Our client is a is a premier global provider of responsive management consulting, logistics solutions, and professional services, delivering quantifiable cost savings and improvement in mission readiness to our customers.
They are currently seeking an IT SME in Arlington, VA.
Provide mid-level ISSE (Information System Security Engineer) support for SEA 06L logistics IT systems that includes:
• Assist in the performance of Navy Validator functions for systems under the cognizance of SEA 06L
• Assist CDAs in acknowledging new IAVAs/ other orders and marking system compliance weekly in VRAM
• Assist CDAs in developing and implementing solutions when systems fail to meet security controls
• Assist CDAs in the performance of the ISSE role in eMASS that is responsible for the majority of the initial input and step 3 testing and self-assessment of security controls in the RMF process.
• Assist in the development of new policies and changes to supporting documentation associated with RMF and information embedded in the sMASS Security Plan.
• Assist in the performance of RMF Continuous Monitoring and the execution of the strategy that identifies what security controls are Formally monitored, and what the periodicity is, (real-time/constantly, Daily, Weekly, Monthly, Quarterly, Semi-annually, annually). The contractor will provide assistance in the assessment and validation of formal monitoring actions.
• Assist in the performance of Annual Security Reviews: This includes the re-validation of specified security controls
• Assist in the identification of Application Security Gaps. As emphasis in the Application Security & Development STIG (Navy-wide) has increased with the implementation of the RMF process, gaps in the Software Development Lifecycle with respect to Cyber security must be identified and mitigated through the use of the following methods:
o Formalized Code Reviews
o Static Code Analysis
o Dynamic Analysis
o Application Threat Modeling (STIG requirement) utilizing the STRIDE methodology
o Specific Security Testing (including FUZZ testing)
• Provide other Cybersecurity support as required
• Prepare briefings for senior leadership.
REQUIRED SKILLS AND EXPERIENCE
• BS degree or equivalent, and two to four years of related experience.
• At least 2 years of specialized, hands-on experience in the performance of Cybersecurity functions using such methods as Formalized Code Reviews, Static Code Analysis, Dynamic Analysis, Application Threat Modeling (STIG requirement) utilizing the STRIDE methodology, and/or Specific Security Testing (including FUZZ testing).
• DoD 8570 Baseline certification for IAM Level II or IASAE level II (e.g. CISSP, etc.).
• Ability to present data in a logical, concise manner.
• Exceptional written and verbal communication skills.
• Direct client support experience in a fast-paced environment.
• Effective multi-tasking skills.
• Oracle Data Warehousing (desired).
• SQL (desired).
• MS Project (desired).
REQUIRED SECURITY CLEARANCE
• Active Secret Securiy Clearance required.
Our Client will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information.