The Cyber Security Architect for position is responsible for the creation, consultation, and ongoing assessment and authorization (A&A) documentation in compliance with Federal Cybersecurity policies and guidelines including DoD 8500, FISMA, and NIST 800-53 controls. Additionally, the Cyber Security Architect will evaluate information assurance compliance and coordinate program security documentation for various Federal customers.
The Cyber RMF Architect is an industry recognized thought leader that has mastered multiple NIST/RMF practices. Provides insight and expertise on key solutions to best position CDWG's approach, preparation, and delivery of new and emerging solutions.
- Serves as a subject matter expert to advise for RMF packages, strategies, and technical components to ensure compliance of NIST 800-53 security controls.
- Serves in a technical leadership role that includes consulting on systems and their plans, design, development, implementation of projects focused on Cyber Security.
- Perform Certification & Accreditation (C&A), System Assessment & Authorization (SA&A) as part of NIST SP 800 Risk Management Framework (RMF) system and application accreditation
- Prepare Vulnerability Scanning test plans, coordinate testing, and conduct scans using Nessus, Foundstone, WebInspect, Hailstorm and other scan applications
- Analyze vulnerability scan results for validation and root cause
- Perform security system event analysis, investigation, and validation
- Provide incident response to classification spills, malware infection, misconfiguration exposure, internal inappropriate behavior and technical issue
- Perform Independent Security Assessment and Reporting (ISAR) as part of application System Development Lifecycle (SDLC)
- Participate in Lifecycle Management (LCM) Technical Change Control Boards (TCCB) providing technical guidance for security control compliance
- Participate in Security Architecture Review Boards as part of security system Operations & Management (O&M) sustainment and architecture enhancement
- Task, track and mitigate Plan of Action & Milestones (POA&M) vulnerability scan and security assessment findings requiring mitigation.
- Privileged User Account Management and Role Based Access assignment
- Privacy Threshold Assessment (PTA) and Privacy Impact Assessment (PIA) as part of Personal Identifiable Information (PII) Management
- Develop security artifacts to support the IA program to include System Security Plans (SSP), Security Assessment Reports (SAR), Risk Assessment Reports (RAR), Security Control Traceability Matrix (SCTM), Plan of Action and Milestones (POA&M), System Design and Installation Procedures, System User Guides, Privileged User Guides, Security Test Procedures and other documents as needed.
- Support systems through all steps of RMF and enable Gov Client to achieve and or maintain authorities.
- Review vulnerability scan results at the operating system (OS) and application level and work with stakeholders to architect and implement mitigations.
- Promotes a culture of knowledge sharing and collaboration by organizing knowledge bases, contributing regularly, and encouraging team members to contribute.
- Coaches and mentors team members to improve their technical, consulting, and sales skills.
- Conducts technical assessment and expertise evaluations for candidate selection process.
- Advises team members and sales prior to customer calls and/or sales strategy session on Course of Action (COA) decisions among competing technologies and solutions
- Regularly creates forward-thinking thought leadership deliverables (e.g., external monthly blog posts, internal technical strategy documents); provides insight into emerging technical trends affecting CDWG’s portfolio; regularly contributes to major industry publications and/or speaks at national conferences
- Manages competing priorities and sets expectations with sales and other stakeholders through proactive communication, planning, and potential for return on investment.
- Leads the development of Bills of Materials, Statements of Work, RPFs, RFIs, and proposal content for cross-technology solutions with high levels of accuracy and quality.
- Bachelor’s degree in Computer Science, a related technical degree or equivalent years of relevant military service
- 8 years of Information Assurance/Cyber experience
- 8 years of Federal and/or DoD experience
- DoD/OPM Secret or Top-Secret Clearance w/ SCI eligibility
- DoD 8570 level II IAT Level III (example: CISSP or equivalent).
- Familiarity with Defense Information Systems Agency (DISA) Secure Technical Implementation Guidelines (STIGs)
- Experience with remediating identified Information Assurance Vulnerability Alerts (IAVAs) within DoD systems
- Strong organizational skills and excellent attention to details.
- Abilities to work independently and to manage time effectively.
- Effective communication skills with an appreciation for the appropriate ways to interact with managers, coworkers, customers and vendors
- Willing to travel, 25% - 50% between the Los Angeles area and Washington, DC
- Contractor/1099 based role, POP 6 – 12 months
- Ability to work off hours as necessary to meet clients' needs
- Desirable: Security+, CEH, Linux+, AWS Certs, Redhat
- Proven implementation and maintenance experience with Splunk and Elastic
- Knowledge of compliance standards for the organization to include NIST 800-53 controls, RMF, 800-53, FEDRAMP, agency specific requirements and emerging IC/DoD polices for Cyber Security with a particular focus on Cross Domain Solutions