Company:
Resource Management Concepts, Inc.
Location: San Diego
Closing Date: 04/12/2024
Hours: Full Time
Type: Permanent
Job Requirements / Description
The selected candidate shall perform analysis of applicable Cybersecurity directives, policies and instructions. The contractor shall also maintain cognizance of, and comply with Communications Task Orders (CTOs), Information Assurance Vulnerability Management (IAVM), Fragmentary/Task/Operation Orders (FRAG/TASK/OPORDs), Public Key Infrastructure (PKI) guidance, and STIG requirements. The candidate shall make recommendations to the government regarding strategies to meet the established compliance objectives, and determine the impact compliance with these directives will have on the security and operability of the SRDT&E network. Shall track and report compliance status in the Vulnerability Remediation Asset Manager (VRAM), Continuous Monitoring Risk Scoring (CMRS), and similar reporting tools as applicable.
The selected candidate shall perform testing and analysis of Information Assurance (IA) controls and secure configuration using tools to include, but not limited to the Assured Compliance Assessment Solution (ACAS), Endpoint Security Solutions (ESS), STIG Viewer, Security Content Automation Protocol (SCAP), and Compliance Checker. The candidate shall conduct continuing requirement analysis to identify and recommend implementation of new or different tools as the threat landscape changes.
The selected candidate shall provide IA engineering and support Risk Management Framework (RMF) authorization efforts for the SRDT&E network and locally developed government software tools. Shall conduct and evaluate threat, vulnerability and risk analysis of developing systems. Shall conduct continuous monitoring efforts for SRDT&E network connected systems utilizing ACAS, ESS, logging, event and asset aggregation tools to support IT Management’s implementation of the overall IA program.
Using government directed processes, the selected candidate shall enforce the compliance quarantine process for removing non-compliant systems from the network and make remediation/mitigation recommendations. Shall prepare for inspections and audits, to include, but not limited to: Inspector General audits, Command Cyber inspections, Blue Team exercises, and Cyber Protection Team reviews. The contractor shall analyze inspection criteria and develop documents and artifacts, aggregating inspection discrepancies, testing IA controls, creating executive briefings, recommending corrective actions and mitigations, and other actions required by the government.
The selected candidate shall support the port exception process. Shall maintain the external Ports, Protocols, and Services Management (PPSM) registry and coordinate any requests for deviations or exceptions to the Navy PPSM office. Continue to analyze scan results, STIG checklists, system design drawings, the PPSM Category Assurance List (CAL) and any other available relevant security artifacts in order to make risk assessment and mitigation recommendations to the government. They shall be the primary point of contact between the STCCBs and technical customers requesting exceptions to firewall policy and other proposed changes with the potential to affect the security of the network.
Requirements
Active SECRET Clearance
Three (3+) year's experience with ACAS Scans and compliance
Ability to lead large and small teams
Ability to present completed work and speak to it
Have experience in an SRDT&E environment
One (1+) year of experience with STIGs
Benefits
At RMC, we're committed to your career growth! RMC differentiates itself from other firms through its investment in our employees. We invest our resources to train, certify, educate, and build our employees. RMC can offer you a great place to work with a small company feel and give you the experience and certifications that will take your career to the next level. RMC also offers high-quality, low-deductible healthcare plans and a competitive 401K package.
Salary at RMC is determined by various factors, including but not limited to location, a candidate's specific combination of education, knowledge, skills, competencies, and experience, as well as contract-specific requirements. The current salary range for this position will be $94,000-$150,000.
The selected candidate shall perform testing and analysis of Information Assurance (IA) controls and secure configuration using tools to include, but not limited to the Assured Compliance Assessment Solution (ACAS), Endpoint Security Solutions (ESS), STIG Viewer, Security Content Automation Protocol (SCAP), and Compliance Checker. The candidate shall conduct continuing requirement analysis to identify and recommend implementation of new or different tools as the threat landscape changes.
The selected candidate shall provide IA engineering and support Risk Management Framework (RMF) authorization efforts for the SRDT&E network and locally developed government software tools. Shall conduct and evaluate threat, vulnerability and risk analysis of developing systems. Shall conduct continuous monitoring efforts for SRDT&E network connected systems utilizing ACAS, ESS, logging, event and asset aggregation tools to support IT Management’s implementation of the overall IA program.
Using government directed processes, the selected candidate shall enforce the compliance quarantine process for removing non-compliant systems from the network and make remediation/mitigation recommendations. Shall prepare for inspections and audits, to include, but not limited to: Inspector General audits, Command Cyber inspections, Blue Team exercises, and Cyber Protection Team reviews. The contractor shall analyze inspection criteria and develop documents and artifacts, aggregating inspection discrepancies, testing IA controls, creating executive briefings, recommending corrective actions and mitigations, and other actions required by the government.
The selected candidate shall support the port exception process. Shall maintain the external Ports, Protocols, and Services Management (PPSM) registry and coordinate any requests for deviations or exceptions to the Navy PPSM office. Continue to analyze scan results, STIG checklists, system design drawings, the PPSM Category Assurance List (CAL) and any other available relevant security artifacts in order to make risk assessment and mitigation recommendations to the government. They shall be the primary point of contact between the STCCBs and technical customers requesting exceptions to firewall policy and other proposed changes with the potential to affect the security of the network.
Requirements
Active SECRET Clearance
Three (3+) year's experience with ACAS Scans and compliance
Ability to lead large and small teams
Ability to present completed work and speak to it
Have experience in an SRDT&E environment
One (1+) year of experience with STIGs
Benefits
At RMC, we're committed to your career growth! RMC differentiates itself from other firms through its investment in our employees. We invest our resources to train, certify, educate, and build our employees. RMC can offer you a great place to work with a small company feel and give you the experience and certifications that will take your career to the next level. RMC also offers high-quality, low-deductible healthcare plans and a competitive 401K package.
Salary at RMC is determined by various factors, including but not limited to location, a candidate's specific combination of education, knowledge, skills, competencies, and experience, as well as contract-specific requirements. The current salary range for this position will be $94,000-$150,000.
Share this job