PDS Tech Inc DoD Secret - IT Security Specialist in Charleston, South Carolina
PDS Tech Inc is seeking a IT Security Specialist in North Charleston, SC
- •Support and execute DHA RMF Independent Validation & Verification (IV&V) and Validator responsibilities and deliverables defined by the DHA RMF workflow. These include:•Review of systems architecture diagrams, hardware/software lists, accreditation boundary documentation, security plans and eMASS records.•Develop detailed Security Assessment Plans.•Support Development of IV&V cost estimates.•Execute reviews for and provide feedback to Program Offices within eMASS for Security Plan approvals, Authorization Packages, Risk Assessments and Annual Reviews.•Coordination among various stakeholders, e.g., Security Engineers, Network Administrators, System Administrators, Information Assurance Managers (IAMs) / Information Systems Security Managers (ISSMs), SCA, SCAR, Authorization Officials (and representatives), program managers, vendors, etc., necessary to properly plan and coordinate IV&V and testing requirements for program office authorization efforts.•Knowledge and experience identifying, assessing, and documenting compliance against applicable DoD IA security controls (technical, management, operational), and DISA Security Technical Implementation Guides (STIGs).•Familiarity with the use of vulnerability scanning and assessment tools (e.g., ACAS/Nessus/Tanium) necessary to identify and document compliance)•Knowledge of and ability to use applicable compliance and accreditation reporting environments (e.g., eMASS, CMRS) to validate compliance and accuracy of a program’s RMF package.•Knowledge of NIST SP 800-53 and 800-37, CNSSI 1254, and other DoD Risk Management policies.•Experience with Steps 1-5 of the RMF process.IV&V Execution / Assessment:•Run automated scans (SCAP/ACAS/Nessus) along with supplemental scripts.•Perform and assess manual DISA STIG checks.•Properly annotate discrepancies for Failed STIG checks and produce justifiable N/A statements.•Ability to troubleshoot technical issues on an adhoc basis.
•15+ years of technical experience or a Bachelor's Degree and 7+ years of technical experience
•Minimum of an IAT level II certification. IAT/IAM level III certification is preferred.
•Experience with DHA Cybersecurity Directorate a plus.
•Experience with A&A packages within eMASS a plus.
•Capable of providing thought leadership to the SCAR, SCA and other DHA cybersecurity. leadership in his/her effort to identify risks, communicate recommended courses of action and recommend process improvements.
•Ability to lead teams and regularly interact with senior level program personnel.
•Ability to identify, interpret and evaluate major applications, infrastructure, enclaves, and Enterprise system environments based on proposed accreditation boundaries.
•Ability to manage multiple projects simultaneously.
•Ability to apply and assess STIG’s.
•Ability to configure Nessus scans, and evaluate .nessus files for accuracy.
•Strong verbal and written communications and interpersonal skills.
•CISSP, CISM, CASP
•Network device configuration: Switches, Routers, Load Balancers
•Microsoft IIS, Sharepoint, Apache Web Server/Tomcat
•Microsoft SQL, MySQL, Oracle, PostgreSQL
•VMware ESXi or Microsoft Hyper-V
•Scripting knowledge/experience: generating scripts to remotely patch/audit systems.
•Knowledge of DISA STIGs/FDCC requirements, CTOs, TASKORDs, FRAGORDs, and emerging threats.
•Knowledge of defense-in-depth and other information security and assurance principles and associated supporting technologies.
•A self-leader, self-thinker, needs little direction, ability to work in a dynamic team environment, proven communication skills and client customer support, and ability to travel with little notice.
•ACAS/Nessus scanning experience, building asset groups, creating audits, schedule scans and generating reports.
All qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, age, marital status, pregnancy, genetic information, or other legally protected status.