Sr Cyber Security Technical Manager

Location
Falls Church, VA
Posted
May 19, 2017
Closes
Jun 07, 2017
Industry
Security
Hours
Full Time
GDIT has an opportunity for a Sr Cyber Security Technical Manager working with a large line of business within GDIT that is currently supporting multiple contracts for the government in the DC Metro area. We are seeking energetic, talented individuals that have a desire to help transform customer requirements supporting the mission critical IT service for the Pentagon Force Protection Agency (PFPA).

The Sr Cyber Security Technical Manager will lead the management of the PFPA Cyber Security team and serve an integral role in executing all Cyber Management activities for the PFPA organization. The position requires multi-tasking in a high demand, fast paced customer organization. The role includes both oversight and hands on execution of Cyber related actions and supporting system administration functions. The Senior Information Assurance Engineer Lead/ Manager will perform the following specific tasks:

  •  Lead oversight of Information Assurance Officer activities for all PFPA systems
  • Provide DIACAP and RMF support to systems in PFPA portfolio.
  • Update and communicate information systems security requirement compliance to NSO and IAM using VMS and other Government provided tools for all systems.
  • As required, provide technical input for DoD and IA related data calls for compliance or status verifications.
  • Produce and maintain system and configuration documentation required for Certification and Accreditation of enterprise enclave.
  • New Systems: Identify the security checks that must be applied, and how to transition to production. This includes identifying the appropriate STIGS, identifying the correct benchmark (ex: SCAP), running appropriate tools (SCAP, ACAS, HP Fortify, etc). Work with System Administrators and Stakeholders to ensure they know what needs to be accomplished to meet the security standards for the customer.
  • For existing systems: Support the regular scanning and review of systems.
  • Analyze the results, and provide recommendations and course of actions for correction to System Administrators and Stakeholders.
  • Provide reports of the findings that are used to measure performance against SLAs.
  • Coordinate the update, tracking and communication of POAMs
  • Reporting: Produce documentation, reports and maintain project schedules required to achieve or sustain IATO/ATO for supported systems.
  • Provide briefings and reporting metrics to customer to meet contractual requirements (In Progress Review/Monthly Reporting)
  • Oversee execution of monthly security compliance activities to include
  • Full vulnerability and STIG compliance audit scans
•     IAVM Scans

•     Unauthorized Software Scans

•     POAM Status Review

•     System Audit Logs review.

•     Inactive network accounts review

•     Implement changes in accordance with IA guidance based on the monthly security assessments.

·         SCC / SCAP tool

This is a hands-on role, with leadership of a 5 plus team. The ideal candidate is expected to be the "go to" person for answers with respect to information assurance. This person needs to know what needs to be done, or needs to know how to look up the right information to identify the appropriate security requirements. The ideal candidate is equally capable of running the scanning tools, researching policy, or briefing the customer and leadership.

Education  

 

Bachelors Degree in Computer Science or a related technical discipline, or the equivalent combination of education, professional training or work experience.

 

 

 

Qualifications 8-10 years of related experience in data security administration, including supervisory experience.

 

Key Personnel Requirements:

 

10 years of progressive demonstrated experience in Information Assurance/ Information Security, with a good working knowledge of both DoD and Federal Government Information Assurance/ Security policies and procedures;

•             5 years of demonstrated experience in a senior leadership engineering position;

•             Current DoD 8570.01- M IAM Level III certification;

•             Active or Current Top Secret security clearance adjudicated by DIA or DoD CAF (SCI or ability to obtain SCI)

•             Preference: Also have a Bachelor’s degree from an accredited college or university in Engineering, Science or Information Technology.

 Additional Qualifications:

 

Qualified candidates must possess a mix of :

1. Thorough understanding and practical experience of the DOD DITSCAP and DIACAP processes, knowledge and/or understanding of FISMA, OMB A-130, and NIST Special Publications, specifically: 800-37 (C&A Process), 800-18 (System Security Plans), 800-30 (Risk Assessment), 800-53 and 800-53a (Security Requirements), and FIPS 199 (Security Categorization).

2. Must be capable of producing high quality policy, system security plan, and C&A documentation requiring minimal edits. 3. Experience with DITSCAP/8500.2 IA controls required

4. Practical experience with ACAS use and administration

5. Practical experience with HBSS use and administration

 

Prior experience with all or most of the following is desired: 1. Performing Information Assurance for projects that involve designing, engineering, configuring, installing, testing, training, and documenting complex architectures and component configurations relating to routing/switching products and/or solutions. 2. Supporting the project team and customers. 3. Experience with vulnerability assessment tools (SCAP, HP Fortify, ACAS) 4. Feasibility analysis, technical case studies, and cost estimates. 5. Perform mentoring and training tasks for junior staff, peers and customers as required; transfer project knowledge to other team members and customers as required.

Knowledge or experience of the following tools is desired: - Enterprise Mission Assurance Support Service (eMASS) - Vulnerability Management System (VMS) - Security Content Automation Protocol (SCAP) - HP Fortify - ePolicy Orchestrator / HBSS

-RMF experience.

-AD and GPO knowledge and administration

Knowledge or experience and understanding of the following guidelines is desired: IA policies DOD Directive 8500.1, Information Assurance

• DoD Instruction 8500.2, Information Assurance (IA) Implementation

• Security Technical Implementation Guides (STIGs)

• Security Readiness Review Scripts (SRRs)

• Global Information Grid (GIG) IA Technical Framework

• DII Common Operating Environment (COE)

• CJCSM 6510.01B

• NIST Special Publication 800-53, “Security and Privacy Controls for Federal Information Systems and

• Strategic Command Directive (SD) 527-1

•     DoD Information Assurance Certification and Accreditation Policy (DIACAP), or other DoD accreditation directives/guidance/instructions

• NIST 800-37 Guide to Applying Risk Management Framework

• DoDI 8510.01 Risk management Framework

•  NIST 800-39 Managing Information Security Risk

•     IEEE 802.11 Wireless Standards Information systems security requirement include but are not limited to IAVAs, IVMs, vendor security patches, and Communication Task Orders (CTOs).

 

 



 

As a trusted systems integrator for more than 50 years, General Dynamics Information Technology provides information technology (IT), systems engineering, professional services and simulation and training to customers in the defense, federal civilian government, health, homeland security, intelligence, state and local government and commercial sectors.With approximately 32,000 professionals worldwide, the company delivers IT enterprise solutions, manages large-scale, mission-critical IT programs and provides mission support services.GDIT is an Equal Opportunity/Affirmative Action Employer - Minorities/Females/Protected Veterans/Individuals with Disabilities.