Snowcreek Consulting, LLC

Cyber Compliance SME

POSITION SUMMARY: 

Snowcreek Consulting is hiring a Cyber Compliance SME to support the Defense Information Systems Agency (DISA) Joint Service Provider (JSP) on the Platform Services Contract.

 As the Cyber Compliance SME you will:

• Serve as the knowledge expert of all security related aspects of the JSP computing environment. 
• Provide expertise implementing and maintaining security postures within complex network architectures. 
• Provide expertise in Defense in Depth concepts supporting DoD infrastructures, C&A, physical and personnel security concepts. 
• Provide the appropriate level of confidentiality, integrity, availability, authentication, and non-repudiation IAW DoD 8500.01, DoD 8500.2, Chairman of the Joint Chiefs of Staff Manual (CJCSM) 6510.01, NIST 800-37 Risk Management Framework, NIST 800-137 Information Security Continuous Monitoring, as well as local security policies created and enforced by JSP’s Cyber Security Center. 
• Work in support of other JSP customer organizations to integrate and automate IA solutions.
• Establish a robust security posture for JSP IT environments by independently identifying vulnerabilities, remediating found vulnerabilities, and improving processes to maintain a robust security posture as it pertains to the Information System (IS) vulnerability management. 
• Ensure that all managed assets are compliant and communicating with all required security tools, such as HBSS, ACAS, Splunk, Tanium and SCCM.
• Provide System/Windows updates. Support all versions of the JSP standard image security updates and policies to include technology enhancements, upgrades, and/or replacements and address security vulnerabilities as prescribed by DoD orders which include U.S.Cyber Command (USCYBERCOM), JFHQ DODIN and DISA.
• Provide computer security response support. Provide immediate response in the investigation of computer security incidents deemed to originate from the Platform Services in line with CJCSM 6510.01.
• Ensure all assets supported by JSP are fully compliant with JFHQ-DODIN OPORDS, TASKORDs (10-12 a month), IAVM notifications and STIG requirements per published compliance dates.
• Provide compliance support. Ensure all assets supported by JSP are fully compliant with JFHQ-DODIN OPORDS, TASKORDs (10-12 a month), IAVM notifications and STIG requirements per published compliance dates.
• Provide compliance with IA, Hardware, Software, Procedural, Physical, and Personnel Security Inspections Support. Assist the Government Security/IA Manager(s) in the development, implementation, and execution of a facility-wide, fully compliant security program for all aspects of Physical Security, Personnel Security, IA Security, Communications Security, and Government-required compliance monitoring, reporting, and tracking.
• Provide RMF program and processes that enables system owners to ensure systems are compliant and operating under appropriate security and assurance controls for the full system lifecycle.
• Support the Connection Approval Program (CAP), A&A Support and Tenant Security Plan (TSP). Support all activities needed to obtain A&A on all the tenant networks, equipment, and systems at all classification levels with the JSP IT platform services and hosted levels.

REQUIRED QUALIFICATIONS:

• Active DoD Top Secret clearance
• Bachelor of Science Computer Engineering, Computer Information Systems, Telecommunications, or Management Information Systems, or 5 recent years of documented experience relevant to this key position.
• Information Assurance (IA) Certification: DoD 8570 IAM II certification. (CAP, CASP CE, CCISO, CISM, CISSP, GSLC)
• Computing Environment (CE) Certification: Recent and relevant technical certification.
• Proven experience implementing and maintaining security postures within complex network architectures. 
• Possess knowledge of Defense in Depth concepts supporting DoD infrastructures, C&A, physical and personnel security concepts. 
• Demonstrated ability for oral and written communication with the highest levels of management. 
• Experience in a DoD Technology environment. 
• Experience/knowledge of the DoD IAVM programs. 
• Knowledge of the DISA VMS and CMRS. 
• Knowledge of the Army Automated Vulnerability Tracking & Reporting (AVT&R) System. 
• Knowledge of the DoD vulnerability scanning requirements utilizing DOD DRSI Standards and Tools. 
• Experience in FISMA, OMB, DoD IG Inspection, ACA, and other accreditation and certification programs. 
• 3 years’ experience securing Operating Systems to comply with DISA STIGs; network experience configuring and maintain desktop firewalls.
• Knowledge of the Defense in Depth concepts and implementation. 
• Knowledge of physical and personal security experience. 
• Knowledge of A&A processes RMF NIST SP-800-37. 
• Knowledge of NIST SP 800-53R Common Control documentation and validation. 
• Knowledge of Incident Response, Auditing, and CNDSP. 
• Knowledge of Cyber tools HBSS and ACAS.
• Experience/Knowledge with Splunk, Tanium.
• Knowledge of and comprehension on how to implemSent 8570.01-M./DoD 8140. 
• Demonstrated ability for oral and written communication with the highest levels of management
• ITILv4 certification preferred