Cyber Security Assessor
Duration: Direct Hire
Compensation: Up to $160,000
Required Skills & Experience
- TS/SCI clearance needed to be considered.
- Minimum 10 years hands-on cyber and information assurance experience out of the last 12 years.
- Technician-level experience creating, managing, and maintaining RMF packages within security control databases (such as XACTA and eMASS).
- Technician-level experience preparing RMF packages for discovery meetings, design reviews, and security assessments.
- Reviewing/understanding/applying/implementing RMF security controls; system data flows; hardware/software baselines; POAMs; SSP documentation; security assessment results; CM plans; compliance testing results; package registration and decommissioning actions.
- Candidates must fully comprehend the duties of a Cyber/Information Assurance Security Advisor and be DoD 8570.01-M (or current standard) IAM Level II certified.
Nice to Have Skills & Experience
- Employee should have a bachelor’s degree with at least 8 years of additional experience supporting Air Force and Special Operations Cyber and Information Assurance programs.
- Additional years of general experience in the fields of Cyber and IA are highly desired
Job Description
Employee provides cybersecurity administration, cyber assurance management/documentation, and Risk Management Framework (RMF) assistance to aid in the oversight of AFSOC-managed information systems that support Intelligence, Surveillance, and Reconnaissance (ISR) information/activities/operations IAW Intelligence Community (IC) Directive 503 and supporting RMF regulations/policies. Incumbent works autonomously managing and maintaining RMF documentation and security files (such as emission security documents, facility/network accreditation documentation, floor plans, emergency action plans, and standard operating procedures).
Employee performs:
• Security impact analysis
• Software/Hardware product evaluations/assessments
• Security assessments
• Compliance testing
• RMF package registration
• RMF package decommissioning
• Reviews and submits interconnection security agreements
• Ports, protocols, and services registrations
• Creates hardware/software baselines
• Creates system/software/network data flow diagrams
• Network scanning
• Vulnerability management
• Creates Plans Of Actions And Milestones (POAMs)
• Creates System Security Plans (SSPs)
• Creates Continuous Monitoring (CM) plans
Employee assists with trusted agent duties for public key infrastructure. Incumbent executes site surveys and security program assessments. Employee assists with the administration, management, facilitation, and remediation of information system/network security incidents and/or negligent disclosure of classified information incidents.