Risk Management Support Task Lead
Overview: Evolver is seeking a Risk Management Support Task Lead to join a new Program to support the United States Department of Defense (DoD). The Risk Management Support Task Lead will be part of a multi-functional team supporting the Sr. Information Security Officer (SISO) in support of the DoD.The Risk Management Support Task Lead will manage on-site deliverables, coordinating with the Government functional lead for method of delivery and Government requirements. Risk Management Support Task Lead shall provide Risk Management support for the DoD in implementing and conducting operations for all phases of the DoD Risk Management Program (DoDI 8510) and NIST 800-37 Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy, revision 2, either on-site or virtually dispersed across the United States and within the DoDs Commercial Cloud environment, during normal duty hours. Risk management activities shall encompass processes, procedures, and technical operations enabling the DoD to frame risk, ie, establish the context for risk-based decisions; assess risk; respond to risk once determined; and monitor risk on an ongoing basis using effective organizational communications and a feedback loop for continuous improvement in the risk-related activities of the organization. Responsibilities: In support of these objectives, the Risk Management Support Task Lead shall support cyber security operations, which include, but are not limited to: Information Systems Security Engineering (ISSE) servicesRisk assessment development and supportAuthorization supportSecurity configuration and vulnerability management supportSoftware assurance supportSecurity testing and auditing of security controlsThis contract provides cyber security services to the DoD. The contractor shall perform all work IAW the below:All applicable laws, eg Clinger Cohen Act (CCA); regulations, and national standards, eg,NISTDoD Defense Information Systems Agency (DISA)Chairman of the Joint Chiefs of Staff (CJCS)Committee on National Security Systems (CNSS)National Security Agency (NSA)Joint Forces Headquarters DoD Information Network (JFHQ DoDIN)United States Cyber Command (USCYBERCOM)USTRANSCOM standards and instructionsBest Development Security Operations (DevSecOps) practices as appropriateThe Risk Management Support Task Lead shall maintain continuous situational awareness over the Evaluators Scoring Metrics (ESM) applicable to assigned PWS tasks. Reference ESM as specified in DoD O-8530.1-M, Department of Defense Computer Network Defense (CND) Service Provider Certification and Accreditation Program. The Task Lead shall coordinate with the Program Management Government functional to determine if an Authorizing Official (AO) has previously approved the specified system for operation on a DoD or Federal network (reciprocity). If prior test results exist, the Task Lead shall obtain and analyze the previous results for completeness and applicability to the DoDs target environments. Qualifications: Knowledge:Understand network and host-based security devices (eg, Intrusion Prevention Systems [IPS], Intrusion Detection Systems [IDS], firewall, proxy servers, sensors, switches, routers, hubs) and their role in moving packets securely from source to destination.Understanding of security requirements, testing, assessment and validation procedures, and best practices applicable to physical, virtual, and cloud (Infrastructure as a Service [IaaS], Platform as a Service [PaaS], Software as a Service [SaaS]) based environments.Knowledge of information security technologies (eg, cryptography, biometrics, forensic analysis, vulnerability assessment, Security Information and Event Management [SIEM]).Understanding of Federal and DoD computer security policies, eg, Security Technical Implementation Guides (STIGs)/Security Requirements Guides (SRGs), Electronic Communications, Privacy Act, Health Insurance Portability and Accountability Act (HIPAA), Federal Information Security Management/Modernization Act (FISMA), and Digital Millennium Act.Thorough understanding of NIST Special Publications (SP), and commercial best practices. Desired knowledge of applicable DoD, JFHQ DoDIN, USCYBERCOM, and USTRANSCOM security guidelines and best practices.Thorough understanding of DoD policies applicable to implementation of the DoD RMF.Working knowledge of ISO 27001, 27002.Qualifications:Active Secret clearance Bachelors Degree in related field preferredA minimum of 3 years experience performing RMF A assessments for an enterprise network; analyzing vulnerabilities and providing assessments and remediation instructions;Familiar with FISMA compliance Training and Certifications (required and desired): CISM, CISSP, GSLC or CCISO requiredISC2 Certified Authorization Professional (CAP) certification preferred EOE Statement: At CSS, we foster teamwork, growth, individuality and entrepreneurialism. We value employee opinions and encourage them to make a difference by getting involved and being thought-leaders. As a part of the CSS team, we actively promote a working and learning environment that supports a highly qualified workforce and a quality of work life that is based on trust and respect for all employees resulting in a healthy and trusting organizational culture.CSS is an Equal Opportunity Employer (EOE). Qualified applicants are considered for employment without regard to race, color, religion, age, sex, national origin, disability or veteran status, genetics, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.