Chenega Corporation Cybersecurity Officer in Alexandria, Virginia
The Cybersecurity Officer supports the Arm Geospatial Center (AGC) Information System Security Manager (ISSM) with Assessment and Authorization and Access Only activities in accordance with DoDI 8510.01 and Network Enterprises Technology Command (NETCOM) Tactics, Techniques, and Procedures (TTP) for Risk Management Framework (RMF) processes.
Identify, mitigate, and resolve cyber security incident issues and concerns.
Develop guidelines/plans, analyze, review, and mitigate in the areas of security incident response and mitigation strategies, vulnerability scanning, writing security assessments, and other cybersecurity-related activities and mandates.
Respond to all Cyber security notices as directed by the Cyber Security Service Provider (CSSP) and pertinent service providers, take action to comply with security notices, and record compliance.
Provide technical support, including documentation, to enable AGC systems to meet the requirements of receiving an Authority to Operate (ATO) accreditation decision via the Department of Defense (DoD) Risk Management Framework (RMF).
Support operational cybersecurity activities, including vulnerability scanning, Information Assurance Vulnerability Management (IAVM) compliance, Security Technical Implementation Guide (STIG) and Security Requirements Guide (SRG) application, assessment, and remediation, and Plans of Action and Milestones (POA&Ms).
Support cybersecurity governance, risk, and compliance by providing plans, policies, and procedures relevant to AGC’s systems, applications, and networks, including AGGC-R Cloud, C2IE, and OHASIS.
Maintain AGC’s Tenant Security Plans (TSP) for Secret Internet Protocol Router (SIPR) and Non-Secure Internet Protocol Router (NIPR), Authority to Operate (ATO) for JWICS, and Interim Authority to Test (IATT), Approval to Connect (ATC), and any other documentation necessary to support AGC’s network connections and mission systems.
Manage the eMASS records for AGC’s mission systems and enclaves, create and track POA&Ms, track IAVM and STIG compliance, and manage eMASS artifacts necessary to support evidence for applicable security controls.
Support Risk Management Framework (RMF) activities, including categorization of systems IAW National Institutes of standards and technology (NIST SP 800-60), selection of security controls IAW CNSSI 1253 and NIST SP 800-53, assessment of security controls IAW NIST SP 800-53A, development and implementation of Continuous Monitoring Plans IAW NIST SP800-137, STIG Traceability Matrix, hardware/software/firmware list, and System Security Plan (SSP).
Participate in Configuration Process (CM) process through representation on the Technical Review Board (TRB) and Configuration Control Board (CCB) and provide a security impact assessment for changes submitted through Request for Change (RFCs).
Responsible for the continuous monitoring of AGC’s systems, applications, and networks.
Configure vulnerability scanning, analyze results, and close or mitigate findings.
Organize the assessment of AGC GISO IT assets using applicable STIGs, SRGs, and/or vendor supply hardening guidelines.
Responsible for configuring AGC GISO IT assets for vulnerability scanning and ensuring 100% coverage using credentialed scans.
Coordinate with Regional Network Enterprise Command-National Capital Region (RNEC-NCR), C5ISR, GISA as necessary to ensure vulnerability assessment tools are in place and working properly.
Analyze vulnerability scan results and resolve open findings. For findings that cannot be closed, the Senior Information Security Specialist creates a POA&M and recommend mitigation(s) to lessen the impact of the vulnerability. IAW with Army Cyber Command (ARCYBER OPORD 2016-129) submits Operational Impact Statements (OIS) for Critical and High Information Assurance Vulnerability Alerts (IAVAs).
Support response procedures for cybersecurity incidents, like breaches, spillage, and insider threat actions.
Maintain all cybersecurity documentation required for accreditation for AGC’s GISO assets, including but not limited to architecture diagrams, boundary diagrams, data flow diagrams, ports, protocols, and services exception requests, PKI certifications, IA metrics, and Privacy Impact Assessments (PIA) in the requisite cybersecurity document repository.
Provide input to the weekly and monthly status report covering technical activities for this functional area, including priorities, tasks, accreditation due dates and schedules, POAM status, metrics, continuous monitoring tasks, et al.
Other duties as assigned.
5+ years of experience with DoD
TS/SCI clearance required
DoD 8570 IAM II required
DoD 8570 IAM III preferred
The position requires a COVID vaccination or an approved accommodation/exemption for a disability/medical condition or religious belief
Knowledge, Skills and Abilities:
Trained and proficient with DoD vulnerability scanning tools, including Assured Compliance Assessment Solution (ACAS), Security Content Automation Protocol Compliance Checker (SCC), Security Technical Implementation Guide (STIG) Viewer, Endpoint Security Solution (ESS), and AWS GovCloud security tools, including AWS Security Hub, Amazon Inspector, AWS Config, Amazon Guard Duty, Amazon Detective, and Amazon Macie.
Shall possess expert knowledge and in-depth experience with:
Application and system assessment, determination of accreditation requirements (Assess Only, ATO, IATT, etc.).
Categorization of information systems and/or data types IAW NIST SP 800-60 Vol II.
Establishment of Security Requirements Traceability Matrix which identifies applicable DISA STIGs and SRGs.
Selection of security controls per NIST SP 800-53 and CNSSI 1253.
Writing System Security Plan (SSP), associated security controls assessment artifacts, and PO&AMs.
Application of Defense Information Systems Agency (DISA) STIGs and SRGs.
Management of security controls assessment artifacts in eMASS in preparation of packages for Risk Management Frameworks (RMF) (DoDI 8510.01, NIST SP 800-37) processes.
Evaluation of security controls per NIST SP 800-53A.
Implementation of continuous monitoring solutions per NIST SP 800-137.
Knowledge and experience with current DoD and Army IA policies and procedures, RMF certification and accreditation procedures and requirements, and APMS reporting procedures and an understanding of the unique acquisition community IA issues.
Working knowledge and access to the Army Portfolio Management System (APMS) and the ability to lead/oversee Program Protection Planning (PPP) and Security Classification Guide development and production for developmental and production systems.
Knowledge and experience in the security sub-disciplines supporting Army IA, certification and accreditation, IA security testing, and security management for both developmental and production systems, including but are not limited to Communications Security, Physical Security, Operations Security (OPSEC), Risk Assessments, Personnel Security, Tempest, Network Security, Security Inspections, and User Training.
Must have an advanced working knowledge of a variety of computer software applications in word processing, spreadsheets, database (MSWord, Excel, Access, PowerPoint), and Outlook.
Familiarity with Army and DoD regulations concerning IA implementation.
#Chenega IT Enterprise Services, LLC
Chenega Corporation and family of companies is an EOE.
Equal Opportunity Employer/Veterans/Disabled
Native preference under PL 93-638.
We participate in the E-Verify Employment Verification Program