Cybersecurity Support Specialist - Norfolk, VA, United States - Marathon TS Inc

    Marathon TS Inc
    Marathon TS Inc Norfolk, VA, United States

    3 weeks ago

    Default job background
    Technology / Internet
    Description
    Cybersecurity Support Specialist (RMF) Norfolk VA Marathon TS is seeking a Cybersecurity Support Specialist to support a Federal customer in Norfolk VA
    This position will be onsite with the possibility to eventually telework up to one (1) day per week
    Responsibilities


    • Act as the Information System Security Engineer (ISSE) by providing technical support for the Risk Management Framework (RMF) Assessment and Authorization (A&A) process.
    • Establish RMF Security Plan in eMASS.
    • Ensure proper Architecture, Boundary, and Dataflow diagrams are completed for systems being authorized.
    • Inventory and documentation of hardware/software/firmware within assessment boundary.
    • Develop Continuous Monitoring Strategy.
    • Completion of eMASS Implementation Plan based on Continuous Monitoring Strategy.
    • Ensure 100% execution of the approved Security Assessment Plan.
    • Ensure ACAS automated vulnerability scans are completed on all assets within assessment boundary and establish hardened baseline configuration with consistent, repeatable successful results.
    • Ensure system(s) are DISA STIG compliant - through SCAP scripts and manual checks.
    • Maintain the RMF POA&M to accurately portray the risk posture of assigned solutions.
    • Detail all relevant mitigation and remediation activities to vulnerabilities noted on the RMF POA&M through the Change Management Process.
    • Ensure all RMF documentation is updated based on change and vulnerability management efforts.
    • Perform continuous security reviews of RMF Security Controls (per approved continuous monitoring strategy).
    • Support the development of the Plan of Action and Milestones (POA&M) and the development and update of the Security Authorization Package (SAP).
    • Assemble all required documentation as outlined by the ISSM for the RMF packages.
    • Assess security controls, Security Technical Implementation Guides (STIGs), and Assured
    • Compliance Assessment Solution (ACAS) scans in accordance with governing policies for servers, networking equipment, workstations, etc.
    • Process, maintain compliance, and verify completion of ACAS, STIG, and SCAP files, report any open findings or vulnerabilities to the program, propose and implement mitigations as required and construct necessary POA&M when required.
    • Monitor cyber security compliance for all systems using tools to include but not limited to the Enterprise Mission Assurance Support Service (eMASS), Vulnerability
    • Remediation Asset Manager (VRAM), and Assured Compliance Assessment Solution (ACAS).
    • Administer the ACAS server and vulnerability scans.
    • Apply security updates to the ACAS server application and Linux operating system as required.
    • Assist the ISSM in the development or modification of any policies, plans, and documentation required for the accreditation of all systems.
    • Administer and monitor Host Based Security System (HBSS) servers to maintain optimum operating status and install required server and client updates to HBSS components within mandated time-lines.
    • Make approved policy changes to HBSS configuration when required.
    • Provide a monthly status report which contains the progress of work on assigned tasks and future work plans for the upcoming month
    Qualifications


    • Active Secret security clearance.
    • Must have current cyber security qualifications to perform IT privileged administrative functions in accordance with the DoD Cyberspace Workforce Framework (DCWF) and the DoDM , Cyberspace Workforce Qualification and Management Program.
    • Experience with monitoring information system security compliance using Enterprise Mission Assurance Support Service (eMASS), Vulnerability Remediation Assurance Manager (VRAM) and Assured Compliance Assessment Solution (ACAS).
    • Must have a minimum of 5 years' Navy Assessment and Authorization (A&A) process experience with Risk Management Framework (RMF).
    • Must have a minimum of 5 years' experience administering the DISA Endpoint Security Solutions (ESS), formerly called Host Based Security System (HBSS) or have successfully completed the Endpoint Security Solutions (ESS) Administrator 201 ePO 5.10 and Endpoint Security Solutions (ESS) Advanced Administrator 301 ePO 5.10 courses
    Courses can be completed online at /.

    Must meet at least one of the following requirements:

    Education:
    Associate degree or higher from an accredited college or university conferred within the past 5 years.

    Training:
    Offerings listed in DoD 8140 Training Repository ( )

    Personnel Certification:
    (ISC)2 Certified Authorization Professional or CompTIA Advanced Security Practitioner or EC-Council Certified Chief Information Security Officer (CCISO) or (ISC)2 Certified Cloud Security Professional (CCSP) or ISACA Certified Information Security Manager (CISM) or (ISC)2 Certified Information Systems Security Professional (CISSP) or CompTIA Cloud or (ISC)2 Systems Security Certified Practitioner (SSCP) #cjjobs Marathon TS is committed to the development of a creative, diverse and inclusive work environment
    In order to provide equal employment and advancement opportunities to all individuals, employment decisions at Marathon TS will be based on merit, qualifications, and abilities

    Marathon TS does not discriminate against any person because of race, color, creed, religion, sex, national origin, disability, age or any other characteristic protected by law (referred to as "protected status ").