Cybersecurity Lead

Responsibilities

• Deliver Post Deployment Software Support (PDSS) with the subject expertise, knowledge, skills, and abilities to execute all software development life cycle (SDLC) activities to sustain and/or enhance the program managed IT solutions, including maintain and enhance Master Data Repository (MDR), Asset Enterprise Management Information Tool (AEMIT), Life Cycle Modeling Integrator – Portal (LCMI-P), Master Scheduling Support Tool (MSST) and Secondary Repairable Total Allowance Recomputation Tool (START).
• Utilize Remedy to manage all application requirements and requests for changes (RFCs). MARCORLOGCOM will provide Remedy access after contractors complete MarineNet training courses required for obtaining access.
• Document a level of effort (LOE) to complete the Remedy work order prior to beginning work.
• Test changes in the developer’s local environment before pushing to Government provided development environment (referred to as “user acceptance testing” (UAT) environment).
• Test changes in UAT environment before notifying the Government Lead.
• Promote code changes live at a time/day approved by the Government Lead.
• Evaluate the production environment, to ensure all changes were successfully deployed and submit the results to the Government Lead.
• Provide expert technical consulting and analyst support necessary to document, design, and implement required changes.
• Provide skilled technical onsite daily support for Manpower applications and troubleshooting expertise in Oracle Database, Oracle Application Server, Web Logic, Web Center, Java, Angular, and SQL technologies.
• Deliver configuration management, version control and bug tracking of all source code, servers, web applications, architectures, and their associated configurations within each System and application.
• Ensure that systems are maintained in accordance with appropriate Department of Defense (DoD) directives, policies, and guidelines.
• Provide support services to accomplish the necessary IA activities to maintain an Authority to Operate (ATO) for MDR (RMF-197), LCMI-P (RMF-199), AEMIT (RMF201), and MSST (RMF-202)
• Provide continuous IA compliance and project status tracking.
• Develop and maintain the Defense Information Assurance Risk Management Framework (DIARMF) in accordance with National Institute of Standards and Technology requirements.
• Conduct Information Systems Continuous Monitoring (ISCM) planning and implementation.
• Maintain internal IA Policy and Standard Operating Procedures (SOP) and revaluate annually.
• Conduct IS environment cyber security assessments as required by DoD policy and regulations.
• Provide and maintain Risk Analysis and Management.
• Provide Security Architecture, Design, and Engineering upon implementing new systems or applications and modification to existing systems or applications to maintain current accreditation status.
• Obtain and maintain Certification and Accreditation (C&A), Assessment and Authorization (A&A), and Validation for all required ATO’s.
• Conduct Information Assurance Vulnerability Management (IAVM).
• Assist in Security Incident Response (IR) Planning and Execution.
• Monitor and control performance and Information Security/Information Assurance compliance as determined by the program’s Information Security System Manager.
• Provide support with Marine Corps Certified Application (MCCA), Operational Directives, Marine Corps Directives (MCD), Marine Forces Cyberspace Command (MFCC) direction, Cyber Protection Team (CPT) support, Assured Compliance Assessment Solution (ACAS) support and McAfee HBSS/epos services.
• Ensure databases are backed up daily; ensure all back-ups are current, secure, and available.
• Provide security administration, auditing, and disaster recovery support. Databases will be compliant with current cyber security guidelines as set forth in Security Technical Implementation Guidelines (STIG) and vendor and/or DoD vulnerability patches and alerts.
• Ensure databases are maintained in accordance with DoD Directives (See Appendix A and B) and other superseding guidance as directed by the COR.
• Provide support for all six stages of SDLC: requirement determination/validation, analysis, solution design, solution development, system test and implementation/sustainment. Documentation and system evaluation are also required. 
• Provide support to sustain and enhance extract, transform, and load (ETL).
• Create, modify, and sustain of all interfaces. 
• Ensure MDR Production and ODBC databases are identical, unless otherwise approved by the Government.
• Perform MDR database loads daily.
• Troubleshoot and resolve daily load errors.
• Submit Oracle SRs as required to solve errors.
• Provide expert technical advice in leveraging cloud native database technologies to ensure effective and efficient cloud operation.

Qualifications

• Active DoD Secret Clearance required.
• Bachelor’s degree in computer science, or other relevant degree.
• 10+ years USMC Risk Management Framework experience
• Certified Information Systems Security Professional (CISSP) or equivalent DoD 8570 certification.
• Information Systems Security Certification Consortium (ISC)2.
• DISA Host Based Security System Admin.
• DISA Host Based Security System Advanced.
• DISA Assured Compliance Assessment Solution.