Duties include Supporting excellent verbal and written communication skills and document appropriately within a RMF system and coordinate with other security personnel. Prepare documentation from templates, such as Configuration Management Plan (CMP), Incident Response Plan (IRP), Information System Contingency Plan (ISCP), and Plan of Action and Milestones (POA&M) to ensure compliance. Must be able to identify vulnerabilities, identify resolutions to bring to management for resolution. Review vulnerabilities (patches, updates, and compliance) SCAP, DISA, STIG scans on the infrastructure and applications to ensure patch and configuration compliance. Prepares SAA package(s) to obtain and maintain an authority-to-operate (ATO).
Minimum/General Experience: Three (3) years of experience or more assessing and documenting results for system(s), infrastructure(s) and applications (on-premises and cloud (i.e., AWS GovCloud and/or Azure GovCloud)) against NIST SP 800-53 security controls and SP 800-171 Risk Management Framework (RMF) processes.
Education: Bachelor’s Degree in computer security or a related field of Study; Information Security Certification(s) (e.g., CISSP, CAP, etc.) with five (5) years of documented work experience in lieu of education.
Preferred Additional Skills:
Experience in a cyber-risk and compliance management system (e.g., Xacta, Risk Vision, etc.);One (1) year experience or more configuring, performing, scheduling, reviewing, and assessing vulnerability (i.e., patches, updates, etc.) and compliance (i.e., Security Content Automation Protocol (SCAP) and/or Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIG)) scans on the infrastructure and applications to ensure patch and configuration compliance on-premises and in the cloud (AWS preferred).
Technical background that will assist in assessing the NIST SP 800-53 security controls and gather evidence to support conclusions.
Knowledge of operating systems, network, and application security to aid implementation of information security and assurance principles.
Knowledge of SPLUNK software and tools; and Taclane, encryption devices and COMSEC technology.
About Our Work
We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.
GDIT does not have a vaccination mandate applicable to all employees. To protect the health and safety of its employees and to comply with customer requirements, however, GDIT may require employees in certain positions to be fully vaccinated against COVID-19. Vaccination requirements will depend on the status of the federal contractor mandate and customer site requirements.
GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.