The successful candidate will leverage their strong technical background/knowledge to support the Customer’s system accreditation efforts, to include creating Body of Evidence (BOE) documentation, responding to/implementing/documenting required controls, and completing required tasks/actions.
Duties, Tasks & Responsibilities
- Creating, updating, maintaining, and interpreting required Body of Evidence (BOE) documentation
- Working with management, internal teams, and Customer’s authorities to successfully navigate the Customer’s accreditation process for all systems
- Documenting responses to required controls and updating as necessary
- Performing Nessus scans and interpreting the results
- Maintaining a robust library of documentation, to include network diagrams for cyber defense capabilities and sensors, and making documentation available to all personnel with appropriate need-to-know
- Maintaining, updating, and conducting routine vulnerability scanning across all Customer networks
- Maintaining system baselines and configuration management items, including security event monitoring policies
- Working with all stakeholders to ensure complete and functioning systems that meet all requirements
- Recommending, and when approved, implementing process and policy improvements
Required Experience, Skills, & Technologies
- Significant, demonstrated experience navigating the Customer’s accreditation process and ICD 503 requirements, especially as it relates to creating Body of Evidence (BOE) documentation
- Significant, demonstrated experience meeting security requirements in the Customer’s environment or similar environments (prior ISSO experience)
- Experience performing Nessus scans and interpreting the results
- Experience working across a large team to drive a security agenda
- Experience working with complex, intertwined systems and data flows
- Experience inventorying complex networks, and with all facets of network documentation (security compliance, configuration management, patching, centralized authentication, removable media, etc.)
- Security-focused knowledge of a wide range of diverse technologies/disciplines (networking, UNIX/Linux, Windows, Storage, Virtualization, etc.)
- Experience creating, maintaining, and communicating complex information technology documentation, particularly network and security documentation
- Self-starter with excellent people skills – able to work across teams, organize meetings/boards, and drive change throughout an organization
Desired Experience, Skills & Technologies
- CISSP strongly desired
- Experience with the Xacta 360 cyber risk and compliance automation tool strongly desired