General Summary:
Implementing and documenting management, operational, and technical NIST 800-53 security controls and control enhancements for information technology systems and platforms to ensure a healthy cybersecurity posture and to achieve and maintain Authorization to Operate under the Risk Management Framework in accordance with DOD and organizational policies.
Principal Duties and Responsibilities (*Essential Functions):
Overseeing the development and implementation of security policies and procedures that align with the organization's mission and goals as well as government requirements and regulations.
Ensuring that IT supply chain security and risk management policies and requirements are met as they relate to cybersecurity.
Advising appropriate leadership (e.g., Program Information System Security Manager, Authorizing Official Designated Representative, etc.) of security relevant changes affecting the organization's cybersecurity posture.
Updating and maintaining enterprise Mission Assurance Support System (eMASS) records for information systems and platforms.
Creating or updating system Authorization Boundary Diagrams, Information or Data Flow Diagrams, and Security Architectures.
Ensuring that assigned IT systems, platforms, or applications can receive an ATO or Assess Only Approval.
Reviewing existing documentation and performing edits and updates to ensure the applicable security controls continue to be met and remain effective.
Conducting Annual Security Reviews (ASR) and FISMA Reviews for Information System records in eMASS.
Reviewing, creating, or updating a variety of DOD and RMF documentation (including but not limited to Security Plans (SP), Configuration Management Plans (CMP), Incident Response Plans (IRP), Contingency Plans (CP), Access Control Policies, and other Assessment & Authorization (A&A) artifacts).
Preparing, distributing, and maintaining plans, instructions, guidance, and standard operating procedures concerning the security of network or system operations.
Identifying the correct applicable Security Technical Implementation Guide (STIG) and Security Requirements Guides (SRG) for technologies used with systems and also test and apply them to the components of the information system.
Identifying and addressing applicable Cyber Tasking Orders, alerts, advisories, errata, and bulletins published from authoritative sources across the organization.
Identifying and properly documenting deviations, vulnerabilities, and mitigations on the system Plan of Actions and Milestones (POA&M) in eMASS, to include importing results from technical scans into eMASS and managing the resulting POA&M items.
Using a variety of cybersecurity tools that include, but are not limited to, enterprise Mission Assurance Support System (eMASS), Security Content Automation Protocol (SCAP) Compliance Checker (SCC), Assured Compliance Assessment Solution (ACAS)/Nessus Vulnerability Scanner, Evaluate-STIG, eMASSter, DISA STIG Viewer, etc.
Performing detailed analyses to validate established security requirements and to recommend additional security requirements and safeguards where appropriate.
Supporting the formal testing requirements through pre-test preparations, participating in the tests, analyzing of the results, and preparing required reports as needed.
Performing evaluations (e.g., internal compliance audits) and/or active evaluations (e.g., vulnerability assessments) of systems to assess Cybersecurity posture and identifying mitigations for risks.
Performing routine vulnerability scanning using ACAS/Nessus and STIG configuration compliance scans in accordance with organizational time frames and requirements.
Selecting, justifying, and obtaining approval for the correct impact levels for Confidentiality, Integrity, and Availability as well as identifying and implementing applicable control overlays for system records.
Performing detailed analyses to validate established security requirements and recommending additional security requirements and safeguards.
Supporting meetings with system or information owners, stakeholders, user representatives, engineers, administrators, and leadership to ensure that cybersecurity considerations are addressed across the team and organization.
At COLSA, people are our most valuable resource and centered at our core value. We invite you to unite your talents with opportunity and be a part of our "Family of Professionals!" Learn about our employee-centric culture and benefits here (https://www.colsa.com/culture_benefits/) .
Required SkillsRequired Experience
Bachelor's Degree in related field
Minimum of 10 years of work related experience
At a minimum, current and active Security+CE certification or higher, or equivalent
DoD Secret security clearance required
Strong written and verbal communication skills
Experience working in the DOD enterprise Mission Assurance Support System (eMASS)
Experience creating and managing Plans of Actions and Milestones (POA&M) within eMASS
Experience assessing and implementing DISA Security Technical Implementation Guides (STIG) and Security Requirement Guides (SRG)
Experience performing DOD Assurance Compliance Assessment Solution (ACAS) or Nessus vulnerability scanning
Experience with Assessment & Authorization (A&A) (formerly Certification & Accreditation) as it relates to achieving Authorization to Operate (ATO) under the Risk Management Framework (RMF)
Preferred Qualifications
Master's Degree
Certified Information Systems Security Professional (CISSP)
Information Systems Security Management Professional (CISSP-ISSMP)
Certified Governance Risk and Compliance (CGRC) (formerly CAP)
Knowledge of:
Cybersecurity for tactical systems and limited bandwidth or closed restricted networks
Risk management processes (e.g., methods for assessing and mitigating risk)
NIST SP 800-53 Rev5 Controls and Procedures
Network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth)
Information security program management and project management principles and techniques
System life cycle management principles, including software security
Server administration and systems engineering theories, concepts, and methods
Reporting and remediating vulnerabilities from tasking orders, alerts, advisories, errata, and bulletins
Incident response and handling methodologies
Applicant selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. COLSA Corporation is an Equal Opportunity Employer, Minorities/Females/Veterans/Disabled. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, or national origin.
S:CLZAL-CLZSOUTHEAST