|Date Posted||March 24, 2021|
This position has technical responsibility for cyber security of projects from conception to delivery and maintenance for computer based applications used primarily in United States Military applications.
Duties and Responsibilities
• Serve as Cybersecurity Subject Matter Expert (SME) for project teams
• Work with customers, management, and project teams to gather, comprehend, and clearly articulate security-related requirements, success criteria, and metrics
• Develop DOD security authorization package documentation including Platform IT (PIT) Designation requests, PIT Risk Acceptance (PRA), and Authority to Operate (ATO) under RMF for DOD projects
• Develop supporting documentation including System Security Plans (SSP), POA&Ms, Ports, Protocols, and Services (PPS) reports, and artifact collections such as scan reports and checklists
• Review and assess compliance of client development projects against RMF security controls, assessing and documenting applicability/non-applicability, how the controls have been implemented, and risk mitigations
• Use automated scanning tools (i.e., Nessus and DISA SCC tool) and perform manual checks to assess security baseline of Client developed projects against relevant DISA STIGs and SRGs
• Configure and apply antivirus tools to Client developed systems as required
• Work with development teams to assess and remediate vulnerability findings when possible by applying patches and configuration settings
• Document open vulnerabilities (STIGs and patches) with justifications and/or remediation recommendations and create, track, and report POA&Ms to resolution
• Serve as liaison between Client project teams and partner, customer, and DOD security personnel to clarify security requirements, report progress, and resolve issues
• Estimate and plan work efforts, evaluate risks, and develop and report key metrics for reporting to management
• Monitor, evaluate, and continuously improve Client project teams' security efforts by being a trusted advisor, facilitator, and problem solver
• Rigorously document work procedures and train others to perform tasks as required
• Share best practices and identify opportunities to implement improvements to company engineering organization cybersecurity-related work instructions and project team procedures
• Continuously monitor developments in DOD cybersecurity policies and proceduresAdditional Job Requirements:
Final Secret Clearance, CISSP or equivalent certification required for
• No remote work available.
• Degree required - should be engineering degree
• Person will be a builder of cybersecurity. Front end analysis of a network
prior to being built.
• This is an engineering role and not an IT role.
• Candidates should come from a DoD background.
Prescreener questions that are required with each submittal -
1. Describe your experience in selecting and tailoring cyber security controls
into a system within your organization.
Education and Experience
• Bachelor's degree in Engineering, Computer Science, IT, or Cybersecurity
• 4 or more years of experience in cybersecurity related work
• Prior experience with vulnerability scanning and antivirus tools including Tenable Nessus, STIG viewer (and STIGs), DISA SCC tool and benchmarks, and McAfee
• Prior hands-on experience imaging, installing, patching, and configuring physical and virtual Windows and Linux operating systems and network devices
• Knowledge of DOD/DON cybersecurity compliance processes including DoD 8500.01, DODI 8510.01 / RMF Framework and controls, OPNAVINST 5239.1D, and DISA STIGs / SRGs
• Prior experience developing DOD/DON compliance documentation including PIT Designation, PRA, System Security Plans (SSP), and POA&Ms
Skills, Knowledge and Conditions
• Excellent computer skills with strong proficiency in Microsoft Windows, Microsoft Office package (Outlook, Excel, Word, PowerPoint, Project, Access, Visio). Working knowledge of project management systems and AutoCAD Electrical.
• Works well individually or in a group setting
• Effectively works well with other employees
• Ability to work under pressure and time constraints
• Willingness to travel (15%)
• Must be able to obtain a security clearance, if required
Nesco Resource and affiliates (Lehigh G.I.T Inc, and Callos Resource, LLC) is an equal employment opportunity employer and does not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, disability, age, or veteran status, or any other legally protected characteristics with respect to employment opportunities.