Computer World Services, Corporation (CWS) is seeking an exceptional candidate to serve as Cyber Security Senior - SME Defense - SME for the US Army Regional Cyber Center – Continental United States (RCC-CONUS) program responsible for performing non-personal Information Technology (IT) Services and support requirements. RCC-CONUS is responsible to operate, manage, and defend the Army’s NIPRNet and Secure Internet Protocol Router Network (SIPRNet) CONUS portion of the GIG, and the NIPRNet and SIPRNet DoDIN-A. The RCC-CONUS functions as part of a larger joint environment, responding to the Theater Combatant Commanders, the ARCYBER, and the Army Cyber Command’s Army Cyberspace Operations and Integration Center (ACOIC), which operates the GIG in support of Department of Defense (DoD) operations around the world. Services include Network and System Modernization, Cyber Defensive Operations, Defensive Cyber Assessments, Defensive Cyber Infrastructure Support, Threat & Data Analytics, DoDIN Operation Support, Network Management, Systems Management, IT Lifecycle Management, IT Service Management (ITSM), Portfolio/IT Investment Management, and Theater Operations and Service Desk support.
The candidate will provide Cyber Security services to aid the Government in securing DODIN-A information systems and networks (NIPRNet, SIPRNet) as dictated by AR 25-2, AR 380-5 and all other applicable DoD, Army and RCC-CONUS security policies and procedures.
Key Tasks and Responsibilities
- Responsible for Vulnerability Management for all services for which the RCC-CONUS provides O&M support; Access Management for all provisioning network access for all RCC-CONUS employees; physical access control of the RCC-CONUS Network Operations Facilities (NOF); Command Cyber Readiness Inspections (CCRIs) and CSSP inspections preparation, visit and remediation; Security Assistance Visits (SAVs) preparation, visit and remediation; auditing of services, access, usage, etc., as outlined in existing policy and regulatory guidance; system authorization/Risk Management Framework (RMF) documentation and maintenance and Cyber Security Service Provider documentation and maintenance.
- Responsible for documenting all established security processes and provide to Government for review and/or approval.
- Establish a vulnerability management process to identify, classify, prioritize, remediate and/or mitigate, verify, and document existing vulnerabilities to the network and information systems.
- Establish a vulnerability management plan to formalize their approach in maintaining, enhancing, and verifying the security posture of the network.
- Familiar with secure and reliable connectivity of Enterprise and Cloud Systems.
- Responsible for monthly vulnerability scanning of all services for which the RCC-CONUS provides O&M support.
- Coordinate any findings with RCC-CONUS system and/or network owners for corrective action. The Contractor shall properly apply patches to the devices to remediate.
- Adhere to Government security guidelines by using IAVMs and other published guidance for vulnerability tracking and remediation.
- Record all scans and actions taken, to include POA&M and mitigation plans, in DoD and/or other RCC-CONUS approved tracking system.
- Responsible for tracking all published IAVAs with RCC-CONUS current vulnerability status and maintain the IAVM compliance information in the Army/DoD designated tool.
- Prepare any IAVA impact statements, extension requests, scorecards, and compliance reporting on a weekly basis.
- Verify RCC-CONUS system owner security policy and IAVM compliance through regular network audits as dictated by existing regulatory guidance and policies.
- Responsible for including an approach for auditing required network controls, access, usage, unauthorized software, anti-virus definitions, etc. to include identifying the security posture of the network.
- Provide a monthly report summarizing audit findings which includes issue, prioritization, and remediation.
- Identify analyze and report any security breaches, to include virus reports, spillage, security leaks, or password compromise.
- Perform all management services for all accounts, credentials, badges, and network access for all RCC-CONUS employees (approximately 300+ Government and Contractor personnel) using a Role-Based Access Control approach to standardized access based upon the employee’s function within the RCC-CONUS.
- Responsible for issuing accounts, credentials and badges based solely on the identified employee function and verification of the certification/training necessary to provide privileged access.
- Manage certification and training requirements required for account and network access (privileged/non-privileged) and any other training specified in Section 5 for all RCC-CONUS employees within Army Training and Certification Tracking System (ATCTS).
- Provide a monthly status report for RCC-CONUS training and certification compliance to the Government.
- Manage the In and Out processing of all RCC-CONUS employees which includes but is not limited to account issuance and closure, issuance and collection of badges, tokens and keys, etc.
- Provide physical security and access control for the RCC-CONUS NOF and extended facilities/rooms within Greely Hall in compliance with all existing policy and regulatory guidance (RCC-CONUS Security Policy, NETCOM G2, ARCYBER, DOD, etc.).
- Must be familiar with DISS to validate security clearances.
- Perform periodic walk-throughs and monthly inspections to ensure adherence to established security procedures and policy within the RCC-CONUS.
- Provide the results of the inspection to the Government monthly.
- Track remediation of all findings through closure. The Contractor shall perform these functions in support of the RCC-C Government Security Manager.
- Provide escort services to ensure external personnel have controlled access to the RCC-CONUS NOF to remediate facility health and safety concerns, cleaning staff, and warranty repairmen as required. All escort duties will be coordinated in advance by the Government to provide the Contractor sufficient notice for staffing.
- Report all escort duties via a monthly report for tracking purposes.
shall sanitize unclassified and classified hard drives or other storage devices prior to turn-in, disposal and/or re-issuance.
Education & Experience
- BA /BS or an MA/MS preferred from an accredited university (required)
- Minimum of 12+ years of related IT experience (required)
- Substitution Allowance (MA/MS with 10+ years’ experience can be substituted for above requirements)
- "IAT Level III Baseline Certification, Certified Authorization Professional (CAP) certification"
- Top Secret/SCI clearance (Required)
- US Citizen or permanent resident
Other (Travel, Work Environment, Administrative Notes, etc.)
- Travel to CONUS and OCONUS locations to meet mission requirements and undergo training maybe required. The support outside Fort Huachuca, AZ including OCONUS if required, will be designated as TDY.
Computer World Services is an affirmative action and equal employment opportunity employer. Current employees and/or qualified applicants will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, gender identity, national origin, disability, protected veteran status, genetic information or any other characteristic protected by local, state, or federal laws, rules, or regulations.
Computer World Services is committed to the full inclusion of all qualified individuals. As part of this commitment, Computer World Services will ensure that individuals with disabilities (IWD) are provided reasonable accommodations. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact Aaron McClellan in Human Resources at 314.952.5138 or firstname.lastname@example.org.
This job has expired.