Cybersecurity Lead with Security Clearance

at Computer World Services Corp
Published January 21, 2023
Location Fayetteville, NC
Category Default  
Job Type Full-time  


Job Details Job Description Computer World Services, Corporation (CWS) is seeking an exceptional candidate to serve as Cybersecurity Lead for the United States Army Reserve (USAR) Command Control Communications, Computers, & Information (C4IM) Information Technology Support Services (ITSS) program responsible for performing non-personal Information Technology (IT) Services and support requirements. United States Army Reserve Command (USARC) G-6 owns and operates Army Reserve Network (ARNet) and Secure Army Reserve Network (SARNet) to provide continuous secure and nonsecure data, voice, and video transport, data center services, hosted applications, file services, collaboration tools, cybersecurity, remote access, continuity of operations, and customer service across the USAR enterprise IAW Army Regulation (AR) 25-1 Army Information Technology and other governing documents and outlined in the Army's Command, Control, Communications, Computers and Information Management (C4IM) Services List. These services are provided to 65,000 users with network accounts at approximately 700 locations, primarily in the continental United States with a few in Puerto Rico, Europe, Asia, and the Pacific region. 2 of the locations contain the primary and secondary enterprise network processing centers. The Candidate is responsible for using current information security technology disciplines and practices to ensure the confidentiality, integrity and availability of corporate information assets in accordance with established standards and procedures. Develops and maintains knowledgebase on changing regulatory, threat, and technology landscapes to continually develop or maintain security policies and standards and ensure compliance throughout the organization. * The success candidate will have experience with Information Technology support within a federal government environment (DoD preferred) and demonstrated experience in IT services contracts. Effective written and verbal communication skills and the ability to maintain high levels of customer satisfaction. The candidate will have expertise in managing performance, cost, schedule, and quality to meet or exceed requirements. Job Requirements: Key Tasks and Responsibilities * Cybersecurity Lead responsible to protect and defend USAR information and information systems across USAR managed Army DoDIN environments by ensuring the availability, integrity, authentication, confidentiality, and non-repudiation of the system. This includes provisions for restoration of information systems by incorporating protection, detection, and reaction capabilities. Additionally, oversees COMSEC activities IAW AR 25-12. Leads the team in the execution of the following tasks: * Provide cybersecurity services including measures necessary to detect, document, remediate and counter cyber threats. Enforce cybersecurity measures on commercial and Government off the shelf software, freeware, shareware, Program Management (PM) system fieldings, beta tests, application and system configuration within COTS capability, network access, IT acquisition policies, connectivity, cybersecurity tools, and authorized software and system management controls. Contractor shall ensure 100% compliance on ARNet and SARNet 100% over the month. * Ensure cybersecurity guidance, processes and policies are followed. Contractor shall ensure all enterprise network hardware and software are properly certified and accredited within 2 hours of installation on network. * Perform cybersecurity scans and assessments of all current and future enterprise network hardware and software and recommend risk management guidelines. Assessments will be requested through Customer Service ticket system and shall be completed within 7 days of receipt of request. * Operate and maintain enterprise network hardware and software IAW the Authorization to Operate (ATO) for all USAR networks. Maintain the security posture of the USAR IT Systems IAW Risk Management Framework (RMF) Package maintained in Enterprise Mission Assurance Support Service (eMASS), Plan of Action and Milestones (POA&M), the Information System Security Manager (ISSM) Program, and the appropriate accrediting authority. Assess and authorize activities of USAR managed systems by conducting research, reviewing documentation and providing input for Risk Management Framework (RMF) packages in eMASS. RMF updates shall be made within 30 work days of findings 100% over the month. * Monitor user compliance IAW AR 25-1 and AR 25-2 requirements in coordination with USAR ISSM; draft user guidelines and other communication media for Government approval; and provide assistance to USAR subordinate Commands regarding application of IT standards, certifications, and training requirements. Non-compliant user accounts shall be notified of status on login screen for 15 days, then quarantined until remediated 100% over the month. Monthly count of non-compliant user accounts and remediation efforts shall be included monthly in Technical Status Report. * Ensure IT devices and networks are Army Information Assurance Vulnerability Management (IAVM) and Antivirus Program (AVP) compliant. This includes IAVM acknowledgment, patching, updates, completion and reporting of all other corrective actions within specified timelines IAW the applicable accrediting authority. IAVM acknowledgment shall be not later than 4 hours of receipt 100% over the month. Change orders shall be submitted for patches and updates within 3 days of receipt. Patches and updates shall be applied no later than 10 days of ERB/TRB approval 100% over the month. Dates of IAVM and AVP updates received, acknowledged, and applied shall be included monthly in Technical Status Report. * Ensure that log files and audits are maintained and reviewed for all systems. Ensure that authentication policies are audited and in compliance with the Federal Information Security Management Act (FISMA). Monitoring and audits are continuously performed by automated monitoring tools. Contractor shall set tools to generate daily reports of anomalies and alerts for review. Reports shall be generated daily for the previous 24 hours and submitted to Cyber Program Manager by 7:30 a.m. daily 100% over the month. * Operate and maintain USAR network security stack consisting of physical or virtual firewalls, intrusion detection systems (IDS), intrusion protections systems (IPS), port security, posturing, profiling, scanning, and other defense in depth appliances and systems. Network security stack uptime is 100% over the month, with no access to ARNet and SARNet in absence of fully functioning security stack systems. * Report information systems security violations and incidents to USAR Cybersecurity Program Management (CSPM) within 30 minutes of discovery 100% over the month. Contractor shall conduct remediation and restoral, document and report results to CSPM within 7 days of incident 100% over the month. Ensure changes to enterprise systems shall not compromise USAR cybersecurity posture. * Collect, document, and turn in for destruction classified media and hardware within 5 days of permanent removal from service 100% over the month. Report of items destroyed shall be included monthly in Technical Status Report. Education & Experience * BA/BS Degree with 12+ years of experience or MA/MS with 10+ years of experience (required) Certifications * DoD 8570.01-M baseline certified (required) * Industry certifications relevant to the position (required) Security Clearance * US Government Secret (T3) clearance is required Other (Travel, Work Environment, DoD 8570 Requirements, Administrative Notes, etc.) * Travel to CONUS and OCONUS locations to meet mission requirements and undergo training maybe required. The support outside Ft. Bragg, NC including OCONUS if required, will be designated as TDY. EOE AA M/F/Vet/Disability EEO is the Law:

Drop files here browse files ...