Cyber Security Specialist

Overview

Abacus Technology is seeking a Cyber Security Specialist to provide technical support for the US Air Force Office of Special Investigations (AFOSI) in Quantico. This is a full-time position.

Responsibilities

• Assist in building, coordinating, maintaining, changing, and updating, the RMF A&A packages for the five enclaves administered by AFOSI.
  • Implement security controls and assist AFOSI customers with the implementation of controls.
  • Continuously monitor control compliance and remediate or POA&M systems as required.
  • Collaborate with enterprise operations and development teams to ensure the infrastructure and application are configured within DoD requirements.
• Develop and maintain System Security Documents in accordance with the RMF Process to include policies, plans and procedures.
• Ensure that all application deliverables and systems comply with applicable DISA STIGs or Security Requirements Guidance.
• Assist in maintaining and updating HQ's AFOSI Governance, Risk and Compliance (GRC) application for assessing/managing risk, and authorizations for all AFOSI data networks.
• Implement security controls and assist AFOSI customers with the implementation of controls. Continuously monitor control compliance and take immediate actions to bring systems into compliance.
• Audit security log information using Splunk Enterprise, track firewall rule activity to create security baselines, and create alerts and reports.
• Utilize the ACAS vulnerability scanning suite to identify configuration problems and missing patches.
• Track and analyze Plan of Action & Milestones (POA&Ms) reports to conduct risks assessments.
• Assist in the review of current Cyber Operational Readiness Assessment (CORA) requirements and ensure systems and their operations are compliant.

Qualifications

5 years experience in cyber security and information assurance with at least 3 years of experience in systems administration for server and infrastructure support.  Bachelor’s degree in a related field desired.  Must be certified at IAT Level III (e.g., CASP+ CE/SecurityX, CISA, CCNP Security, CISSP, or equivalent certification satisfying DoD 8570/8140 certification requirements).  Experience with RMF, STIGs, GRC, PPSM, event log audit.  Working knowledge of firewall functionality.  Knowledge of analyzing the result of a security risk assessment.  Experience with the RMF steps to include categorization, security control selection, implementation plan development, assessment, and continuous monitoring.  Knowledge of the Information Assurance Vulnerability Management (IAVM) process and Common Vulnerabilities and Exposures (CVE) framework.  Experience with PowerShell scripting to automate repetitive tasks and gather security information.  Experience creating, reviewing, and revising security documentation and artifacts.  Experience with Vulnerability Management tools, such as ACAS, including the ability to read and analyze automated vulnerability reports.  Experience with Fortify Static Code analyzer, or another code scanner, desired.  Experience with security information and event management (SIEM) software, such as Splunk or ArcSight.  Must possess analytical skills to troubleshoot cybersecurity issues and the ability to conceptualize server infrastructures and configurations.  Experience with Asset Management software, such as Lansweeper or SolarWinds desired.  Experience configuring and troubleshooting firewalls, and using protocol analyzers desired.  Experience participating in cyber security inspections and in Computer Network Defense (CND) actions such as incident response desired.  Experience with DoD IT environment and networks.  Must have strong communication skills and be able to work comfortably with all levels of an organization.  Must be a US citizen and hold a current Top Secret clearance with SCI access (TS/SCI).

Applicants selected will be subject to a U.S. government security investigation and must meet eligibility requirements for access to classified information.

EOE/M/F/Vet/Disabled