Specialist, Information System Security III

Job Description:

This position support US Navy ships and ship systems.  The following are the position responsibilities:

• Support cybersecurity efforts and development of Risk Management Framework (RMF) packages for shipboard and landbased systems.
• Support tasking related to this includes Information Assurance Vulnerability Management (IAVM) of Zone D, non-shipboard, Information Technology (IT) systems, providing Assured Compliance Assessment Solution (ACAS) scanning, implement Security Technical Implementation Guide (STIG) configuration recommendations, conduct Security Content Automation Protocol (SCAP) scanning and implement Security Requirement Guides (SRG) results.
• Support tasking includes development of the artifacts (policies and procedures) that support compliance of 18 NIST Security Control Families such as: Information System Continuous Monitoring Plan (ISCM); Configuration Management Plan (update IAW NIST CM Security Controls); Security Design Document (details security attributes, security architecture, risk-based processes); Memorandums of Agreement (MOAs); Technical Manuals (Update IAW applicable NIST security controls); Program Protection Plan (Update if applicable); Security Assessment Plan (SAP); Security Assessment Report (SAR); Platform IT (PIT) determination; and Standard Operating Procedures (SOPs) 
• Support development, security, and operations for shipboard and land based auxiliary and fluid control systems. 
• Support designing and developing organizational information systems or upgrading legacy systems, employing best practices when implementing security controls within an auxiliary and fluid control system including software engineering methodologies, system/security engineering principles, secure design, secure architecture, and secure coding techniques 
• Review and validate RMF packages for Authority to operate or assess only approvals. Contractor shall abide by the Navy Certification Agent Qualification standards and registration guidebook when performing validation activities. 

Required Skills and/or Experience:

• Target Experience: Greater than five (5)* years practical experience in a Cybersecurity, Engineering, T&E or A&A (formerly C&A) related field.
• Have worked with Information Assurance tools such as DISA Enterprise Mission Assurance Support Service (eMASS), Assured Compliance Assessment Solution (ACAS) and may be required to hold a Full Security Control Assessor qualification. [ *Without college degree, greater than seven (7) years required.]

Degree Requirements:

• Target Education: College degree in a technical or managerial related discipline
• A high school diploma or HS equivalency certificate is acceptable with additional years of experience 

• Must be a US Citizen