Cybersecurity Support Specialist - Marathon TS
Norfolk, VA
About the Job
Cybersecurity Support Specialist
Norfolk VA (Onsite)
Marathon TS is seeking a Cybersecurity Support Specialist (RMF) to a DoD Client out of Norfolk VA. The Cybersecurity Support Specialist will assist the Information Systems Security Manager (ISSM) in the development, review, endorsement and maintenance of cyber security certifications and accreditations.
Our company offers employees the opportunity to join a team where there is a robust employee benefits program, management engagement, quality leadership, an atmosphere of teamwork, recognition for performance, and promotion opportunities. We actively strive to channel our highly engaged employee's knowledge, critical thinking, innovative solutions for our clients.
Duties and Responsibilities:
Minimum Qualifications: (To perform this job successfully, an individual must be able to perform each essential duty satisfactorily.)
Knowledge, Skills and Abilities:
Work Environment: (The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job.)
Marathon TS is committed to the development of a creative, diverse and inclusive work environment. In order to provide equal employment and advancement opportunities to all individuals, employment decisions at Marathon TS will be based on merit, qualifications, and abilities. Marathon TS does not discriminate against any person because of race, color, creed, religion, sex, national origin, disability, age or any other characteristic protected by law (referred to as "protected status ").
Norfolk VA (Onsite)
Marathon TS is seeking a Cybersecurity Support Specialist (RMF) to a DoD Client out of Norfolk VA. The Cybersecurity Support Specialist will assist the Information Systems Security Manager (ISSM) in the development, review, endorsement and maintenance of cyber security certifications and accreditations.
Our company offers employees the opportunity to join a team where there is a robust employee benefits program, management engagement, quality leadership, an atmosphere of teamwork, recognition for performance, and promotion opportunities. We actively strive to channel our highly engaged employee's knowledge, critical thinking, innovative solutions for our clients.
Duties and Responsibilities:
- Assist the Information Systems Security Manager (ISSM) in the development, review, endorsement and maintenance of cybersecurity certifications and accreditations.
- Act as the Information System Security Engineer (ISSE) by providing technical support for the Risk Management Framework (RMF) Assessment and Authorization (A&A) process.
- Create, maintain, review, and update all RMF and A&A documentation to ensure relevancy and alignment with the Government mission assets to include required revisions and updates in Enterprise Mission Assurance Support Service (eMASS).
- Maintain and report on the status of all outstanding A&A items and supporting documentation.
- Inventory and documentation of hardware/software/firmware within assessment boundary.
- Develop Continuous Monitoring Strategy.
- Identify and tailor the security control baseline with applicable overlays within eMASS and ensure all required security controls are implemented and eMASS artifacts uploaded..
- Assist the ISSM/ ISSO in the development or modification of the hardware/software/firmware list, Security Assessment Plan (SAP), and eMASS POA&M
- Ensure ACAS automated vulnerability scans are completed on all assets with-in assessment boundary and establish hardened baseline configuration with consistent, repeatable successful results.
- Ensure system(s) are DISA STIG compliant - through audits, SCAP scripts, and manual checks.
- Ensure data entered into the eMASS record and POA&M is consistent with implementation results.
- Detail all relevant mitigation and remediation activities to vulnerabilities noted on the RMF POA&M through the Change Management Process.
- Ensure all RMF documentation is updated based on change and vulnerability management efforts.
- Perform continuous security reviews of RMF Security Controls (per approved continuous monitoring strategy).
- Support the development of the Plan of Action and Milestones (POA&M) and the development and update of the Security Authorization Package (SAP).
- Assemble all required documentation as outlined by the ISSM for the RMF packages.
- Assess security controls, Security Technical Implementation Guides (STIGs), and Assured
- Compliance Assessment Solution (ACAS) scans in accordance with governing policies for servers, networking equipment, workstations, etc.
- Process, maintain compliance, and verify completion of ACAS, STIG, and SCAP files, report any open findings or vulnerabilities to the program, propose and implement mitigations as required and construct necessary POA&M when required.
- Maintain cyber security compliance for all OPTEVFOR systems using Vulnerability Remediation Asset Manager (VRAM) and Assured Compliance Assessment Solution (ACAS) by running daily ACAS vulnerability reports, updating ACAS plug-ins daily, and uploading ACAS reports to VRAM.
- Assist with vulnerability mitigation, remediation, and troubleshooting of assets.
- Administer the ACAS server, by applying updates to the ACAS application and Linux operating system as required and by configuring as per the DISA Best Practice Guide (BPG).
- Create, review, and update Cybersecurity Standard Operations Procedures (SOPs) and policies as required.
- Administer and monitor Host Based Security System (HBSS) servers to maintain optimum operating status and install required server and client updates to HBSS components within mandated time-lines.
- Make approved policy changes to HBSS configuration when required.
- Provide a weekly status report which contains the progress of work on assigned tasks and future work plans for the upcoming week.
- Other duties as assigned.
Minimum Qualifications: (To perform this job successfully, an individual must be able to perform each essential duty satisfactorily.)
- Must have the proper and current cyber security qualifications to perform IT privileged administrative functions in accordance with the DoD Cyberspace Workforce Framework (DCWF) and the DoDM 8140.03, CYBERSPACE WORKFORCE QUALIFICATION AND MANAGEMENT PROGRAM.
- The Contractor shall meet the applicable DCWF Work Role [722] Foundation Qualifications, Intermediate which include:
- Education: Associate degree or higher from an accredited college or university. When used to satisfy the foundational portion of qualification, the degree must be conferred within the past 5 years by an institution of higher education that is accredited by a nationally-recognized accreditor, unless continuous work in the relevant discipline can be demonstrated; OR
- Training: Offerings listed in DoD 8140 Training Repository (https://dl.cyber.mil/cwmp/xls/DoD_8140_Cyberspace_Training_Repository.xlsx); OR
- Personnel Certification: (ISC)2 CERTIFIED AUTHORIZIATION PROFESSIONAL or COMPTIA ADVANCED SECURITY PRACTITIONER or EC-Council Certified Chief Information Security Officer (CCISO) or (ISC)2 CERTIFIED CLOUD SECURITY PROFESSIONAL (CCSP) or ISACA Certified Information Security Manager (CISM) or (ISC)2 Certified Information Systems Security Professional (CISSP) or CompTIA Cloud+ or (ISC)2 SYSTEMS SECURITY CERTIFIED PRACTITIONER (SSCP).
- Active Secret security clearance.
Knowledge, Skills and Abilities:
- Excellent written and oral communication skill
- Physical Demands: (The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.)
- While performing the duties of this Job, the employee is regularly required to sit and talk or hear. The employee may use repeated motions that include the arms, wrists, hands and/or fingers. The employee is occasionally required to walk, stand, climb, balance, stoop, kneel, crouch, or crawl. The employee must occasionally lift and/or move up to 25 pounds. Specific vision abilities required by this job include close vision.
Work Environment: (The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job.)
- The employee will normally work in a temperature-controlled office environment, with frequent exposure to electronic office equipment.
- During visits to areas of operations, may be exposed to extreme cold or hot weather conditions. Is occasionally exposed to fumes or airborne particles, toxic or caustic chemicals, and loud noise.
Marathon TS is committed to the development of a creative, diverse and inclusive work environment. In order to provide equal employment and advancement opportunities to all individuals, employment decisions at Marathon TS will be based on merit, qualifications, and abilities. Marathon TS does not discriminate against any person because of race, color, creed, religion, sex, national origin, disability, age or any other characteristic protected by law (referred to as "protected status ").
Source : Marathon TS