VetJobs - The Leading Military Job Board

This job was posted by https://www.azjobconnection.gov : For more information, please see: https://www.azjobconnection.gov/jobs/6452524

Job Description

Computer World Services, Corporation (CWS) is seeking an exceptional candidate to serve as Cyber Security Senior - SME Defense - SME for the US Army Regional Cyber Center - Continental United States (RCC-CONUS) program responsible for performing non-personal Information Technology (IT) Services and support requirements. RCC-CONUS is responsible to operate, manage, and defend the Army\'s NIPRNet and Secure Internet Protocol Router Network (SIPRNet) CONUS portion of the GIG, and the NIPRNet and SIPRNet DoDIN-A. The RCC-CONUS functions as part of a larger joint environment, responding to the Theater Combatant Commanders, the ARCYBER, and the Army Cyber Command\'s Army Cyberspace Operations and Integration Center (ACOIC), which operates the GIG in support of Department of Defense (DoD) operations around the world. Services include Network and System Modernization, Cyber Defensive Operations, Defensive Cyber Assessments, Defensive Cyber Infrastructure Support, Threat & Data Analytics, DoDIN Operation Support, Network Management, Systems Management, IT Lifecycle Management, IT Service Management (ITSM), Portfolio/IT Investment Management, and Theater Operations and Service Desk support.

The candidate will provide Cyber Security services to aid the Government in securing DODIN-A information systems and networks (NIPRNet, SIPRNet) as dictated by AR 25-2, AR 380-5 and all other applicable DoD, Army and RCC-CONUS security policies and procedures.

Key Tasks and Responsibilities

Responsible for Vulnerability Management for all services for which the RCC-CONUS provides O&M support; Access Management for all provisioning network access for all RCC-CONUS employees; physical access control of the RCC-CONUS Network Operations Facilities (NOF); Command Cyber Readiness Inspections (CCRIs) and CSSP inspections preparation, visit and remediation; Security Assistance Visits (SAVs) preparation, visit and remediation; auditing of services, access, usage, etc., as outlined in existing policy and regulatory guidance; system authorization/Risk Management Framework (RMF) documentation and maintenance and Cyber Security Service Provider documentation and maintenance.

Responsible for documenting all established security processes and provide to Government for review and/or approval.

Establish a vulnerability management process to identify, classify, prioritize, remediate and/or mitigate, verify, and document existing vulnerabilities to the network and information systems.

Establish a vulnerability management plan to formalize their approach in maintaining, enhancing, and verifying the security posture of the network.

Familiar with secure and reliable connectivity of Enterprise and Cloud Systems.

Responsible for monthly vulnerability scanning of all services for which the RCC-CONUS provides O&M support.

Coordinate any findings with RCC-CONUS system and/or network owners for corrective action. The Contractor shall properly apply patches to the devices to remediate.

Adhere to Government security guidelines by using IAVMs and other published guidance for vulnerability tracking and remediation.

Record all scans and actions taken, to include POA&M and mitigation plans, in DoD and/or other RCC-CONUS approved tracking system.

Responsible for tracking all published IAVAs with RCC-CONUS current vulnerability status and maintain the IAVM compliance information in the Army/DoD designated tool.

Prepare any IAVA impact statements, extension requests, scorecards, and compliance reporting on a weekly basis.

Verify RCC-CONUS system owner security policy and IAVM compliance through regular network audits as dictated by existing regulatory guidance and policies.

Responsible for including an approach for auditi g required network controls, access, usage, unauthorized software, anti-virus definitions, etc. to include identifying the security posture of the network.

Provide a monthly report summarizing audit findings which includes issue, prioritization, and remediation.

Identify analyze and report any security breaches, to include virus reports, spillage, security leaks, or password compromise.

Perform all management services for all accounts, credentials, badges, and network access for all RCC-CONUS employees (approximately 300+ Government and Contractor personnel) using a Role-Based Access Control approach to standardized access based upon the employee\'s function within the RCC-CONUS.

Responsible for issuing accounts, credentials and badges based solely on the identified employee function and verification of the certification/training necessary to provide privileged access.

Manage certification and training requirements required for account and network access (privileged/non-privileged) and any other training specified in Section 5 for all RCC-CONUS employees within Army Training and Certification Tracking System (ATCTS).

Provide a monthly status report for RCC-CONUS training and certification compliance to the Government.

Manage the In and Out processing of all RCC-CONUS employees which includes but is not