Role: Compliance Detection Lead
Location: Fort Knox, KY OR Remote Work
Education/Certifications: MA/MS preferred; Security+; IAT Level III; Computing Environment Certification
Years of Experience: 10+
Clearance Level & Investigation: Secret
IA Cert Level (DoD 8570.01): IAT Level III (CISSP, CISM, CASP+, or CISA recommended)
Computing Environment Certifications: Required
Job Description:
Qualifications:
- Serves as Compliance Detection Lead with experience gathering data on information systems and device configurations, which is used for system identification, maintenance, cyber threat assessment and investigation, vulnerability detection, or system exploits.
- Must have experience working with and understanding of DISA information assurance vulnerability alert (IAVA) announcement of a computer, application, software, or operating system vulnerability.
- Leads and participates in analysis of actual and predictable interacting operational activities of business to obtain a quantitative, rational basis for decision making through the application of logic and scientific or economic disciplines and techniques.
- Ability to devise modeling and measuring techniques; utilizes mathematics, statistical methods, engineering methods, operational mathematics techniques (linear programming, game theory, probability theory, symbolic language, etc.), and other principles and laws of scientific and economic disciplines.
- Ability to demonstrate a complete understanding and wide application of technical principles, theories, and concepts within the Cyber Research field and provide consultation to technical solutions over a wide range of complex difficult problems in which proposed solutions are imaginative, thorough, practicable, and consistent with organization objectives.
- Professionally certified as Technical Level Ill as defined by DODI 8570 is a requirement.
Specific Responsibilities:
- Support execution of contract transition to ensure minimum service disruption to vital business and no service degradation during and after transition; ensure continuity of services while helping onboard personnel and jointly inventory intellectual and real property.
- Coordinates and manages Risk Management Documents (RMDs) to include Plans of Action and Milestones (POA&Ms), Risk Acceptance (RAC), Memorandum for Records (MFRs), Operational Impact Statements (OIS), and Waivers for all assigned boundaries and application ATOs for approving signature and delivers to the assigned Government representative.
- Reviews and validates compliance or non-compliance IAW CCI, STIGs and SRGs for each finding or vulnerability IAW RMF.
- Conducts security control, Security Technical Implementation Guide (STIG), and all other Army directed compliance validation inspections in accordance with RMF procedures.
- Provides surge support, technical guidance, and expertise in the areas of Cybersecurity to support Customer, Mission Partners, IMOs, ISSOs, IS Owners, Software Developers, Network System, and Database Administrators IAW all related cyber regulations and directives; provide results in reports, briefs, and deliverables as required to the appropriate Government representative.
- Provide Cybersecurity surge support in the event of real world or additional requirements in support of RMF compliance checks and documentation review across authorization boundaries, including, but not limited to:
- Perform security review preparation for all security controls associated with RMF applicable to an assigned authorization boundary based upon the Confidentiality, Integrity, or Availability designation.
- Perform on site or off-site reviews of all information systems to audit and validate compliance with associated security controls.
- Perform as reviewers of audit teams during inspections, assessments, evaluations, audits, etc.
- Provide reports to the assigned Government representative as required.
- Provide reviews, validation, and deliverable efforts in support of compliance or non-compliance IAW CCI, STIGs and SRGs for each finding or vulnerability IAW RMF.
- Provide embedded Cybersecurity support across Customer or other supported organizations as required.