Sr Cybersecurity Compliance Specialist

Job Locations US-NC-Ft. Bragg
Posted Date 3 days ago(2/15/2018 9:42 AM)
Job ID
2018-1216
# of Openings
2
Category
Information Technology

Overview

BlueWater Federal Solutions is a dynamic and nimble systems integration firm providing professional services and IT solutions to the Federal Government throughout the nation. We are viewed by our Federal Customers (Air Force, DHS, Army, Navy, CENTCOM, DHA, EPA, GSA) as a trusted partner with a track record of successful past performance and superior customer value.

 

Without question, our company's strength lies in our people – Over 250 men and women who are deeply passionate about client partnership, reliable delivery, and successful results. We are looking for individuals who share this aspiration and invite you to join us in work that truly makes a difference for our clients. BlueWater is experiencing rapid growth and is expanding our professional team to successfully support achievement of business goals.

 

BlueWater Federal is looking for a Senior Cybersecurity Specialist to support the US Army Reserve Command (USARC) at Ft. Bragg and join our dynamic Cybersecurity Team. This team developed and operated the Army Reserve Network (ARNet). The ARNet is an unclassified network of over 65,000 work stations and over 4000 servers and network devices supporting approximately 205,000 total Army Reserve personnel to include military, civilian, and contractors.  The USARC has over 138 systems and applications currently hosted and utilized on the ARNet.

 

Individual will provide cybersecurity services to enable and ensure USARC CIO/G-6 Cybersecurity Branch and Cybersecurity Program Management Division maintain 95% or higher Federal Information Security Management Act (FISMA) Compliance and Authority to Operate on the Department of Defense Information Network (DoDIN).

Responsibilities

  • Ensure and validate the application of security patches for commercial products are integrated into system design and meet the timelines (7 days for critical and 21 days for all others) for the intended operational environment and ensure non-compliant devices are quarantined.
  • Ensure Cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level. System must be at least 95% compliant.
  • Conduct process reviews to ensure all Cybersecurity functions adhere to established regulations and guide-lines, and the deployment of systems and practices that maintain the protection, detection, and reaction capabilities of the USAR network.
  • Conduct and report inspections, assessments, and security reviews for USAR ARNet and SARNet networks weekly to the COR.
  • Provide written input and guidance to annual reviews and assessments for the USAR Compliance Assessment Program for ARNet and SARNet networks.
  • Provide compliance assessment reports and analyses derived from the use of government provided scanning tools or checklists for all USAR networks to the COR at least weekly or more often based on current cyber threats.
  • Collect, compile and report program compliance metrics and numbers for networks, devices, personnel and systems into Enterprise Mission Assurance Support Service (eMASS) and USAR Account Management and Provisioning (ARAMP) for all USAR networks for review by COR.
  • Provide threat modeling analysis and reports in support for USAR Compliance Assessment Program and DoD Risk Management Framework, which provides a comprehensive and quality security review and guidance through-out the lifecycle of all USAR networks at least annually for all hosted applications or systems. There are approximately 40 systems and 6 network enclaves.
  • Provide Cybersecurity related analysis as well as test and evaluation support for the Cybersecurity certification and accreditation of all USAR network at least annually for all hosted applications or systems. There are approximately 40 systems and 6 network enclaves.
  • Conduct security reviews. Contractor shall test and evaluate all USAR networks application documentation and report test and evaluation results to the COR.
  • Implement and/or integrate security measures for use in system(s) and ensure that system designs incorporate security configuration guidelines. Contractor shall implement security designs and approaches to resolve vulnerabilities, mitigate risks, and recommend security changes to system or system components.
  • Integrate automated capabilities for updating or patching system software where practical and develop processes and procedures for manual updating and patching of system software based on current and projected patch timeline requirements for the operational environment of the system at least weekly.
  • Provide vulnerability and compliance assessment reports and analyses derived from the use of government provided scanning tools i.e., Assured Compliance Assessment Solution (ACAS) and DoD Host Based Security System (HBSS) or manual checklists for USAR ARNet and SARNet networks to the COR.
  • Conduct Analysis and Application Risk Assessments and Software Source Code Analysis utilizing manual and automated methods such as HP Fortify or a successor program to find vulnerabilities and risk mitigation strategies in support of the USAR Compliance Assessment Program for all USAR networks, systems, devices and applications annually for all hosted applications and systems on SARNet and ARNet and provide results to the COR.
  • Perform the identification and removal of unauthorized software on all USAR networks and information systems. Ensure all installed software is authorized maintaining at least 95% compliance.
  • Manage the Information Assurance Vulnerability Alert (IAVA) System for all USAR networks. Contractor shall collect, compile, and report IAVA for ARNet and SARNet, devices, and systems.
  • Verify 95% compliance of all network devices with NIST STIGs and monitor and manage POA&M tracking.
  • Use Security Content Automation Protocol or any other Government provided designated tool such as Tanium, Varonis, HPFORTIFY to automate the configuration, vulnerability and patch checking, technical control compliance activities, and security measurement of supporting devices for USAR network.

Qualifications

  • Bachelor’s Degree and 9+ Years of cybersecurity experience
  • Must have a current Secret Clearance
  • DoD 8570 IAM III Certification (CISM, CISSP, or GSLC plus CompTIA Security + or equivalent) is required

 

 

BlueWater Federal is an Equal Opportunity Employer

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed