Job Description: The Cybersecurity Administrator will be responsible for implementing and maintaining the CMMC (Cybersecurity Maturity Model Certification) Level 3 for the enterprise. The Cybersecurity Administrator will assist and/or implement the Risk Management Framework (RMF) for applicable federal systems. The administrator will have an in-depth understanding and experience implementing the NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations, RMF, NIST SP 800-53 or the legacy DoD Information Assurance Certification and Accreditation Process (DIACAP). The Cybersecurity Administrator shall have experience in IA boundary defense techniques, various IA Commercial Off the Shelf (COTS), and Cloud products to support the enterprise’s system security objectives.
Duties and Responsibilities:
- Plan, develop, execute, test, and document controls for the CMMC L3 security framework requirements.
- Develop and enforce information security policy
- Perform IT Risk and security Assessments and assist with risk mitigation efforts
- Perform Supply Chain Risk Assessments on vendors and subcontractors
- Develop approaches to mitigate vulnerabilities, recommend changes to systems or system components as needed
- Facilitate an IT Business Continuity Plan
- Perform Information Systems (IS) audits
- Identify information protection needs for computing environment and network environment systems
- Complete System Security Plan (SSP)/Data Security Plan cybersecurity risk analysis
- Advise network. System and software engineers on results of the cybersecurity risk analysis
- Execute and support network security initiatives
- Conduct vulnerability scanning
- Ensuring patch compliance
- Support incident response and remediation efforts
- Participate in any audit activities, including but not limited to interviews, documentation requests, and artifact requests
- Review auditee responses and deliverables for appropriateness and assist with interpreting requests
- Perform reviews of Notice of Findings and Recommendations and assist management in responding
- Assist system support staff and ISSOs in creating the Mission Action Plan resulting from Notice of Findings and Recommendations
- Create, track and provide status updates to Plan of Action and Milestones (POA&M)
- Develop, update and maintain metric / KPI status reports on a designated schedule frequency for IT initiatives
- Respond to requests for clarification and information
- Oversee and provide technical guidance to Cybersecurity Analyst I
- Experience implementing controls to meet the requirements of NIST SP 800-171 or the NIST 800-37 (RMF).
- Experience with designing, and maintaining a System Security Plan (SSP)
- Experience performing security audits with and without specialized SIEM tools
- Experience with certifying compliance of information systems
- Current certification compatible with IAT Level III certification in accordance with DoD 8570.01, or ability to obtain within six months of hire
- Understanding of computer security and the ability to communicate clearly and succinctly in written and oral presentations.
- Working knowledge of a Vulnerability Management System.
- Experience with securing cloud-based security controls.
- Current ICS2 CISSP Certification
- Experience with developing and testing Incident Response Plan
- Mobile Device Management Administration
- Job Experience with Network Administration
- Job Experience with System Administration
- Experience with implementing or managing FedRAMP vendor products
- Familiarity with the DISA Enterprise Mission Assurance Support Service (eMASS) application as used to develop, manage and track IA artifacts.
- Experience in a classified environment
- Familiarity with preparation and execution of an Information Assurance Vulnerability Management (IAVM) Plan.
Education: A High School diploma or GED plus 12 years of experience or; an Associate’s Degree plus 8 years of experience or; a Bachelor’s Degree in Computer Science, Information Technology, Computer Information Systems or related field and 5 years of experience in field or related area or; a Master’s Degree in a related field and 2 years of experience in field or a related area. Active Industry Cybersecurity Certifications (ICS2, CompTIA, CISCO, Microsoft) may substitute for some years of experience depending on the certification.
EOE, including disability/vets: QED is an equal opportunity employer.
Security Clearance: This position requires US citizenship and will be subject to a security investigation, must meet the eligibility requirements to obtain, and maintain a security clearance issued by the US Government. In addition to the security clearance, this position may require an additional background screening for base access.
Please send resumes to Olivia Scott at email@example.com