Duties and Responsibilities:
Expert consultant in all aspects of Cybersecurity/information assurance (IA) including cybersecurity solutions development, certification process and security/software lifecycle activities for the Integrated Personnel and Pay System - Army (IPPS-A). Manages major information security efforts of national significance. Work independently or in a team in support of a customer on site. Clear technical understanding of the risks, vulnerabilities, and technical methods for mitigations. Develops new and complex systems security solutions, including hardware and software.
Specific Duties and Responsibilities:
· Provides expertise for the development of new systems.
· Provides Subject Matter Expert level security analysis and consultation services for product, system, and network architecture designs.
· Prepares and delivers Cybersecurity briefs to Program leadership.
· Publishes reports and keeps metrics for client systems.
· Conducts system assessments to ensure specified system controls are effective.
· Analyzes and reviews security findings and data. Identifies trends and root causes of system failures or vulnerabilities.
· Ensures that Information Systems Security policies, procedures, and practices are compliant with prescribed directives.
· Serve as alternate ISSO
· BA/BS plus 10-12 years of relevant work experience. Possess in good standing, a certification that meets DOD 8570.01-M for the IAT III level position. Recent work experience in Information Assurance/Cybersecurity. Experienced with leading the Assessment and Authorization (A&A) activities under the RMF. Experience in supporting the design and development activities of enterprise systems.
· Knowledge of the Cross Domain Solutions and Cross Domain Connection process preferably in a DoD/DISA environment
· Active Secret clearance
· Experience working with Oracle ERP
· Experience in PMO support
· Experience with PeopleSoft
· Experience with eMASS
· Knowledge and experience working with DoD's Risk Management Framework
· Possess the following certifications: CSSLP, CISA, CEH or GIAC Certifications
Work experience should include:
Experience in PMO cyber security support. Demonstrable Security/Software Development Lifecycle (SDLC) work history. Knowledge of CNSS-1253, NIST SP 800-53, FIPS 199, and FIPS 200. Knowledge of or experience in executing assessments and interpreting security assessment results using automated tools such as: Nessus, SCAP, ACAS, and Fortify.