Cyber Security/Computer Network Systems Support – The candidate shall collaborate with the Government to help identify, access, analyze, and manage cyber risk to protect the integrity, availability, authenticity, non-repudiation, resiliency, and confidentiality of data. Support activities include the assessment, maintenance and restoration of information systems incorporating protection, detection, and reaction capabilities. The candidate shall perform the following: 1) application of STIGs; 2) RMF support and development; and 3) cyber systems engineering through interfacing and with developers/engineers on Software Development Lifecycle (SDLC) integration; and 4) compliance testing with real-time feedback.
Security Compliance and Risk Mitigation Support- The candidate shall provide security compliance and risk mitigation support to include System Categorization, Select Controls, and Implement Control continued support based on the collection, analysis, and reporting of data in accordance with the appropriate security technology and Government policy standards.
Training and Awareness – The candidate shall provide support services for enclaves and systems to achieve an Authorization to Operate (ATO) and an Authorization to Connect (ATC) and maintain an appropriate cybersecurity posture. The contractor must have experience in utilizing Enterprise Mission Assurance Support Service (eMASS), VRAM, or similar DON approved system repositories for cybersecurity purposes. The contractor must also have experience in assessing and mitigating technical security and operational risks specific to industrial control system enclaves and technologies.
Risk and Validation Analysis Support – The candidate shall collaborate with the Echelon II/III/IV Validator teams when necessary, specifically during the validation step, to ensure that the proper documentation of risk to an Information System (IS) is included. The candidate shall actively work with the Echelon II Validator and Project Management Offices (PMOs) to provide support and guidance throughout the program/system lifecycle.
Information Systems Security Engineering (ISSE) – The candidate shall perform as an ISSE and support the government ISSM or assigned ISSO. In this role the contractor shall assist with discovery and securing of IT/OT systems protection requirements, define system security requirements, design system security architecture, develop security designs, implement security systems, and assess the effectiveness of existing information protection.
The candidate shall provide support for activities supporting the Risk Management Framework (RMF) process for facility related control systems (FRCS). The candidate shall provide support services for enclaves and systems to achieve an Authorization to Operate (ATO) and maintain an appropriate IA posture. The candidate must have experience with enterprise Mission Assurance Support Service (eMASS), Vulnerability Remediation Asset Manager 2.0 (VRAM), Assured Compliance Assessment Solution (ACAS), Host Based Security System (HBSS), implementing and validating Security Technical Implementation Guide (STIG) and Security Requirements Guide (SRG) compliance, and performing other scans on systems as needed to support RMF processes. The candidate must also have experience in assessing and mitigating technical security and operational risks specific to industrial control system enclaves and technologies and will support the following:
- Identifying the security control baseline set and any applicable overlays and tailoring
- Addressing security controls in eMASS
- Assisting with development, maintenance, and tracking of the Security Plan
- Developing and maintaining Plans of Action & Milestones (POA&M)
- Using ACAS to conduct and review scans, create reports
- Reviewing and addressing the Security Assessment Plan (SAP)
- Initiating the Risk Assessment Report (RAR)
- Assisting with any security testing required as part of Assessment and Authorization (A&A) or annual reviews
- Assisting with the mitigation and closure of open vulnerabilities under the system’s change control process
- Overseeing control implementation and cybersecurity testing to assess security controls; recording security control compliance status during the continuous monitoring phase of the lifecycle
- Documenting compliance using tools such as HBSS, ACAS, SCAP Compliance Checker (SCC), STIG Viewer, and Vulnerator
- Reviewing and updating of security policies
- Supporting RMF audits and assessment activities
- Creating, reviewing and updating RMF artifacts, including drawings
- Support Local FEC Configuration Control Boards
|Job Category||Development, Engineer, Security|