Advise system owner and ISSM regarding security considerations in application and information systems procurement or development, implementation, operation, and maintenance, and decommissioning activities
Manage all cybersecurity program activities, prioritize efforts, and assign tasks to team members, ensuring that deadlines are met and security posture is sustained at an acceptable level
Perform asset identification and risk assessments to determine an appropriate level of security commensurate with the categorization impact level
Develop and maintain Risk Management Framework (RMF) Body of Evidence (BoE) artifacts to include system security plans, contingency plans, boundary diagrams, and Standard Operating Procedures, for all systems under their responsibility
Manage Assess Only, Assess and Authorize and Annual Review RMF Authorization efforts in the Enterprise Mission Assurance Support Service (eMASS) system
Lead self-assessment of information system safeguards and program elements and partner with security control validation and cybersecurity inspection teams during various types of audits
Notify the government of any suspected incidents in a timely manner, and assist in the investigation, containment and reporting of incidents, and information spillages as necessary
Control, label, virus scan and appropriately transfer data ( upload/download) between information systems at varying classification levels
Conduct research and analysis on the impacts on system modifications, technological advances, and malicious codes and recommend data analytics technologies for security event management
Perform Security Information and Event Management activities for applicable information systems and explore opportunities to enhance visibility of security posture.
Review and recommend software through research and due diligence based on threat profile and/or vulnerabilities and remain informed of the various DoD application approval inventories
Manage Information Security Continuous Monitoring (ISCM) strategy for all assets to maintain ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions and maintain Authorizations
Perform security impact analysis for configuration changes and attend Change Control Board Meetings to inform stakeholders and board members of findings
Work with internal and external agency cybersecurity personnel to ensure system interconnections are analyzed and Authority to Connect (ATC) actions are completely as necessary
Initiate and manage authorization actions, to include creation of BoE artifacts for all Cross Domain Solutions and Commercial Solutions for Classified Capability Packages
Conduct vulnerability management scanning and remediation actions for all information system assets under the customer’s responsibility and provide custom reports as necessary.
5+ years of experience and a Bachelors Degree in Computer Science or a related technical discipline, or the equivalent combination of education, professional training or work experience.CISSP certification required. Must be approved for German TESA. #dpost #cjobs #isdcj #cjpost #GDITRecruiter We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.
GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.