Job Description:

Position Summary: The contractor shall support the Pharmacy Operations Division (POD) Informatics System Security Manager (ISSM) in cybersecurity matters by providing analytic and technical advice to support DoD Cybersecurity policies and activities.
 
Essential Job Functions:

• The contractor shall assist the ISSM with development, review, and management of cybersecurity documentation (e.g., System Authorization Plans, Categorization Memos, Plan of Action, and Milestones (POA&M), hardware and software lists, boundary diagrams), and work with the vendors to ensure compliance requirements are met with the focus of achieving Authorization to Operate (ATO) for all packages.
• The contractor shall assist the ISSM in ensuring compliance with 8582.01 controls to make certain system remains in a secure state throughout the system of the lifecycle.
• The contractor shall assist the ISSM in confirming the validity of hardware and software lists, architecture diagram and resolution of findings through remediation/mitigation statements in the system POA&M to ensure system remains in a secure state throughout the system lifecycle.
• The contractor shall work with the ISSM to assess configuration changes to determine overall impact to the security posture of the system.
• The contractor shall work with the ISSM to analyze system administrator generated vulnerability scans from various tools (e.g., Automated Compliance Assessment Solution (ACAS), Host Based System Security (HBSS), Security Content Automation Protocol (SCAP) Nessus and review Security Technical Implementation Guides (STIGS) and checklists to provide vulnerability assessments at the system level.
• The contract shall utilize reporting tools (e.g., Enterprise Mission Assurance Support Services (eMass) and Continuous Monitoring and Risk Scoring (SMRS) for the documentation and evidence of assessment results for each system.
• The contractor shall establish an enduring hardware lifecycle and software license management process to implement and maintain cybersecurity posture.
• The contractor shall develop a threat-based defense against adversaries and deploy a more effective, efficient, and realistic cybersecurity operations.

 
Education/Certifications:

• Bachelor’s Degree or 8 years’ experience in Cybersecurity support
• CompTIA Security+
• DoD-approved Cybersecurity workforce certification Information Assurance Technical (IAT) Level III per DoD 8570.01-M (e.g., CISSP, CISA, CASP CE)

Required Knowledge/Experience:

• Eight or more years cybersecurity experience
• Experience assessing new security laws, policies, and standard in the federal government
• Possess technical knowledge of National Institute of Standards and Technology (NIST), Risk Management Framework (RMF), Federal Risk and Authorization Management Program (FedRAMP) with a solid understanding of cloud deployment, security policy requirements and assessments, and service models as defined by the NIST.
• Understanding of IP networking, networking protocols and security related technologies including encryption, IPsec, PKI, VPN, firewalls, proxy services, DNS, electronic mail and access-lists.
• Possess depth knowledge of security hardening, assessment and reporting tools (e.g. HBSS, ACAS, SCAP, etc.) with the ability to assess and provide appropriate feedback for external audits and remediation plans.

Preferred Knowledge/Experience:

• Possess excellent written and oral communication skills
• Proficient in Microsoft Office Suite Applications: Excel, Outlook, PowerPoint, Word, Visio

Physical Requirements:

• Remote work in a private and suitable location
• Private secure high efficiency home internet access
• Private secure high efficiency telecommunications

Other Responsibilities:

• Standard Monday through Friday day schedule, but may travel and/or work weekends and extended hours if needed with approval of program manager and government leads