The Mid Cybersecurity Engineer will provide direct expertise and guidance to DoD programs (G-TSCMIS and NAOC2/JADOCS/TBMCS) and projects supporting the Navy Command and Control Program Office, PMW-150.
Provide cybersecurity guidance and advice to the NAOC2 APM on the following:
Respond to cybersecurity data calls.
Respond to ad hoc cybersecurity tasking.
Provide cybersecurity input to adhoc and recurring NAOC2.
Attend and support all programattic briefings such as Annual Program Reviews, Program Management Reviews, etc.
Provide cybersecurity input to Integrated Product Team (IPT) meetings.
Provide cybersecurity expertise as part of the integrated office/Echelon III NAOC2 program team.
Track cybersecurity metrics for NAOC2 programs, interact with all cybersecurity POCs from other services components (US Army, USMC, USAF, etc.) to ensure Navy concerns are addressed in NAOC2 systems developed by those service components.
Manage all FISMA reporting requirements for NAOC2 programs.
Manage VRAM reporting for NAOC2 baselines.
Manage Certification and Accreditation (C&A) and/or Assess and Authorize (A&A) for NAOC2 programs including:
Maintain the IATO/ATOs for NAOC2 baselines.
Track and complete accreditation conditions requirements for NAOC2 IATO/ATOs.
Maintain DIACAP/RMF POA&Ms for NAOC2 baselines in eMASS.
Complete Navy Accreditation efforts for system baselines accredited by other services (via the reciprocity process).
Provide cybersecurity fleet support for NAOC2 systems.
Coordinate cybersecurity tasking with the Echelon III engineering and cybersecurity staff to support items listed above.
Support RMF transition for NAOC2 system baselines as required.
Others related duties as assigned.
Must hold an activesecret clearance to be considered for this role.
Minimum 3-5 years relevant work experience in the cyber security field. Work experience should include Risk Analysis efforts, system testing using DISA STIGS and industry automated scanning tools.
Thorough working knowledge of Navy cyber security guidance documents, messages, and instructions (e.g., as promulgated by DON CIO, OPNAV, DoD and NAVNETWARCOM).
Must be familiar with the DoD acquisition life cycle.
Thorough working knowledge of the Information Assurance Vulnerability Management Process (IAVM) and FISMA requirements.
Broad technical knowledge of system architectures, network elements and protocols, and system software.
Strong direct technical experience in the field of information security, to include hands on experience using security tools, penetration testing, and current/emerging threats in the vulnerability/exploit community.
Ability to technically analyze system vulnerabilities, related vendor patches and workarounds, and overall effectiveness of technical mitigations that may be put in place to reduce attack surfaces, threat vectors, or related impact of a given vulnerability.
Strong technical understanding of the OSI model, networking, system architecture analysis, and the ability to characterize and discuss findings at all layers of the OSI model from Physical Layer to Application Layer.