Information Systems Security Specialist II (Mid) and III (Senior)

The Information System Security Specialist:

• Support all aspects of Program Information Assurance (IA) activities across the Certification & Accreditation (C&A) and/or Assessment & Authorization (A&A) lifecycle.
• Apply knowledge and experience in cybersecurity, engineering, Test & Evaluation (T&E), and/or Security Control Assessment (SCA) roles.
• Demonstrate working knowledge of the Risk Management Framework (RMF) and/or prior experience with Defense Information Assurance Certification and Accreditation Process (DIACAP).
• Interpret and apply relevant security policies and guidance documents to support the development and maintenance of IA artifacts and traceability documents required for Authority to Operate (ATO) compliance.
• Evaluate and validate security solutions to ensure they meet system requirements for handling up to classified information.
• Assist in the development and enforcement of system security policies, ensuring alignment with configuration management and change control processes.

QUALIFICATION

• (3) years (For Level II/Mid) or Seven (7) years (For Level III/Senior) professional experience capturing and refining information security operational and security requirements, and ensuring those requirements are properly addressed through purposeful architecting, design, development, and configuration; and implementing security controls, configuration changes, software/hardware updates/patches, vulnerability scanning, and securing configurations.
• Demonstrated working knowledge of the Risk Management Framework (RMF) process.
• Hands-on experience with Information Assurance tools such as:
• DISA Enterprise Mission Assurance Support Service (eMASS)
• Assured Compliance Assessment Solution (ACAS)
• Interim Security Control Assessor (SCA) qualification may be required.
• Familiarity with cybersecurity policies and guidance to support:
• Preparation and maintenance of security artifacts
• Creation of traceability documentation
• Compliance with Authority to Operate (ATO) requirement
• Ability to evaluate and validate security solutions for systems processing up to classified information.
• Experience maintaining and/or supervising the operational security posture of information systems or programs.
• Experience developing and enforcing system security policies, including support for configuration management and change control processes.
• At least 3 (for Mid Level) and 7 (for Senior Level) years of experience supporting one or more of the following within DoD or Federal environments:

• Network and system security
• Cybersecurity Service Providers (CSSP)
• Cyber Red Teams
• With at least 3 of the following 6 focus areas:
• Vulnerability Analysis
• Network Security Monitoring
• Incident Response / Forensics
• Penetration Testing / Red Teaming
• CND Infrastructure Support
• CND Incident Response

EDUCATION:

Bachelor's degree in computer science, Information Technology, or an equivalent degree from an accredited college or university.

CERTIFICATION:

• Required to have and maintain and current DoD 8570.1 IAT-II (Mid-Level), (or IAT-III for Senior-Level) Certifications.