General Dynamics Information Technology is currently looking for a dedicated Cyber Security Specialist support the Information Management Division (IMD) at the United States Army Medical Research Institute of Infectious Diseases (USAMRIID) in Ft. Detrick, MD. The implementation of Information Assurance (IA) within USAMRIID’s research program must be delicately balanced to comply with regulations and policies, yet retain the greatest flexibility possible to provide researchers an optimal secure IT environment in which to conduct their research.This position will assure the Institute is adhering to all relevant DoD, Army, Federal, and other relevant regulations and requirements. This position shall understand and apply regulations, policies, standard operating procedures, and other documents that relate to IA and cyber security and shall remain compliant with changes in all applicable requirements.
Assist, support, and report to USAMRMC and NEC IAMs as directed by the IA branch chief.
Provide IA security guidance to Help Desk and Technicians as needed.
Ensure that 100% of USAMRIID users have completed CURRENT training requirements for Cyber Security, as defined in AR25-2 by using the Army Training and Certification Tracking System (ATCTS) to record IA training status of all USAMRIID personnel. Ensure that personnel are notified prior to expiration of training and that personnel have the necessary system access to complete training in a timely manner.
Provide administrative support to USAMRIID Security manager during events that involve cyber security threats or attacks.
Report security violations and incidents to the USAMRIID Chief Information Officer (CIO) in accordance with regulations and policies.
Perform Personal Information Assessments (PIA) as needed to ensure that no Personally Identifiable Information (PII) is at risk in any systems.
Provide on-call support during non-business hours.
Enforce the Army IA security and training program. Ensure all users have completed the mandated awareness training as required and maintain IA training and certification records for all personnel. A monthly training compliance report will be delivered to the IA branch chief on the last business day of each month.
Enforce Information Assurance Vulnerability Management (IAVM) dissemination, reporting, compliance, and verification procedures as described in regulations, policies, and Army Best Business Practices. IAVA compliance will be measured against metrics included in scorecard reporting.
Complete all scorecard reporting requirements. Scorecard reporting is to be delivered to the IA branch chief no later than 3 working days before scorecard due date.
Report security violations and incidents to the servicing RCERT in accordance with Incident and Intrusion Response policy. At a minimum, an executive summary for all incidents must be completed no later than 24 hours after IA has been notified of an incident.
Prepare the institute for IT security inspections, assessments, tests, and reviews using available Army approved products, checklists, and programs. Assessment reports regarding IA readiness for any inspection will be delivered to the IA branch chief as needed prior to inspections, assessments, tests, or reviews.
Verify that all ISs within the scope of responsibility are properly certified and accredited in accordance with Risk Management Framework (RMF) and CM policies and practices before operating or authorizing the use of hardware and software on an IS or network.
Maintain a repository for all systems Assessment and Authorization (A&A) documentation and modifications, version control, and management of GOTS, COTS, and non-developmental items (NDIs) for USAMRIID using the Enterprise Mission Assurance Support Service (eMASS). Conduct semi-annual reviews of all ISs and networks to ensure no security changes have been made to invalidate the Authorization to Operate (ATO). Review all IA ATO support documentation packages and system fielding, operations, or upgrades requirements to ensure accuracy and completeness, and that they meet minimal risk acceptance standards.
Conduct risk assessment for all incoming systems (major IT systems) and make recommendations regarding additional protection mechanisms necessary prior to operation of the incoming ISs.
Maintain current baseline and computing environment certifications based on current Army Training best business practice. You will be responsible for all certification related maintenance fees and costs.
Submit and track all software Certificate of Networthiness (CoN) or RMF Assess Only (RAO) submissions. Report CoN/RAO status for required scorecard reporting as needed.
Implement and maintain all locally required IA guidance, policies, procedures, and regulations. Annual review of policies and revise as needed. Submit report of annual review to IA branch chief.
Ensure that IA personnel are maintaining and auditing access and log data using approved and available tools. Maintain and Monitor network security status utilizing SecureVUE or Splunk.
5+ experience within IT, Cyber Security/Information Security environment
Experience with Risk Management Framework (RMF)
Must have at least one certification: CISSP, CAP, CASP+CE, CISM, GSLC or CCISD
Must be a US citizen
Interim Secret clearance or Active Secret clearance HIGHLY preferred
CISSP or CAP Certification preferred
Experience with Enterprise Mission Assurance Support Service (eMASS)
Active Secret clearance HIGHLY preferred
We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.
GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.