Security Assessment Lead NF5

Quantico, Virginia
Sep 13, 2019
Sep 19, 2019
IT, Security Engineer
Full Time


Marine Corps Community Services (MCCS) is looking for the best and brightest to join our Team! MCCS is a comprehensive program that supports and enhances the quality of life for Marines, their families, and others in the Marine Corps Community. We offer a team oriented environment comprised of military personnel, civilian employees, contractors and volunteers who keep the organization functioning smoothly and effectively.
Learn more about this agency


The Security Compliance Lead must be able to build awareness about the importance of security across the MCCS Enterprise. The Security Compliance Lead will serve within the Enterprise Information Technology (IT) Security Office. The position leads the assessment of projects and tasks for PCI Data Security Standard (PCI DSS) and FISMA compliance using National Institute of Standards and Technology (NIST) Standards through assessment and authorization (A&A) of all IT solutions, current, and future, within the MCCS worldwide area network. Ensures compliant reporting to PCI Security Standards Council (SSC) approved security companies including PCI DSS Reports on Compliance (ROC), Approved Scanning Vendor (ASV) Scan Reports, and PCI PA-DSS Reports of Validation (ROV). Coordinates and conducts cybersecurity (CY) audits to validate security risks mitigation and FISMA compliance. Develops enterprise level plans to validate FISMA compliance standards. The MCCS scope of IT projects for compliance efforts include, but are not limited to, Retail Business systems, Business Support systems, Field Command systems, and IT Infrastructure systems. Conducts research and coordinates with subject matter experts as needed to resolve complex security issues. Responsible for the development of validation protocols for all aspects of IT compliance acting as the internal auditing function for PCI and FISMA compliance. Conducts high-level presentations and briefings as required. Administers tools required for vulnerability scanning and assessment, and tools required to track progress as required. Develops and maintains key artifacts for security compliance management.

Performs the role of Information Systems Security Manager (ISSM) IAW HQMC C4 policy and procedures. Develops and maintains the security program that identifies architecture, requirements, objectives and policies, personnel and processes and procedures as they relate to NIST standards. Provides security oversight for MR and subordinate commands to include coordinating MR security measures, conducting analysis, periodic testing, evaluation, verification, accreditation, and review of information system installations at appropriate classification levels. As an ISSM, ensures that information ownership responsibilities are established for each information system to include accountability, access approvals, and special handling requirements. Ensures that development, review, endorsement, and maintenance of security compliance documentation is accomplished. Validates that documentation includes the System Security Plan(s) (SSP) for all MR applications, networks, and stand-alone systems. Maintains the appropriate level of personal training and certification required in accordance with DoD 8570. Develops, coordinates, and conducts security, CY, and compliance training as required.

Reports directly to the Manager, Security and Compliance. Performs security compliance efforts IAW the PCI, FISMA, NIST SP 800 series, FIPS series, DOD 8570 series and USMC related policies and procedures. Coordinates directly with Project Managers, customers, service providers, consultants and other USMC agencies for compliance requirements. Works directly and proactively with MCCS IT Security staff, Project Managers, IT Managers, and HQMC C4/CY to meet objectives and to ensure maximum effective use tools, techniques, and methodologies in proposing, developing, and implementing IT solutions. Liaises with designated HQMC C4 office staffs responsible for system CY and IT Portfolio management to ensure currency with compliance matters.

Supervises full time and contractor security personnel. Sets a high standard for collaboration within the team and across teams. Uses interpersonal skills to communicate clearly so that non-security experts can understand the importance of security and their roles in achieving and maintaining a secure enterprise. Motivates others through positive feedback and reinforcement. Ensures that team members all feel that they actively contribute to the success of the entire group. Promotes and demonstrates a flexible, "whatever it takes" attitude that allows the business to achieve its security goals. Supervises employees to include: assigning and distributing work, coaching, counseling, tutoring, and mentoring employees; approving and disapproving leave, recommending and completing personnel actions, completing performance reviews and signing timecards, and training employees. Must be alert to alcohol abuse, and take appropriate action.

Provides World Class Customer Service to internal and external customers.

Occasional travel to complete work assignments, conduct training or attend conferences and meetings. Performs other related duties as assigned.

This is a white-collar position where occasional lifting up to 20 lbs may be required.

Travel Required

25% or less - Varies

Supervisory status

Promotion Potential


Conditions of Employment

  • See Duties and Qualifications



Bachelors' Degree in Information Technology or Business related field appropriate to the work of position AND four years of experience performing specific tasks within hands-on security assessment, quality assurance, PCI DSS experience, or cybersecurity (CY): OR an appropriate combination of education and experience that demonstrates possession of knowledge and skill equivalent to that gained in the above, OR appropriate experience that demonstrates that the applicant has acquired the knowledge, skills, and abilities equivalent to that gained in the above.

Certification as an Information Systems Security Professional (CISSP) is required or equivalent level education and appropriate experience with DoD system security and information assurance (IA) policy and procedures.

As an authorized and privileged user of Department of Defense Information Systems must fulfill the requirement to complete Information Assurance awareness training as a condition of access within six months of employment, and must be completed annually thereafter.

Expertise in:
  • Vulnerability Assessments, Analysis, and Reporting
  • DISA Security Content Automation Protocol (SCAP) content and Security Technical Implementation Guides (STIGS) and respective tools - SCAP benchmarks, compliance checker, and STIG Viewer
  • Microsoft Excel
  • Written and verbal communication
  • Mastery of the principles, methods, or tools for developing, scheduling, coordinating, and managing projects and resources, including monitoring and inspecting costs, work, and contractor performance
  • Information security review, analysis, and evaluation methods, tools and techniques

Proficient in/Experience with:
  • Multiple Vulnerability Assessment tools - Examples: Tenable/ACAS, Qualys, Retina, Rapid 7
  • Malware and Virus prevention, detection, and remediation
  • System Administration Tools - Active Directory, Microsoft System Center Configuration Manager (SCCM)
  • Microsoft Project, Microsoft Visio, and Standard Query Language (SQL)
  • Policy, Procedure, and Guideline development
  • Risk Management Framework (RMF) phases, activities, tools, and resources
  • USMC/USN Validation activities
  • SharePoint technologies - Microsoft Office SharePoint Services (MOSS) 2007/2010/2013
  • BMC Remedy, BMC Atrium Discovery and Dependency Mapping (ADDM), and BMC Atrium Configuration Management Database (CMDB)
  • Greater than five years' experience in: all aspects of Information Assurance / Cyber Security, Information Security, and Network Security Programs for the USN and USMC; DIACAP, network defense, risk and compliance assessment, remediation, and mitigation; system and network engineering, administration, and security; physical security; forensic investigations; vulnerability scanning, analysis, remediation, and reporting; incident handling and response
  • Extensive experience in developing plans and schedules, estimating resource requirements, defining milestones and deliverables, monitoring activities, and evaluating and reporting accomplishments and deficiencies
  • Comprehensive technical and management reports on trends, issues, and potential problem areas in configuration management, architecture, and network security standards on existing or proposed interfaces with other computerized systems
  • Evaluating the security infrastructure for enterprise merchants or service providers
  • Managing IT projects for system assessment and authorization
  • Documenting security compliance related correspondence required by governing authorities and documenting instructions, guidance, and procedures to specified audiences
  • Managing projects to deliver infrastructure security solutions for a business enterprise
  • Measuring and reporting project performance and supporting project administration, logistics and operations to include analysis of project indicators and performance reporting

Broad Knowledge of:
  • Networking
  • System Administration - Windows and Unix/Linux platforms
  • Database Administration
  • Application Development
  • PCI Requirements
  • Project Management
  • Vulnerability Management
  • USN and/or USMC Certification and Accreditation tools - eMASS and MCCAST
  • Patch Management
  • Asset/Inventory Management
  • Incident Response
  • DoD 8500.01 and DoD 8510.01
  • National Institute of Technology Standards (NIST) publications
  • The financial industry and the lifecycle of payment card transactions

Serves as liaison for communication and response to task orders issued by Marine Forces Cyber Command (MARFORCYBER), HQMC C4, Marine Corps Installations Command (MCICOM), and Marine Corps Systems Command (MCSC) for all Information Technology and Cybersecurity initiatives. Must have the ability to successfully complete and obtain/maintain a favorable background investigation at the Tier 3 (ANACI) level for the review and response to SIPRNet Task Orders (TASKORD), Warning Orders (WARNORD), Fragmentary Orders (FRAGO), and Operational Directives (OPDIRS) for all Cybersecurity Incident Response tasks.

Must be able to obtain a Secret security clearance and must be able to maintain the required level of clearance while employed in the subject position.


Additional information

GENERAL INFORMATION: Applicants are assured of equal consideration regardless of race, age, color, religion, national origin, gender, GINA, political affiliation, membership or non-membership in an employee organization, marital status, physical handicap which has no bearing on the ability to perform the duties of the position. This agency provides reasonable accommodations to applicants with disabilities. If you need a reasonable accommodation for any part of the application and hiring process, please notify the agency. The decision on granting reasonable accommodation will be on a case-by-case basis.

It is Department of Navy (DON) policy to provide a workplace free of discrimination and retaliation. The DON No Fear Act policy link is provided for your review:

As part of the employment process, Human Resources Division may obtain a Criminal Record Check and/or an Investigative Consumer Report. Employment is contingent upon the successful completion of a National Agency Check and Inquiries (NACI). For all positions requiring access to firearms or ammunition, the Federal Government is prohibited from employing individuals in these positions who have ever been convicted of a misdemeanor crime of domestic violence, or a felony crime of domestic violence adjudged on or after 27 November 2002. Selectees for such positions must submit a completed DD Form 2760, Qualification to Possess Firearms or Ammunition, before a final job offer can be made.

Direct Deposit of total NET pay is mandatory as a condition of employment for all appointments to positions within MCCS.

Required Documents:

*Education/certification certificate(s), if applicable.

*If prior military, DD214 Member Copy

This activity is a Drug-free workplace. The use of illegal drugs by NAF employees, whether on or off duty, cannot and will not be tolerated. Federal employees have a right to a safe and secure workplace, and Marines, sailors, and their family members have a right to a reliable and productive Federal workforce.

Involuntarily separated members of the armed forces and eligible family members applying through the Transition Assistance Program must submit a written request/statement (may be obtained from the MCCS Human Resources Office) and present ID card with "TA" stamped in red on front of card.



How You Will Be Evaluated

You will be evaluated for this job based on how well you meet the qualifications above.

Your application/resume and supporting documentation will be used to determine whether you meet the job qualifications listed on this announcement. This vacancy will be filled by the best qualified applicant as determined by the selecting official.

Background checks and security clearance

Security clearance
Not Required

Drug test required

Required Documents


If you are relying on your education to meet qualification requirements:

Education must be accredited by an accrediting institution recognized by the U.S. Department of Education in order for it to be credited towards qualifications. Therefore, provide only the attendance and/or degrees from schools accredited by accrediting institutions recognized by the U.S. Department of Education .

Failure to provide all of the required information as stated in this vacancy announcement may result in an ineligible rating or may affect the overall rating.

Similar jobs