Enterprise Cyber Operations Support - Cyber Compliance Officer
THIS POSITION ALLOWS FOR UP TO 2 DAYS REMOTE WORK A WEEKGuard Enterprise Cyber Operations Support (GECOS) - Cyber Compliance OfficerGDIT has an opening for a Cyber Compliance Officer position supporting the Army National Guard (ARNG) in Falls Church, VA.
This is an IT Service Management contract in support of the operation, modernization, expansion, and further evolution of the ARNG's global Information Technology (IT) services including networking, compute, storage, infrastructure, applications, hosting, and program management services.
The GECOS program supports the ARNG enterprise IT infrastructure, its Wide Area Network (WAN), authentication and directory services, cybersecurity, application hosting, and associated services.
GECOS uses ITIL best practices framework as the basis for IT Service Management (ITSM) model.
The work includes the following:
Operating the DoDIN-Army (National Guard) (DoDIN-A(NG) and DoDIN-A(NG)-Secret (S) networks and maintaining service delivery and cybersecurity of DoDIN-A(NG) and DoDIN-A(NG)-S networks and computing services.
Supporting the DoDIN-A(NG) and DoDIN-A(NG)-S networks and associated computing services from requirement identification to service retirement / replacement.
Ensuring continued security of the network and proactive enhancement of cybersecurity to meet evolving and emerging threats, to include compliance with DoD Risk Management Framework (RMF) and continuous monitoring requirements.
Providing support to the 54 supported organizations (ie, 50 states, three territories, and the District of Columbia) to ensure flexible and responsive operation and defense of the network.
Some OCONUS travel might be required.
Adhering to all Department of Defense (DoD) enterprise security requirements to include those required by the Defense Information Systems Agency (DISA) and the Department of the Army (DA); prepping for and passing Command Cyber Readiness Inspections (CCRIs), obtaining and maintaining Authority to Connect (ATC) and Authority to Operate (ATO) from the Designated Approving Authority (DAA); ensuring compliance with all Secure Technical Implementation Guides (STIGS) and required information assurance (IA) controls.
Maintaining the lifecycle of all services, ensuring they meet business needs, comply with Army directives and mandates, and are in keeping with the future Joint Information Environment (JIE) architecture.
Maintain continuity of service when primary support systems operate in degraded mode per COOP.
The Cyber Compliance Officer will:
Measures ARNG compliance with cybersecurity requirements and recommends cybersecurity program operational execution activities, processes, and practices.
Identifies, protects, detects, responds to, recovers, and analyzes threats to the ARNG enterprise network and its enabling technologies based on compliance-related gaps and risks, in close coordination with the RCC-NG.
Assists ARNG with identifying vulnerabilities in the ARNG enterprise network and its enabling technologies and assessing compliance with cybersecurity requirements and prescribed operational execution activities, processes, and practices.
Assists the Government with ensuring the secure configuration and preparation for approval of IT below the system level in coordination with the RCC-NG and in accordance with applicable guidance prior to acceptance into, or connection to, an Army IS.
Assists in the implementation, management, and administration of the organization's structure and workflow within eMASS.
Assists in the enforcement of the DCWF and cybersecurity certification program to ensure training and certification requirements are enforced, managed, and reported.
Assists ARNG with the implementation of a documented and streamlined process for reviewing, processing, and approving systems access requests.
Leverages the ACAS and other compliance-related tools to scan network devices for compliance with current best practices and CCRI requirements to interrogate systems for configuration and status.
Creates and submits appropriate security-related reports, such as those required by IAVA, intrusion, virus infection incidents, FISMA, and others as requested by the Government.
Tracks IAVA compliance at the enterprise level and reports on state efforts to achieve compliance.
Assists the states and territories in scan policy implementation, appropriate asset identification, plug-in related issues, and general scan-related troubleshooting.
Coordinates with the SOC and the RCC-NG to leverage the AESS tools suite to perform coordination with states on compliance findings and remediation efforts.
Processes FPA requests and WCF requests to validate requirements and appropriately identify associated risks.
Assists in examining the security architecture and vulnerabilities of systems in cooperation with system owners and administrators through security scans, examinations of system configurations, reviews of system design documentation, and interviews.
Qualifications:
Required Skills and
Experience:
Possess the appropriate baseline certification(s) to achieve DoD 8570.
01-M Information Assurance System Architect and Engineer (IASAE) Level IIIAn active SECRET DoD clearance or higherPOSITION ALLOWS FOR UP TO 2 DAYS REMOTE WORK WEEKLY#GECOS.
Estimated Salary: $20 to $28 per hour based on qualifications.
This is an IT Service Management contract in support of the operation, modernization, expansion, and further evolution of the ARNG's global Information Technology (IT) services including networking, compute, storage, infrastructure, applications, hosting, and program management services.
The GECOS program supports the ARNG enterprise IT infrastructure, its Wide Area Network (WAN), authentication and directory services, cybersecurity, application hosting, and associated services.
GECOS uses ITIL best practices framework as the basis for IT Service Management (ITSM) model.
The work includes the following:
Operating the DoDIN-Army (National Guard) (DoDIN-A(NG) and DoDIN-A(NG)-Secret (S) networks and maintaining service delivery and cybersecurity of DoDIN-A(NG) and DoDIN-A(NG)-S networks and computing services.
Supporting the DoDIN-A(NG) and DoDIN-A(NG)-S networks and associated computing services from requirement identification to service retirement / replacement.
Ensuring continued security of the network and proactive enhancement of cybersecurity to meet evolving and emerging threats, to include compliance with DoD Risk Management Framework (RMF) and continuous monitoring requirements.
Providing support to the 54 supported organizations (ie, 50 states, three territories, and the District of Columbia) to ensure flexible and responsive operation and defense of the network.
Some OCONUS travel might be required.
Adhering to all Department of Defense (DoD) enterprise security requirements to include those required by the Defense Information Systems Agency (DISA) and the Department of the Army (DA); prepping for and passing Command Cyber Readiness Inspections (CCRIs), obtaining and maintaining Authority to Connect (ATC) and Authority to Operate (ATO) from the Designated Approving Authority (DAA); ensuring compliance with all Secure Technical Implementation Guides (STIGS) and required information assurance (IA) controls.
Maintaining the lifecycle of all services, ensuring they meet business needs, comply with Army directives and mandates, and are in keeping with the future Joint Information Environment (JIE) architecture.
Maintain continuity of service when primary support systems operate in degraded mode per COOP.
The Cyber Compliance Officer will:
Measures ARNG compliance with cybersecurity requirements and recommends cybersecurity program operational execution activities, processes, and practices.
Identifies, protects, detects, responds to, recovers, and analyzes threats to the ARNG enterprise network and its enabling technologies based on compliance-related gaps and risks, in close coordination with the RCC-NG.
Assists ARNG with identifying vulnerabilities in the ARNG enterprise network and its enabling technologies and assessing compliance with cybersecurity requirements and prescribed operational execution activities, processes, and practices.
Assists the Government with ensuring the secure configuration and preparation for approval of IT below the system level in coordination with the RCC-NG and in accordance with applicable guidance prior to acceptance into, or connection to, an Army IS.
Assists in the implementation, management, and administration of the organization's structure and workflow within eMASS.
Assists in the enforcement of the DCWF and cybersecurity certification program to ensure training and certification requirements are enforced, managed, and reported.
Assists ARNG with the implementation of a documented and streamlined process for reviewing, processing, and approving systems access requests.
Leverages the ACAS and other compliance-related tools to scan network devices for compliance with current best practices and CCRI requirements to interrogate systems for configuration and status.
Creates and submits appropriate security-related reports, such as those required by IAVA, intrusion, virus infection incidents, FISMA, and others as requested by the Government.
Tracks IAVA compliance at the enterprise level and reports on state efforts to achieve compliance.
Assists the states and territories in scan policy implementation, appropriate asset identification, plug-in related issues, and general scan-related troubleshooting.
Coordinates with the SOC and the RCC-NG to leverage the AESS tools suite to perform coordination with states on compliance findings and remediation efforts.
Processes FPA requests and WCF requests to validate requirements and appropriately identify associated risks.
Assists in examining the security architecture and vulnerabilities of systems in cooperation with system owners and administrators through security scans, examinations of system configurations, reviews of system design documentation, and interviews.
Qualifications:
Required Skills and
Experience:
Possess the appropriate baseline certification(s) to achieve DoD 8570.
01-M Information Assurance System Architect and Engineer (IASAE) Level IIIAn active SECRET DoD clearance or higherPOSITION ALLOWS FOR UP TO 2 DAYS REMOTE WORK WEEKLY#GECOS.
Estimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
