We have an immediate opening for an Information Security Specialist III to join our rapidly growing team. The position requires an understanding of security related system controls and an understanding of the various Government security policies including NIST SP 800-53A and DoD 8570. Under general direction, performs and leads support of Certification and Accreditation (C&A) or other IA/CND Compliance and Auditing processes and inspections for all enterprise systems and networks; ensures validity and accuracy review of all associated documentation. Leads and performs compliance reviews of computer security plans, performs risk assessments, and validates and performs security test evaluations and audits. Analyzes and defines security requirements for information protection for enterprise systems and networks. Assists in the development of security policies. Analyzes the sensitivity of information and performs vulnerability and risk assessments on the basis of defined sensitivity and information flow. Professionally certified as Technical Level III as defined by DODI 8570 is a requirement.
- Provide vulnerability assessment support, to include risk analysis of vulnerabilities, threats, and the impact of losing systems' capabilities on the mission objective; recommend decisions to implement security countermeasures or mitigate risk; implement approved countermeasures; and perform periodic reviews
- Utilize DOD applications and tools, such as Enterprise Mission Assurance Support Service (eMASS), to record such RMF activities as control implementation of all applicable Security Controls, as identified via information system security categorization IAW NIST SP 800-53 and CNSSI 1253.
- Security controls are broken down into individual, measurable, statements called “assessment procedures” or “Control Correlation Indicators” IAW DoDI 8510.01.
- Support the Government Capability Manager/Information System Owner (ISO) in ensuring that the information systems are configured IAW DISA STIGs, applicable patches, and other cybersecurity requirements.
- Collect required artifacts for review and provide recommendations for Assess Only Packet or Certificate of Net worthiness (CoN) requests for all installation activities.
- Monitor and report Approval to Connect (ATC) and Authority to Operate (ATO) expiration dates quarterly, ensuring authorization milestones meet all DOD published regulations and policies to avoid disconnection
- Operate and maintain a Defense in Depth for the network and/or enclaves within the network IAW all DOD published regulations and policies.
- Other duties as assigned.
- 5+ years of experience performing Information Assurance functions and using RMF IT security controls and policies
- Ability to organize, prioritize and meet deadlines
- Capable of conveying complex information in a simplistic manner
- Strong critical thinking and problem-solving skills
- Strong self-starter requiring minimal supervision
- Able to take proactive measures to prevent problems rather than reactive by nature
- Strong verbal and written communication to effectively express concepts, plans, and proposals
- Must be a U.S. Citizen
Education and Certifications:
- Bachelor’s Degree in Computer Science, Cybersecurity, Computer Engineering, or related discipline;
- Must possess and maintain an IAM Level I certifications IAW DoD 8570.01-M
- Must possess and maintain a BBP 05-PR-M- 0002 IAM - III level certification IAW AR 25-2 and
- Must possess and maintain an IAT Level III - GSLC, CISM or CISSP certification.
- Must possess a minimum of an Interim or Active Secret clearance.
- Compensation is competitive and is commensurate with experience.
- All qualified applicants will receive consideration for employment without regard to race, color, religion, sex or national origin.
- Tribalco is an equal opportunity employer.
Founded in 2004, Tribalco is a CMMI® for Services Maturity Level 3 appraised and ISO 9001:2015 certified enterprise. As a named NSA Commercial Solutions for Classified Trusted Integrator, Tribalco develops, integrates, and deploys multi-layered NSA-compliant COTS-based solutions that enable customers to securely create, share, and protect their classified data. With headquarters in Maryland, regional offices in Florida, California, South Korea, and Germany and supporting satellite locations in Hawaii, Japan, the Marshall Islands, the Middle East and Africa, Tribalco competes internationally and performs with agility across the globe in dozens of countries. For additional information, please visit tribalco.com.
Why Work Here?Tribalco is a global systems integrator providing mission-critical information technology, telecommunications, and soldier survival solutions to government and commercial customers worldwide. For over 15 years, Tribalco has been providing defense, civilian government, and international customers with advanced engineering, installation, and O&M solutions in the world's most challenging and secure environments. Founded in 2004, Tribalco is a CMMI® for Services Maturity Level 3 appraised and ISO 9001:2015 certified enterprise. As a named NSA Commercial Solutions for Classified Trusted Integrator, Tribalco develops, integrates, and deploys multi-layered NSA-compliant COTS-based solutions that enable customers to securely create, share, and protect their classified data. With headquarters in Maryland, regional offices in Florida, California, South Korea, and Germany and supporting satellite locations in Hawaii, Japan, the Marshall Islands, the Middle East and Africa, Tribalco competes internationally and performs with agility across the globe in dozens of countries. For additional information, please visit tribalco.com.
Awesome company, great culture, and tons of room for growth!