LOCATION: National Capital Region - Washington, DC or Northern Virginia
EXPERIENCE LEVEL: Advanced
CLEARANCE: TOP SECRET/SCI
WORK ROLE DESCRIPTION:
Responsible for the analysis and development of the integration, testing, operations, and maintenance of systems security.
TASKS:
T0015: Apply security policies to applications that interface with one another, such as Business-to-Business (B2B) applications.
T0016: Apply security policies to meet security objectives of the system.
T0017: Apply service-oriented security architecture principles to meet organization's confidentiality, integrity, and availability requirements.
T0085: Ensure all systems security operations and maintenance activities are properly documented and updated as necessary.
T0086: Ensure that the application of security patches for commercial products integrated into system design meet the timelines dictated by the management authority for the intended operational environment.
T0088: Ensure that cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level.
T0123: Implement specific cybersecurity countermeasures for systems and/or applications.
T0128: Integrate automated capabilities for updating or patching system software where practical and develop processes and procedures for manual updating and patching of system software based on current and projected patch timeline requirements for the operational environment of the system.
T0169: Perform cybersecurity testing of developed applications and/or systems.
T0177: Perform security reviews, identify gaps in security architecture, and develop a security risk management plan.
T0187: Plan and recommend modifications or adjustments based on exercise results or system environment.
T0194: Properly document all systems security implementation, operations, and maintenance activities and update as necessary.
T0202: Provide cybersecurity guidance to leadership.
T0205: Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).
T0243: Verify and update security documentation reflecting the application/system security design features.
T0309: Assess the effectiveness of security controls.
T0344: Assess all the configuration management (change configuration/release management) processes.
T0462: Develop procedures and test fail-over for system operations transfer to an alternate site based on system availability requirements.
ABILITIES:
A0015: Ability to conduct vulnerability scans and recognize vulnerabilities in security systems.
A0123: Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
EDUCATION:
Bachelor degree or higher from an accredited college or university
Prefer an accredited Computer Science, Cyber Security, Information Technology, Software Engineering, Information Systems, or Computer Engineering degree; or a degree in a Mathematics or Engineering field.
CERTIFICATION REQUIREMENT(S) (e.g., DoD 8570.01-M):
IAT, IAM, or IASAE Level 3