IA Engineer 4 #3052

Overview

GovCIO is currently hiring for a Cloud Security and Compliance SME to Conduct program/system security status assessments and supports the development of Cybersecurity program(s) including the development of policies and procedures in accordance with DoDI 8500.01 Risk Management Framework. This position will be located in Stuttgart, Germany and will be an onsite only position.

Responsibilities

Designs and implements information assurance and security engineering systems with requirements of business continuity, operations security, cryptography, forensics, regulatory compliance, internal counter-espionage (insider threat detection and mitigation), physical security analysis (including facilities analysis, and security management). Assesses and mitigates system security threats and risks throughout the program life cycle. Validates system security requirements definition and analysis. Establishes system security designs. Implements security designs in hardware, software, data, and procedures. Verifies security requirements; performs system certification and accreditation planning and testing and liaison activities. Supports secure systems operations and maintenance.

• Participates with the client in the strategic design process to translate security and business requirements into technical designs.
• Configures and validates secure systems and tests security products and systems to detect security weakness; performs network scanning and vulnerability analysis.
• Ensures that the appropriate security features and safeguards have been implemented on all information systems as required by DoD/IC policy and directives, and industry best practices.
• Performs defense device system installation, configuration maintenance, account maintenance, signature maintenance, patch management, and troubleshooting of all implemented, maintained, and deployed systems.
• Provides security certification test and evaluation of assets, vulnerability management and response, security assessments, customer support and provides guidance on security issues.
• Conduct program/system security status assessments and supports the development of Cybersecurity program(s) including the development of policies and procedures in accordance with DoDI 8500.01 Risk Management Framework.
• Develop and Manage RMF for on-premises and cloud environments in the eMASS tool to achieve Authorizing Official's (AO) Authorization Decision Document (ADD) utilizing the RMF Package Approval Chain (PAC) process
• Support IL2/IL5/IL6 cloud environments for Infrastructure as Code (IaC), Platform as a Service (PaaS), Infrastructure as a Service (IaaS) and enterprise Software as a Service (SaaS)
• Tracks organizational cybersecurity compliance, ensures necessary remediation needs are communicated, tracks remediation through completion and ensures necessary cybersecurity documentation is accurate and in order.
• Responsible for conducting a comprehensive assessment of the management, operational, and technical security controls employed within or inherited by information systems to determine the overall effectiveness of the controls.
• Prepares for, assists with, and monitors cyber assessments (staff assistance visits [SAV], Command Cyber Readiness Inspections [CCRI], NSA Red and Blue Team assessments, vulnerability scans, assessment and authorization [A&A] reviews). 
• Develops technical standards (SOPTTPs, technical implementation instructions, or other required documentation) for security focused processes, security operations and other operations as required for Government approval.
• Works closely with defensive cybersecurity operation (DCO) teams to identify, monitor and respond to cyber eventsincidents from discovery to closure as a part of the local incident response policies. 
• Interacts with customers, IT staff, and high-level military officials to assist in defining and achieving required cybersecurity objectives for the organization.
• Conduct Risk Assessments, determine the risk to operations, and provide risk recommendations to the customer after reviewing a system’s overall risk posture as part of the Security Authorization (Authority to OperateConnect) process.
• Through basic understanding of network security fundamentals, LANWAN switching technologies, routing technologies, infrastructure security technologies and services, reviews network architecture diagrams for cybersecurity compliance.
• Responsible for assessing and authorizing the use of software and hardware across multiple enterprise networks.

Qualifications

Bachelor's with 8+ years (or commensurate experience)

Required Skills and Experience

• DODI 8510.01 Risk Management Framework (RMF) for DoD Information Technology
• FEDRAMP certification process and DISA Cloud Access Point process
• CJCSI 6510.01F Assurance (IA) and Computer Network Defense (CND)
• CNSSI 1253 Security Categorization and Control Selection for National Security Systems
• CJCSM 6510.01B Cyber Incident Handling Program
• DODD 8140.01 Cyberspace Workforce Management
• CJCSI 6211.02D Defense Information Systems Network (DISN): Policy and Responsibilities
• JFHQ-DODIN TASKORDS, OPORDS, WARNORDS and GENADMINS
• Team building attitude, continuous learning record, and process improvement mindset
• Currently hold an adjudicated TS/SCI clearance
• BA/BS + 8 years recent specialized or AA/AS +10 years recent specialized or a major cert + 12 years recent specialized or 14 years of recent specialized experience
• DoD 8570 IAM III and IAT II Baseline Certification
• Knowledge of DoD IT RMF, USCYBERCOM, and JFHQ-DoDIN
• Advanced Proficiency in Microsoft Office Suite products (Word, Excel, PowerPoint)

Preferred Skills and Experience

• Microsoft Azure Certification (Server Administration)
• Experience in DevOps methodologies and automation
• Cisco Certified Network / CyberOps Associate
• Proficiency with Microsoft SCCM and/or other automatic reporting tools
• Adaptable to changing circumstances and operational needs
• Understanding of Department of Defense Military standards
• Experience with DoD IT security requirements
• Experience managing asset accuracy to Critical Success Factors (CSF)
• DoD 8570.01 Certification Compliance (CISSP, ISSEP, CISM)

• Clearance Required:TS/SCI

Company Overview

GovCIO is a team of transformers--people who are passionate about transforming government IT. Every day, we make a positive impact by delivering innovative IT services and solutions that improve how government agencies operate and serve our citizens.

But we can't do it alone. We need great people to help us do great things - for our customers, our culture, and our ability to attract other great people. We are changing the face of government IT and building a workforce that fuels this mission. Are you ready to be a transformer?

We are an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, disability, or status as a protected veteran. EOE, including disability/vets.

Posted Pay Range

The posted pay range, if referenced, reflects the range expected for this position at the commencement of employment, however, base pay offered may vary depending on multiple individualized factors, including market location, job-related knowledge, skills, education, experience, and internal equity. The total compensation package for this position may also include other compensation elements, to be discussed during the hiring process. If hired, employee will be in an “at-will position” and the GovCIO reserves the right to modify base salary (as well as any other discretionary payment or compensation program) at any time, including for reasons related to individual performance, GovCIO or individual department/team performance, and market factors.

Pay range: $140,000 - $150,650 Annually