISSO’s) to ensure that Authorization to Operate (ATO), Interim Approval to Operate (IATO), Interim Authority to Test (IATT), and Approval to Connect (ATC) packages meet the CPE standard.


• Provide technical expertise to PMs in developing Cybersecurity Strategies (CSSs) as required by the Clinger-Cohen Act and DoD Acquisition policy, coordinate these CSSs with HQDA for Army CIO/G6 Approval to support major milestone decisions.


• Review and coordinate with appropriate stakeholders to respond to taskings from HQDA, CPE IEW&S Staff, CECOM Staff, other agencies, and Warfighters in the field as they relate to Cybersecurity for CPE IEW&S Tactical and Developmental systems. (Such as: Public Key Infrastructure & Host Based Security Systems waivers & exemptions, Windows XP, Vista, and Server 2003 elimination.)


• Maintain the APMS (Army Portfolio Management Solution) database for tracking Information Assurance accreditation status and provide portfolio (acquisition) management oversight of all the Program Manager’s projects, for FISMA (Federal Information Security Management Act) compliance.


• Manage and maintain on-line repository of current CPE IEW&S Authorization and Accreditation (A&A) documentation within all cybersecurity repositories (eMASS, Xacta), and the Army Knowledge On-line (AKO)-SIPRNET.


• Provide Cybersecurity engineering subject matter expertise.


• Review and assess Cooperative Vulnerability and Penetration Assessments and Adversarial Assessments.


• Consult with PM staff with regard to the implementation of the Risk Management Framework (RMF) and associated security controls.


• Serve as a subject-matter expert for the implementation of component-level policy, coordinate exceptions to policy at the headquarters level for tactical equipment and mission requirements.


• Identify cybersecurity requirements for systems in acquisition or development to comply with published RMF requirements, Cyber Tasking Orders (CTOs), Security Technical Implementation Guides (STIGs), policies, and analyze the requirements development and design process across the program offices of CPE IEW&S.


• Provide leadership portions of Army vulnerability management and Assess and Authorization (A&A) processes, including analyzing, reviewing, or verifying Plans of Action and Milestones (POA&Ms), evaluating the overall risk posed by vulnerabilities to Army missions, networks, and data, and making recommendations to the Authorizing Official.


• Lead A&A activities within established timelines, recommend courses of action for program managers and system owners to ensure compliance with FISMA, DoD and Army standards, and policy, and maintain an acceptable level of risk.


• Develop cybersecurity education, training, mitigation strategies, and cybersecurity awareness at the headquarters level.


• Develop processes to assist the Army in the development and lifecycle of information system packages; this includes creating templates and ‘how-to’ guides for implementing waivers, documents, and other important system artifact requirements.


• Serve as a subject matter expert to provide technical guidance and recommendations to staff, stakeholders and leadership on all aspects of cybersecurity.


• Oversee product teams to ensure cybersecurity objectives are met.


• Plan, execute and provide technical expertise in obtaining ATO or appropriate interim authorities.

Education/Experience :

• Bachelor’s degree and a minimum of eight (8) years related work experience is required.


• Experience with the eMASS software tool. Experience with the Risk Management Framework (NIST 500-XX)


• IAM Level 3 certification per DoD 8140 and DoD 8570 within first 6 months.


• TS/SCI required.