Semper Fortis Solutions, LLC

  • Cyber Security Specialist

    Job Locations US-VA-Leesburg
    Posted Date 3 weeks ago(6/29/2018 4:36 PM)
    ID
    2018-1056
    # of Openings
    1
    Category
    Information Technology
  • Overview

    Semper Fortis Solutions, LLC (SFS) is looking for an experienced Cyber Security Specialist to support security audit, survey, policy formation, security systems testing, integration support, and new software services implementation activities for its customers and its own internal requirements.  Semper Fortis is a small business which specializes in solving challenging problems in the information security, enterprise engineering, identity management, encryption management and cyber security business areas for government and commercial clients using our Agile service delivery methodology.

    Responsibilities

    The Cybersecurity Validator will provide cybersecurity support, analysis, documentation, and validation services for Commercial companies which need to comply with NIST SP 800-171 and DSS RMF policies and regulations.  Develop System Security Plans for clients that adhere to corporate policies and capture operational system procedures. Perform validation activities under the Risk Management Framework (RMF), apply knowledge of network architectures and policy toward assessment and identification of vulnerabilities as a means of improving operational security posture. Execute and conduct analysis of network and system vulnerability scans to validate appropriate implementation of security controls in accordance with National Institute of Standards and Technology (NIST), DoD, and DSS publications. Analyze and execute security assessment plans to ensure proper orchestration of testing procedures in accordance with requirements set forth by DoD and DSS information security authorities. Provide guidance to clients regarding vulnerability remediation and determination of risk posture.

    General Responsibilities:

    • Conducts organizational assessments to assess corporate priorities, policies, security maturity level, and functional capabilities.
    • Support and maintain the cybersecurity posture for authorization packages in accordance with DoD 8500 Cybersecurity, DoD 8510.01 RMF for DoD Information Technology (IT) and supporting references, DSS Assessments and Authorization Process Manual (DAAPM), and NIST SP 800-171
    • Will provide support via organizational coordination with technical managers, system engineers, and information system owners in order to maintain authorization packages; to include system security plan (SSP), plan of action and milestone (POA&M), system artifacts, supporting documentation
    • Perform security categorization based on the impact due to loss of confidentiality, integrity, and availability. Select security controls based on security categorization
    • Will use automated tools and manual documentation as customer specified, Assured Compliance Assessment Solution (ACAS), Nessus, STIG viewer, DISA Security Content Automation Protocol (SCAP) compliance checker, etc.
    • Will provide support for full lifecycle A&A through the analysis, documentation, review, validation and continuous monitoring of systems, networks and data in order to achieve and maintain authority to operate (ATO)
    • Review HW/SW/PPS list and ensure they reflect the components and data flows outlined in the authorization boundary diagram

     

    Qualifications

    Mandatory Skills/Requirements:

    • Bachelor’s and 2-4 years’ experience, or High School and 10 years’ experience
    • IAT II
    • Manage and employ ACAS/Nesses; configure scans, initiate scans, review results, create custom reports, update ACAS software and signatures
    • Manage and employ SCAP/SCC; configure scans, initiate scans, review results, update SCAP definitions
    • Checklist/STIG review; checklist generation and management, determine availability of new STIGs, update checklists to new STIG versions
    • Experience with Cisco, VMware, RedHat, various Window operating systems
    • Experience with computer networking, switches, routers, servers, racks, firewalls
    • Prepare Cybersecurity briefs, white papers, and ad hoc reports using standard office automation products including Microsoft Word, PowerPoint, Excel, and Project

    Preferred Qualifications/Skills:

    • Ability to analyze deficiencies in tools tested and give a risk assessment of anomalies that are not resolved
    • Ability to document and present test findings and observations during a formal review before peers and clients
    • Ability to work in an environment of rapidly changing requirements is support of the customer mission
    • Ability to be a self-starter, work with relatively vague requirements, be willing to perform studies and demonstrations, and investigate new areas of technology

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed