Cybersecurity SME jobs in United States
cer-icon
Apply on Employer Site
company-logo

Chenega Corporation · 7 hours ago

Cybersecurity SME

positionAlexandria, VA, US
timeFull-time
remoteOnsite
senioritySenior Level
date5+ years exp

Chenega Corporation is seeking a Cybersecurity SME to enhance their team within the IT Enterprise Services division. The role involves providing expert guidance and technical leadership in cybersecurity, managing incident response, and ensuring compliance with security standards for government operations.

Information Technology
badNo H1BnoteSecurity Clearance RequirednoteU.S. Citizen Onlynote

Responsibilities

Report on and perform Continuous Monitoring on all AGC-supported systems and networks; identify, mitigate, and resolve cybersecurity incident issues and concerns
Develop guidelines/plans, analyses, reviews, and mitigations in the areas of security incident response and mitigation strategies, vulnerability scanning, writing security assessments, and other cybersecurity-related activities and mandates
Respond to all cybersecurity notices as directed by the Cyber Security Service Provider (CSSP) and pertinent service providers, take action to comply with security notices, and record compliance
Provide technical support, including documentation, to enable required AGC systems to meet the requirements of receiving an Authority to Operate (ATO) accreditation decision via the Department of Defense (DoD) Risk Management Framework (RMF)
Support operational cybersecurity activities, including vulnerability scanning, IAVM compliance, STIG and SRG application, assessment, and remediation, and POA&Ms
Support cybersecurity governance, risk, and compliance by providing plans, policies, and procedures relevant to AGC’s systems, applications, and networks, including AGC GovCloud (L2/L4), and other accredited systems/applications
Manage accreditation and continuously monitor activities, as well as the vulnerability management and incident response functions for all supported systems and networks
Support operational cybersecurity activities, including vulnerability scanning, IAVM compliance, STIG and SRG application, assessment, and remediation, and POA&M
Support cybersecurity governance, risk, and compliance by providing plans, policies, and procedures relevant to AGC’s systems, applications, and networks, including AGGC-R Cloud and/or AGC Army AWS Cloud, C2IE, OHASIS
Maintains AGC’s Tenant Security Plans (TSP) for SIPR and NIPR, Authority to Operate (ATO) for JWICS and Interim Authority to Test (IATT), Approval to Connect (ATC), and any other documentation necessary to support AGC’s network connections and mission systems
Manage the eMASS records for AGC’s mission systems and enclaves, create and track POA&Ms, track IAVM and STIG compliance, and manage eMASS artifacts necessary to support evidence for applicable security controls
Support RMF activities, including categorization of systems IAW NIST SP 800-60, selection of security controls IAW CNSSI 1253 and NIST SP 800-53, assessment of security controls IAW NIST SP 800-53A, development and implementation of Continuous Monitoring Plans IAW NIST SP800-137, STIG Traceability Matrix, hardware/software/firmware list, and System Security Plan (SSP)
Participate in the configuration process (CM) through representation on the Technical Review Board (TRB) and Configuration Control Board (CCB) and provide a security impact assessment for changes submitted through Request for Change (RFCs)
Responsible for the continuous monitoring of AGC’s systems, applications, and networks
Configure vulnerability scanning, analyze results, and close or mitigate findings
Organize the assessment of AGC GISO IT assets using applicable STIGs, SRGs, and/or vendor supply hardening guidelines
Responsible for configuring AGC GISO IT assets for vulnerability scanning and ensuring 100% coverage using credentialed scans
Coordinate with RNEC-NCR, C5ISR, GISA, and other Army enterprise service providers, as necessary, to ensure vulnerability assessment tools are in place and working properly
Analyze vulnerability scan results and resolve open findings for findings that cannot be closed, create a POA&M, and recommend mitigation(s) to lessen the impact of the vulnerability; submit Operational Impact Statements (OIS) for Critical and High IAVAs
Create a POA&M and recommend mitigation(s) to lessen the impact of the vulnerability IAW with ARCYBER OPORD 2016-129, submit Operational Impact Statements (OIS) for Critical and High IAVAs
Support response procedures for cybersecurity incidents, like breaches, spills, and insider threat actions
In coordination with the ISSM and IA Officer, all cybersecurity documentation required for accreditation for AGC’s GISO assets, including but not limited to: architecture diagrams, boundary diagrams, data flow diagrams, ports, protocols, service exception requests, PKI certifications, IA metrics, and Privacy Impact Assessments (PIA) in the requisite cybersecurity document repository
Identify, mitigate, and resolve cybersecurity incident issues and concerns
Develop guidelines/plans, analyses, reviews, and mitigations in the areas of security incident response and mitigation strategies, vulnerability scanning, writing security assessments, and other cybersecurity-related activities and mandates
Provide technical support, including documentation, to enable AGC systems to meet the requirements of receiving an Authority to Operate (ATO) accreditation decision via the Department of Defense (DoD) Risk Management Framework (RMF)
Provide input to the weekly and monthly status report covering technical activities for this functional area, including priorities, tasks, accreditation due dates and schedules, POA&M status, metrics, continuous monitoring tasks, etc
Other duties as assigned

Qualification

DoD Risk Management FrameworkVulnerability ScanningSecurity Controls AssessmentContinuous MonitoringCybersecurity Incident ResponseEMASSNIST SP 800-53AWS Security ToolsSecurity Requirements TraceabilityTeam LeadershipTechnical DocumentationCommunication SkillsProblem SolvingCollaboration

Required

Active TS/SCI clearance required
DoD 8570.01-M IAM II required

Preferred

BA/BS degree preferred
Master's degree or higher preferred
5+ years of relevant experience with DoD in an IA/Cybersecurity role preferred
IASE III certifications preferred

Benefits

Opportunities to help sharpen skills
Well-being programs
Flexibility to make daily choices that can help them be healthy, centered, confident, and aware

Company

Chenega Corporation

twittertwitter
Glassdoor3.6
company-logo
As the most successful Alaska Native village corporation, Chenega figures prominently in the diverse government services contracting marketplace supporting defense, intelligence, and federal civilian customers.
dateFounded in 1974
location
Anchorage, Alaska, USA
people-size5001-10000 employees
web-link
https://www.chenega.com/

Funding

Current Stage
Late Stage

Leadership Team

leader-logo
Robb Milne
CFO
linkedin
leader-logo
Chris Andersen
Chief Development Officer, Military, Intel and Operations Support Strategic Business Unit
linkedin
Company data provided by crunchbase