At ValidaTek, we modernize and optimize IT services to solve some of the most critical challenges facing federal civilian and defense agencies. Our leadership prioritizes a caring culture that allows each team member to explore their potential and innovate. As a result, our Federal Government customers trust us to provide innovative, high-quality, and repeatable results. Our commitment to quality for the past 16 years is why we are appraised at CMMI Maturity Level 5 for the delivery of IT services and development, levels only achieved by fewer than 20 companies in the United States.

www.validatek.com

Information Assurance SME

Job Summary:

Validatek is seeking a talented Information Assurance SME to support an enterprising program with our DISA customer. The performance expectations will be the following:

• Serve as the knowledge expert of all security related aspects of the JSP computing environment.
• Provide expertise implementing and maintaining security postures within complex network architectures.
• Provide expertise in Defense in Depth concepts supporting DoD infrastructures, C&A, physical and personnel security concepts.
• Provide the appropriate level of confidentiality, integrity, availability, authentication, and non-repudiation IAW DoD 8500.01, DoD 8500.2, Chairman of the Joint Chiefs of Staff Manual (CJCSM) 6510.01, NIST 800-37 Risk Management Framework, NIST 800-137 Information Security Continuous Monitoring, as well as local security policies created and enforced by JSP’s Cyber Security Center.
• Work in support of other JSP customer organizations to integrate and automate IA solutions.
• Establish a robust security posture for JSP IT environments by independently identifying vulnerabilities, remediating found vulnerabilities, and improving processes to maintain a robust security posture as it pertains to the Information System (IS) vulnerability management.
• Ensure that all managed assets are compliant and communicating with all required security tools, such as HBSS, ACAS, Splunk, Tanium and SCCM.
• Provide System/Windows updates. Support all versions of the JSP standard image security updates and policies to include technology enhancements, upgrades, and/or replacements and address security vulnerabilities as prescribed by DoD orders which include U.S.Cyber Command (USCYBERCOM), JFHQ DODIN and DISA.
• Provide computer security response support. Provide immediate response in the investigation of computer security incidents deemed to originate from the Platform Services in line with CJCSM 6510.01.
• Ensure all assets supported by JSP are fully compliant with JFHQ-DODIN OPORDS, TASKORDs (10-12 a month), IAVM notifications and STIG requirements per published compliance dates.
• Provide compliance support. Ensure all assets supported by JSP are fully compliant with JFHQ-DODIN OPORDS, TASKORDs (10-12 a month), IAVM notifications and STIG requirements per published compliance dates.
• Provide compliance with IA, Hardware, Software, Procedural, Physical, and Personnel Security Inspections Support. Assist the Government Security/IA Manager(s) in the development, implementation, and execution of a facility-wide, fully compliant security program for all aspects of Physical Security, Personnel Security, IA Security, Communications Security, and Government-required compliance monitoring, reporting, and tracking.
• Provide RMF program and processes that enables system owners to ensure systems are compliant and operating under appropriate security and assurance controls for the full system lifecycle.
• Support the Connection Approval Program (CAP), A&A Support and Tenant Security Plan (TSP). Support all activities needed to obtain A&A on all the tenant networks, equipment, and systems at all classification levels with the JSP IT platform services and hosted levels.

Minimum Qualifications and Experience:

• Active DoD Top Secret clearance.
• Bachelor of Science in Information Technology Security Management, telecommunications, management information systems, and 5+ years of related experience.
• Information Assurance (IA) Certification: DoD 8570 IAM II certification. (CAP, CASP+ CE, CCISO, CISM, CISSP, GSLC)
• Computing Environment (CE) Certification: Recent and relevant technical certification.
• Proven experience implementing and maintaining security postures within complex network architectures.
• Possess knowledge of Defense in Depth concepts supporting DoD infrastructures, C&A, physical and personnel security concepts.
• Demonstrated ability for oral and written communication with the highest levels of management.
• Experience in a DoD Technology environment.
• Experience/knowledge of the DoD IAVM programs.
• Knowledge of the DISA VMS and CMRS.
• Knowledge of the DoD vulnerability scanning requirements utilizing DOD DRSI Standards and Tools.
• Experience in FISMA, OMB, DoD IG Inspection, ACA, and other accreditation and certification programs.
• Knowledge of the Defense in Depth concepts and implementation.
• Knowledge of A&A processes RMF NIST SP-800-37.
• Knowledge of NIST SP 800-53R Common Control documentation and validation.
• Knowledge of Incident Response, Auditing, and CNDSP.
• Knowledge of and comprehension on how to implement 8570.01-M./DoD 8140.
• Demonstrated ability for oral and written communication with the highest levels of management.

ValidaTek is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, protected veteran status, or disability status.

Applicants who are selected for employment will be required to verify authorization to work in the United States.

Offers of employment will be contingent upon passing a post-offer background check.

Education

• Bachelors or better

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities

The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c)