Cyber Security SME Technical 2
Apply NowCompany: Kurz Solutions
Location: Falls Church, VA 22042
Description:
Cyber Security SME Technical 2
Level III (Senior Security Project Manager)
The Best County in the US to Live...
The Community - Falls Church, VA
The City of Falls Church is a unique and historic city. Besides featuring quick access to renowned museums and art galleries in nearby Washington, D.C., almost every neighborhood is a treasure of its own with a variety of restaurants and shops that reflect the city's great ethnic and cultural diversity. A new ranking by 24/7 Wall Street determined Falls Church City is the best "county" to live in around the U.S., at least based on the quality of life.
Requirements (Duties include but are not limited)
KurzSolutions is committed to improving health outcomes by providing well-managed companies with the top healthcare talent in the market.
www.kurzsolutions.com
Level III (Senior Security Project Manager)
The Best County in the US to Live...
The Community - Falls Church, VA
The City of Falls Church is a unique and historic city. Besides featuring quick access to renowned museums and art galleries in nearby Washington, D.C., almost every neighborhood is a treasure of its own with a variety of restaurants and shops that reflect the city's great ethnic and cultural diversity. A new ranking by 24/7 Wall Street determined Falls Church City is the best "county" to live in around the U.S., at least based on the quality of life.
Requirements (Duties include but are not limited)
- General Cybersecurity requirements - Information Systems include design, development, developmental testing, operational testing, integration, implementation, operation, upgrade, or replacement of DHA IT in support of DHA tasks and missions.
- Shall comply with DoDI 8582.01 "Security of Unclassified DoD Information on Non-DoD Information Systems" and "Cybersecurity" and National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53/53a and NIST SP 800-37, "Risk Management Framework (RMF)" Guide for Applying the Risk Management Framework to Federal Information Systems, as well as emerging DoD Cybersecurity policy designed to address evolving threats and submit requirements contain in Contract Data Requirements List (CDRL) A002.
- Shall identify the security controls in accordance with Committee on National Security Systems (CNSS) Instruction No. 1253, "Security Categorization and Control Selection for National Security Systems" as outlined within NIST SP 800-171, based on the categorization of confidentiality, availability and integrity of the information type and information technology provided by the government.
- Shall implement security controls in accordance with NIST implementation and validation requirements specified in the NIST SP 800-37 Risk Management Framework (RMF).
- Shall configure the information system in accordance with Defense Information Agency (DISA) security technical implementation guides (STIGs).
- Shall ensure that the information system conforms to the requirements of DoDI 8551.01 "Ports, Protocols, and Services Management (PPSM)".
- Shall ensure that the information system shall authenticate all entities as specified in DoDI 8520.03 "Identity Authentication for Information Systems" prior to granting access.
- Shall Public Key enable the information system, implementing digital signature and encryption requirements specified in DoDI 8520.02, "Public Key Infrastructure (PKI) and Public Key (PK) Enabling."
- Will be responsible for compliance with the United States Cyber Command issuances and Information Assurance Vulnerability Management (IAVM) issuances by ensuring that the issuances are assessed, implemented and maintained throughout development and sustainment in accordance with specified timelines.
- Shall support reciprocity, by providing all NIST security documents directed information to the government.
- Shall implement system level protection and detection capabilities that are consistent with their contract for NIST Security requirements that meet DoD and DHA Cybersecurity Architectures.
- Shall self-certify that the information system is compliant with the applicable NIST security controls annually by submission of a Security Assessment Report (SAR) and security test plan for compliance of testing IA controls.
- Shall comply with the incident management requirements of Chairman of the Joint Chiefs of Staff Manual (CJCSM) 6510.01B, "Cyber Incident Handling Program".
- Risk Management Framework for DoD IT: Shall comply with DoDI 8510.01.
- Minimum of 6 years of demonstrated cybersecurity experience.
- Required Bachelor's degree in Information Technology Related field and/or 4 years hands on experience, Master's degree desirable.
- Meets IAM Level III requirements per DoD 8570.01-M.
- CISSP or CompTIA Security + and or equivalent certification required.
- Minimum of 5 years demonstrated experience with DoD directives, Instructions and Guidance i.e. DIACAP / RMF for DoD IT (DOD 8510.01, DOD 8500.01).
- Minimum of 5 years demonstrated experience working with DHA information systems is preferred.
- Demonstrated experience leading teams performing security vulnerability assessments.
- Experience with DoD cybersecurity policy and guidelines highly recommended.
- Must have demonstrated experience in a position demanding strong verbal, written and interpersonal communication skills and the ability to: read, analyze, and interpret technical procedures and regulatory requirements; write reports, business correspondence, and procedure manuals.
- Have a working knowledge of eMASS, CMRS, COAMs, DISA PPSM Registry, DMZ Whitelist, STIGs and SRGs.
KurzSolutions is committed to improving health outcomes by providing well-managed companies with the top healthcare talent in the market.
www.kurzsolutions.com