Cyber Security Analyst jobs in Hampton, VA

The Cyber Analyst, Mid-Level, applies expertise and work experience executing cyber risk assessments. The ideal candidate will provide a broad range of information assurance activities and has a strong knowledge of systems, operating environments, system security, and networking. *This position requires onsite work Duties Determines system vulnerabilities and residual risk based on analysis of technical artifacts, interviews, and evaluation of current system state Evaluates effectiveness of proposed mitigations Contributes toward recommendations on technical/policy changes, processes and methodologies to assess and mitigate cybersecurity risk on information technology within the SCA's appointed authorization boundary Works with other Cyber Analysts, Subject Matter Experts (SMEs), and SCARs to ensure that all cybersecurity analysis and cybersecurity risk assessments are completed with time and quality standards established by Division leadership and Task Lead Supports program and projects with security and information assurance requirements elicitation based on customer and SME communication and independent research Performs all other duties, as assigned Requirements Bachelor's degree in Cybersecurity, Computer Science, Information Technology, Information Systems required. Equivalent work experience may be substituted for Bachelor's degree. Master's degree preferred. IAM Level II Certification in accordance with the Department of Defense (DoD) approved 8140 baseline certifications required Must have at least 5 years of experience in cyber risk assessment in cyber risk assessment or experience with technologies utilized in AFNET or DoD systems Proficiency with eMASS preferred Must have familiarization with NIST SP 800-53, AFI 17-130, and DODI 8510.01 Strong planning, organization, and analytical skills, with attention to detail required Must be able to take initiative and be self-motivated Quick learner; passionate about technology and able to learn new technology areas as directed Ability to elicit, identify, and research information assurance requirements and perform as a member of an assessment review team Effective team player with good interpersonal skills Must be able to work independently with minimal supervision Excellent written and verbal communication skills required Must be able to display professionalism in all situations Knowledge in emerging technologies including cloud, AI and virtualization, networking, systems engineering, identity management, web technologies, system administration, and system security is preferred This position requires onsite work. Must be flexible to be able to work in the office, as assigned. Must have an active DoD security clearance

Required Clearance: Secret - Top Secret SCI Certifications: DoD 8570.01-M in accordance with (IAW) DFARS ************ Baseline Certification, minimum IAT Level I, Level II or Level III depending on position hired to fill Required Education: Bachelor's degree in Cybersecurity, Cyber Operations, Cyber Engineering, Information System, Information Technology, Computer, Electrical, or Electronics Engineering, Software Engineering, Computer Science, Mathematics with a concentration in Computer Science, or equivalent to above disciplines Required Experience: Two (2) Years for Level I, five (5) Years for Level II and ten (10) years for Level III Position Description: PingWind is seeking the right fit to join a team of Cyber professionals as they support critical functions to provide Cyber Security for the Navy's network. Depending on the position hired to fill, you will be ensuring the highest level of cyber security by implementing STIGS, performing scans using tools such as ACAS, and tracking/patching/mitigating vulnerability findings. Key goal is to ensure the warfighter can achieve their mission without the interference of adversaries and opportunistic hackers. Work is performed in support of Naval Surface Warfare Center (NSWC), DAHLGREN DIVISION in Virgina Beach as it conducts Research, Development, Test & Evaluation (RDT&E), analysis, systems engineering, integration, and certification of complex Department of Defense systems. Primary Responsibilities: Level: I Two (2) years and Level II: Five (5) years of full-time professional experience performing system hardening with demonstrated experience in the following areas: • Performing STIG implementation; • Performing vulnerability assessments with the Assured Compliance Assessment Solution tool; • Experience with Security Management policy guidance and directives; and • Remediating vulnerability findings to include implementing vendor patches on both Linux and Windows Operating systems. Level III: Ten (10) years of full-time professional experience performing system hardening with demonstrated experience in the following areas: • Computer security, military system specifications, Security Management policy guidance and directives, DoD and cybersecurity policies; • Risk Management Framework (RMF) and the implementation of Cybersecurity and IA boundary defense techniques and various IA-enabled appliances. Examples of these appliances and applications are Firewalls, IDS, IPS, Switch/Routers, Cross Domain Solutions (CDS), EMASS and Endpoint Security Solution (ESS); • Performing STIG implementation; • Performing vulnerability assessments with the Assured Compliance Assessment Solution tool; and • Remediating vulnerability findings to include implementing vendor patches on both Linux and Windows Operating systems. Required Qualifications: • Secret - Top Secret SCI • DoD 8570.01-M in accordance with (IAW) DFARS ************ Baseline Certification, minimum IAT Level I, Level II or Level III depending on position hired to fill • Bachelor's degree in Cybersecurity, Cyber Operations, Cyber Engineering, Information System, Information Technology, Computer, Electrical, or Electronics Engineering, Software Engineering, Computer Science, Mathematics with a concentration in Computer Science, or equivalent to above disciplines • Two (2) Years for Level I, five (5) Years for Level II and ten (10) years for Level III Desired Qualifications/Experience: • Navy experience a plus • DoD 8570.01-M CSSP certification • RMF experience About PingWind PingWind is focused on delivering outstanding services to the federal government. We have extensive experience in the fields of cybersecurity, development, IT infrastructure, supply chain management and other professional services such as system design and continuous improvement. PingWind is a VA CVE certified Service-Disabled Veteran-Owned Small Business (SDVOSB) with offices in Washington DC and Northern Virginia. **************** Our benefits include: • Paid Federal Holidays • Robust Health & Dental Insurance Options • 401k with matching • Paid vacation and sick leave • Continuing education assistance • Short Term / Long Term Disability & Life Insurance • Employee Assistance Program through Sun Life Financial EAP Guidance Resources Veterans are encouraged to apply PingWind, Inc. does not discriminate in employment opportunities, terms, and conditions of employment, or practices on the basis of race, age, gender, religious or political beliefs, national origin or heritage, disability, sexual orientation, or any characteristic protected by law.

We're seeking a Cyber Network Defense Analyst (CND) to support the Intelligence, Surveillance, Reconnaissance (ISR) Wing Security Office and the Distributed Common Ground System (DCGS) Processing, Exploitation, Dissemination (PED) Operations Center (DPOC). Job Responsibilities: Performs forensic analysis of digital information and gathers and handles evidence. Identifies network computer intrusion evidence and perpetrators. Investigates computer fraud or other electronic crimes, crack files and system passwords, detects steganography and recovers deleted, fragmented and corrupted data from digital media of all types. Ensures chain of custody and control procedures, documents procedures and findings in a manner suitable for courtroom presentation and prepares comprehensive written notes and reports. May be required to testify in court as expert witnesses. Required Skills and Experience: BA/BS 3+ years of network operations experience Active TS/SCI CompTIA Security+ CompTIA Cybersecurity Analyst (CYSA) Shift work required Preferred Skills and Experience: Working knowledge of AF DCGS and AF ISR operations is desired Spectrum is proud of our diverse workforce and diligently committed to remaining an Equal Opportunity Employer. Spectrum governs all employment related decisions without regard to an individual's race, color, sex, religion, national origin, age, disability, veteran status or any other protected classification. [EEO/AA/Protected Veterans/Individuals with Disability employer]. Work schedule: 10-hour rotational shift work. Rotations are quarterly between day and mid shifts and monthly between weekday and weekend shifts.

Falconwood is a woman-owned, veteran-owned company providing consultation and programmatic support to Department of Defense Information Technology (IT) initiatives and programs. We provide expert advice and consultation on a diverse range of IT subjects, focusing on acquisition, policy, cybersecurity, engineering, and process development. The Information Assurance Analyst will be responsible for performing duties associated with development and review of RMF packages in support of the Commander, Naval Information Forces (NAVIFOR) N6 Directorate. Responsibilities The candidate will support Assessment and Authorization efforts for NAVIFOR N6 directorate and subordinate commands through: Support program's authorization efforts throughout the Navy RMF process. Track to ensure quality and timeliness of RMF package artifacts and deliverables. Analyze general information assurance-related technical problems and provides recommendations and technical support in solving these problems. Assess and supports implementation of solutions that meet network security requirements. Review vulnerability/risk analyses of computer systems and applications during all phases of the system development life cycle. Perform duties associated with development and review of RMF packages. Support continuous improvement of strategies, processes, and procedures aligned with existing DoN Navy processes. Ensure the necessary planning, outreach, execution, and dissemination of lessons learned/after action reports. Qualifications Clearance: TS/SCI clearance required (a current SSBI within the five-year scope). Education: Bachelor of Science degree in Information Systems, Computer Science, Cybersecurity, Information Systems, Computer Engineering or related discipline. Certifications: Information Assurance Certification (GIAC) - Security Leadership Certification (GSLC), Certified Information system Security Professional (CISSP), or Certified Information Security Manager (CISM). Experience: At least one-year relevant experience performing Navy IA or cybersecurity functions. Preferred: Experience in an IT operational capacity (e.g., operations/project support, helpdesk). Strong analytical, problem-solving, and project management skills. Familiarity with U.S. Navy culture, processes, command organizations, and IT infrastructures. Ability to analyze general information assurance-related technical problems and provides recommendations and technical support in solving these problems. Be able to assess and support implementation of solutions that meet network security requirements. Experience with vulnerability/risk analyses of computer systems and applications during all phases of the system development life cycle. Advanced technical writing skills for developing documentation, reports, and training materials. The candidate must be: Familiar with the Navy RMF process. Capable of performing effectively individually and as part of a team. Technically savvy and possess excellent communication skills. Have effective critical thinking and problem-solving skills. Self-motivated and able to successfully deliver with minimal supervision. Proficient in Microsoft applications such as Word, Excel, PowerPoint, and Outlook. This position is fast paced and high demand that is a hybrid position (onsite and remote) in Suffolk, VA. Limited to no travel is anticipated. Pay Range Base pay is $85,000-$95,00, subject to skill level, qualifications, and location. Benefits Highlights: 401k, Tuition Reimbursement, Health/Dental/Vision Insurance, PTO, Federal Holidays, Performance Increases, Reserve Duty Compensation and more!

GENERAL SUMMARY: Seeking full-time Network Engineer to join the Cyber Readiness Team supporting the Atlantic Surface Fleet in Norfolk, Virginia. An applicant that can demonstrate expert knowledge in the design, configuration, deployment and management of Aruba EdgeConnect SD-WAN solutions will fill this position. The candidate may be required to travel between 5-10% to assist forward-deployed units. LOCATION: Norfolk, VA. SPECIFIC DUTIES & RESPONSIBILITIES: Provide SD-WAN orchestration and management using Aruba Orchestrator for provisioning, deployment, configuration, monitoring, and troubleshooting EdgeConnect SD-WAN solutions. Manage user authentication, authorization, role-based access control, RADIUS/TACACS+, policy management, and captive portal using Aruba ClearPass Policy Manager (CPPM) and ClearPass Guest. Deploy, provision, manage, and monitor Aruba Instant APs using Aruba Instant UI, Aruba Central and/or Aruba Mobility Controller capabilities. DESIRED SKILLS AND ABILITIES: HPE Aruba SD-WAN Certifications Cisco Certified Network Associate (CCNA) Experience with Aruba and/or Cisco wireless controllers, access points, switches and routers Understanding of DoD Cybersecurity policies and programs Experience implementing DISA Security Technical Implementation Guides (STIGs) REQUIREMENTS: In-depth knowledge of current SD-WAN concepts, industry standards, security, and best practices. At least five years' hands-on experience with any SD-WAN technologies to include at least two years' experience with Aruba EdgeConnect SD-WAN solutions. Hands-on experience using Aruba ClearPass Policy Manager (CPPM), ClearPass Guest, and Aruba Orchestrator in the management of EdgeConnect SD-WAN solutions. Active Secret Security Clearance Current US Passport 8570 Information Assurance Technician (IAT) level II or IAM/ISSM level I Certification Bachelor's Degree or 5 years' experience in related field

is contingent upon contract award. Candidates must have an active Secret clearance and verify, before applying, that you meet the minimum requirements of the position. The Senior Cybersecurity Analyst will lead and oversee system Assess and Authorize (A&A) activities for the sustainment of U.S. Army Defense Business Systems. The Senior Cybersecurity Analyst plays a critical role in managing the Risk Management Framework (RMF) lifecycle, ensuring compliance with Department of Defense (DoD) standards, and achieving successful Authority to Operate (ATO) decisions. This position requires a seasoned professional with extensive experience in cybersecurity operations, policy development, and leadership. RMF Leadership and Compliance: Lead the development, review, and maintenance of A&A documentation to ensure compliance with RMF and DoD standards. Provide expert guidance and mentorship to team members throughout the RMF lifecycle phases, ensuring alignment with best practices. Oversee the application and testing of Federal Information System Controls Audit Manual (FISCAM) and RMF controls utilizing CNSS Instructions 1253 and NIST SP 80053 standards to maintain system security. Accreditation and Cybersecurity Operations: Manage Initial Authority to Test (IATT) and ATO processes, performing Information Systems Security Manager (ISSM) and Information Systems Security Officer (ISSO) duties as required. Maintain system accreditation status by developing reports, tracking updates, and notifying stakeholders when documentation needs revision. Support and implement robust information systems security technologies, including access control, user authentication, and data encryption. Policy Development and Governance: Review and analyze Army and DoD policies to develop local procedures and guidelines that implement cybersecurity subprograms and initiatives. Prepare, distribute, and maintain plans, instructions, guidance, and standard operating procedures (SOPs) to enhance information systems security governance. Evaluate system and network changes for cybersecurity impact, ensuring confidentiality, integrity, availability, and overall system security posture are maintained. Technical Expertise and Tools Utilization: Utilize and provide oversight on tools and platforms, including HBSS, Fortify, ACAS/Nessus, eMASS, Tanium, CMRS, and Endpoint Security solutions. Create and submit comprehensive Plan of Actions & Milestones (POA&M) for review and approval by the Authorizing Official (AO). Apply knowledge of cross domain solutions to enhance secure system operations. Training and Team Development: Conduct advanced training on cybersecurity policies, tools, and best practices for the team. Mentor junior analysts and ensure the team's skills remain aligned with the latest cybersecurity standards and emerging threats. Education and Requirements: Bachelors degree in information technology, Computer Science, or a related field. 6+ years of experience in IT architecture and cybersecurity. Current and active Secret security clearance. IASAE II DoD Approved Baseline Certification (e.g., CISSP, CASP CE, CSSLP). Location flexible with preference to Ft. Eustis, Fort Belvoir or Fort Gregg-Adams JANUS strives to provide opportunities for career growth through training and development. We also offer an attractive comprehensive benefit package to include health and welfare plans and financial products. As part of a total rewards program, employees can benefit from our referral bonus program, and other various employee awards. JANUS Research Group takes pride in our benefit package and rewards program which has earned us the certification of a Great Place to Work JANUS Research Group provides reasonable accommodation so that qualified applicants with a disability may participate in the selection process. Please advise us of any accommodations you request to express interest in a position by e-mailing: Alisha Pollard, Director of Human Resources at ******************************** or calling **************. Please state your request for assistance in your message. Only reasonable accommodation requests related to applying for a specific position within JANUS Research Group will be reviewed at the e-mail address and phone number supplied. Thank you for considering a career with JANUS Research Group. JANUS Research Group participates in the Electronic Employment Verification Program. Please click the E-Verify link below for more information.

Qualified candidates will assist JTF-CS to support proper implementation and sustainment of DOD cybersecurity and RMF requirements. The support services shall include support in the following areas: RMF and JTF-CS policy, guidance, procedure and templates; security control implementation and testing; security control assessments; and RMF training. This position is at Fort Eustis VA. Each candidate will: · Provide technical analysis of JTF-CS RMF artifacts/authorization documentation to inform authorization decisions for the JTF-CS domain enclave of the NORTHCOM enterprise · Support JTF-CS in monitoring and tracking execution of POA&M · Perform all required cybersecurity analyst (CSA) RMF process steps for the JTF-CS domain enclave of the NORTHCOM enterprise, to include: Categorize System, Select Security Controls, Implement Security Controls, and Assess Security Controls · Ensure ECCSS RMF process steps are followed and adhered to by RMF stakeholders Security Controls Support · Assess approved technical and non-technical security features of JTF-CS domain enclave to address known threats and vulnerabilities; assessment must consider and identify impacts as well as consideration of existing risk mitigation strategies · Act as an independent and impartial assessor to determine and certify aggregate cybersecurity risk for recommendations for JTF-CS domain enclave · Develop a Security Assessment Plan (SAP) for JTF-CS domain enclave of the NORTHCOM enterprise within Enterprise Mission Assurance Support Service (eMASS), describing the objectives of the security control assessment and providing a detailed roadmap for performing the assessment, to include: Security Plan (SP) Security Assessment Report (SAR) Risk Assessment Report (RAR) Up-to-date POA&M Updated accreditation artifacts · Conduct Privacy Impact Assessment (PIA) for the JTF-CS domain enclave · Provide approval recommendation of the SAR for the JTF-CS domain enclave · Provide guidance to JTF-CS Stakeholders · Implement Security Controls · Assess Security Controls · Monitor Security Controls · Support Authorization of Information System Support Plan of Action and Milestones Assemble the security authorization package Determine the risk to organizational operations to include delivering the Residual Risk Statement that will be included in the Risk Acceptance Recommendation Report, Briefing (slides and meeting support) Determine if the risk to organizational operations, organizational assets, individuals, other organizations, or the Nation is acceptable Mandatory Requirements: Clearance Level: Secret Certifications: DODM 8570 IAM Level III: - REQUIRED Preferred Skillsets Proficiency with eMASS preferred Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status. #clearancejobs

Seeking an experienced, self-directed, Cyber Security Engineer to support the Army Data and Analytics Platform contract on-site in Newport News, VA. As a member of our team, you will help to assist the Army in a full range of program/product management and administration, financial, technical, and business transformation. Security measures to protect computer systems, networks, and data. You will work collaboratively with IT teams to identify vulnerabilities, develop and implement security solutions, and respond to security incidents. Perform detailed information security assessments on Trident's information systems to ensure compliance with federal and state regulations. These information security assessments would include but are not limited to application reviews, access controls, network reviews, and regulatory and other compliance reviews. Duties and Responsibilities * Deploy and configure security tools, technologies, and solutions to protect against cyber threats. * Conduct regular vulnerability assessments to identify and address potential security weaknesses and coordinate remediation efforts in a timely manner Investigate and analyze security incidents, providing timely and accurate reports to management. * Stay up-to-date of the latest cybersecurity trends, threats, and vulnerabilities to adjust security measures accordingly. * Implement and manage SIEM/MDR systems for real-time monitoring of network activities and respond to potential security incidents including conducting thorough investigations to determine the root cause. * Configure and maintain security settings for operating systems, applications, and network devices. * Participate in the development and delivery of security awareness programs and training for employees Maintain accurate and up-to-date documentation of security processes, procedures, and incident response activities. * Audit router, switch, firewall configurations, change control, and monitoring. * Create workstation and server baseline configuration. Required Skills and Experience * Bachelor's Degree in Computer Science, Information Systems, Business or similar; Master's preferred. * 10+ years of experience in related field. * Security+ and IAT/IAM Level III (CISSP or equivalent) certifications required. * Support activities of the information Systems Security Manager (ISSM) in developing in and enforcing security policies and procedures to ensure compliance with industry standards and regulations. * Collaborate with IT teams to ensure the effective deployment and maintenance of security technologies. * Collaborate with external partners and internal teams to conduct periodic audits, pen test and tabletop exercises Ensure network security best practices are implemented through. Required Clearance * Active DoD Secret clearance required EOE M/F/Disability/Vet

Abacus Technology is seeking an Information System Security Officer to ensure the operation, security and integrity of information systems including WAN/LAN and personal for the Headquarters - Air Combat Command (ACC) at Langley AFB. This is a full-time position. Responsibilities Perform comprehensive network vulnerability audits and analysis for all devices including classified networks. Perform analysis of vulnerability assessments, provide remediation recommendations, support creation of Plans of Action & Milestones (POA&Ms) and supply guidance/training when necessary to implement remediation solutions. Perform comprehensive systems and security administration for antivirus, WSUS, and FTP sites providing availability to IA scanning and remediation tools, local security implementation guides and vulnerability results. Conduct system security reviews, documentation evaluations and audit analysis to ensure compliance with all AF cybersecurity policies and procedures including further guidance from applicable cybersecurity publications addressing COMSEC, computer security, and emissions security (TEMPEST). Oversee and direct the LAN Technicians associated with the daily operations support. Support planning for future upgrades and improvements to the information systems to meet evolving organizational needs. Analyze the organization's current capabilities, available resources, facilities, funds, and technology base, and help determine whether they are sufficient to fulfill the mission. Implement the policies of the cybersecurity program and assess the security posture regularly to ensure constant compliance with established security standards and requirements including periodic IT security training and awareness for government personnel. Work closely with program personnel in the development of security policy; contingency plans and operations; incident response plans and operations; threat and vulnerability assessments; remediation efforts; configuration management plans; risk analyses; security training plans; system concept of operations; memorandums of agreement; and security test and evaluations. Qualifications 3+ years experience in network or system administration including at least 1 year of experience supporting systems running SuSE or Red Hat Linux. Bachelor's degree in a related field desired. Must be Security+ and Linux+ certified. Thorough experience in Windows and Linux system administration. Able to provide technical and analytical support to assess capability requirements, associated capability gaps and risks, and facilitate fielding of capability solutions. Significant experience in vulnerability scanning and analysis, including the use of automated tools and vulnerability management systems. Knowledge of intrusion prevention and network access control tools/systems. Understanding of system audit principles and security risk assessment. Must have a solid understanding of network infrastructure and mission assurance. Familiar with Federal government and DOD standards for IA/security including DIACAP, FISMA, NIST, and OMB. Must be customer service oriented and able to demonstrate strong communication skills and problem-solving abilities. Able to conduct research into hardware and software issues and products as required. Must be a US citizen and hold a current Top Secret clearance with SCI access (TS/SCI). Applicants selected will be subject to a U.S. government security investigation and must meet eligibility requirements for access to classified information. EOE/M/F/Vet/Disabled

Full-time Description The Compliance & Security Analyst will assist in development, auditing, monitoring, training, and improvement of multiple corporate compliance programs encompassing Information Security, Physical Security, Quality Management, Privacy and customer specific programs as needed. This position will provide matrixed support across departmental boundaries, facilitating improved alignment of compliance programs throughout the company. The position will serve as Facility Security Officer (FSO) and will be responsible for ensuring compliance with all government security regulations and procedures to include the implementation and maintenance of security procedures as required by the National Industrial Security Manual (NISPOM). At Commence, we're the start of a new age of data-centric transformation, elevating health outcomes and powering better, more efficient process to program and patient health. We combine quality data-driven solutions that fuel answers, technology that advances performance, and clinical expertise that builds trust to create a more efficient path to quality care. With human-centered, healthcare-relevant, and value-based solutions, we create new possibilities with data. We provide proof beyond the concept and performance beyond the scope with a focus on efficiencies that transform the lives of those we serve. With a culture driven by purpose, straightforward communication and clinical domain expertise, Commence cuts straight to better care. Requirements Develop and implement security policies and procedures in compliance with government regulations, including but not limited to the National Industrial Security Program Operating Manual (NISPOM). Partner with third party auditors and fulfill their requests by acting as a single point of contact for internal information collection activities. Identify requirements for audit control criteria to meet stakeholder needs. Manage and oversee physical security measures, including access control, visitor management, and security systems. Coordinate with government agencies and external security personnel as needed. Investigate and report security incidents and violations to appropriate authorities. Manage and maintain security-related documentation and records, including incident reports and security clearance records. Provide guidance and support to employees on security-related matters. Partner with operations teams to implement processes supporting compliance controls. Collaborate with key stakeholders to communicate compliance initiatives and approaches. Review established documentation and suggest modifications of existing policies-or establishment of new ones-in pursuit of operating excellence with predetermined frequency. Prepare reports, documentation, project updates and data for both internal and external partners. Develop, coordinate, and deliver training related to compliance programs as part of employee onboarding, annual refresher training and ad hoc as needed. Ensure required documentation of completed training is recorded and maintained. Maintain the company's security policies. These are formal policies that detail and document actual mechanisms and controls. Assist with the ongoing maintenance and exercise of the company's Security Procedures that include Disaster Recovery and Business Continuity Plans, Security Incident Response and process protocols including Incident Reporting and Sanctions. Coordinate periodic reviews of all formalized management process documents, ensuring version control. Conduct internal audits across departments on a scheduled and ad hoc basis. Serve and fulfill duties as the organizational Facility Security Officer and Privacy Officer. Carry out other compliance, reporting or administrative duties as directed. Qualifications Bachelor's degree in business, information technology or other complementary discipline or equivalent experience with 3-5 years of experiencee Previous experience in an information technology role. US Citizen Knowledge of NISPOM requirements Must complete or have completed requirements for Facility Security Officer (FSO) Expertise with business productivity applications including Microsoft Office. Excellent written and verbal communication skills. Flexibility to travel on occasion to conduct activities in support of audits. IT Security related certifications are a plus (e.g., CISSP, SSCP, CISM, GIAC, CISA, etc.). Preference will be given to candidates with previous experience pursuing one or more compliance mandates (e.g., ISO 27001, PCI DSS, HITRUST, etc.) or audit and reporting frameworks (e.g., NIST, SOC, etc.). Receive and maintain a favorable adjudication for a National Agency Check with Law and Credit (NACLC) background investigation. Additional Requirements Exposed to confidential information and expected to always maintain confidentiality; must adhere to rules and regulations in accordance with company directives. May be required to work outside of normally scheduled hours as mandated by the client, project and/or workload (e.g. evenings, weekends, and/or holidays). Required to maintain established work pace, meet deadlines; may have last minute urgent requests. Commence is an equal employment opportunity employer. All personnel processes are merit-based and applied without discrimination on the basis of race, color, religion, sex, sexual orientation, gender identity, marital status, age, disability, national or ethnic origin, military and veteran status or any other characteristic protected by applicable law. If you need assistance or an accommodation due to a disability, you may contact us at ************ or ************** Salary Description $67,800-$83,000

The Compliance & Security Analyst will assist in development, auditing, monitoring, training, and improvement of multiple corporate compliance programs encompassing Information Security, Physical Security, Quality Management, Privacy and customer specific programs as needed. This position will provide matrixed support across departmental boundaries, facilitating improved alignment of compliance programs throughout the company. The position will serve as Facility Security Officer (FSO) and will be responsible for ensuring compliance with all government security regulations and procedures to include the implementation and maintenance of security procedures as required by the National Industrial Security Manual (NISPOM). At Commence, we're the start of a new age of data-centric transformation, elevating health outcomes and powering better, more efficient process to program and patient health. We combine quality data-driven solutions that fuel answers, technology that advances performance, and clinical expertise that builds trust to create a more efficient path to quality care. With human-centered, healthcare-relevant, and value-based solutions, we create new possibilities with data. We provide proof beyond the concept and performance beyond the scope with a focus on efficiencies that transform the lives of those we serve. With a culture driven by purpose, straightforward communication and clinical domain expertise, Commence cuts straight to better care. Requirements * Develop and implement security policies and procedures in compliance with government regulations, including but not limited to the National Industrial Security Program Operating Manual (NISPOM). * Partner with third party auditors and fulfill their requests by acting as a single point of contact for internal information collection activities. * Identify requirements for audit control criteria to meet stakeholder needs. * Manage and oversee physical security measures, including access control, visitor management, and security systems. * Coordinate with government agencies and external security personnel as needed. * Investigate and report security incidents and violations to appropriate authorities. * Manage and maintain security-related documentation and records, including incident reports and security clearance records. * Provide guidance and support to employees on security-related matters. * Partner with operations teams to implement processes supporting compliance controls. * Collaborate with key stakeholders to communicate compliance initiatives and approaches. * Review established documentation and suggest modifications of existing policies-or establishment of new ones-in pursuit of operating excellence with predetermined frequency. * Prepare reports, documentation, project updates and data for both internal and external partners. * Develop, coordinate, and deliver training related to compliance programs as part of employee onboarding, annual refresher training and ad hoc as needed. Ensure required documentation of completed training is recorded and maintained. * Maintain the company's security policies. These are formal policies that detail and document actual mechanisms and controls. * Assist with the ongoing maintenance and exercise of the company's Security Procedures that include Disaster Recovery and Business Continuity Plans, Security Incident Response and process protocols including Incident Reporting and Sanctions. * Coordinate periodic reviews of all formalized management process documents, ensuring version control. * Conduct internal audits across departments on a scheduled and ad hoc basis. * Serve and fulfill duties as the organizational Facility Security Officer and Privacy Officer. * Carry out other compliance, reporting or administrative duties as directed. Qualifications * Bachelor's degree in business, information technology or other complementary discipline or equivalent experience with 3-5 years of experiencee * Previous experience in an information technology role. * US Citizen * Knowledge of NISPOM requirements * Must complete or have completed requirements for Facility Security Officer (FSO) * Expertise with business productivity applications including Microsoft Office. * Excellent written and verbal communication skills. * Flexibility to travel on occasion to conduct activities in support of audits. * IT Security related certifications are a plus (e.g., CISSP, SSCP, CISM, GIAC, CISA, etc.). * Preference will be given to candidates with previous experience pursuing one or more compliance mandates (e.g., ISO 27001, PCI DSS, HITRUST, etc.) or audit and reporting frameworks (e.g., NIST, SOC, etc.). * Receive and maintain a favorable adjudication for a National Agency Check with Law and Credit (NACLC) background investigation. Additional Requirements * Exposed to confidential information and expected to always maintain confidentiality; must adhere to rules and regulations in accordance with company directives. * May be required to work outside of normally scheduled hours as mandated by the client, project and/or workload (e.g. evenings, weekends, and/or holidays). * Required to maintain established work pace, meet deadlines; may have last minute urgent requests. Commence is an equal employment opportunity employer. All personnel processes are merit-based and applied without discrimination on the basis of race, color, religion, sex, sexual orientation, gender identity, marital status, age, disability, national or ethnic origin, military and veteran status or any other characteristic protected by applicable law. If you need assistance or an accommodation due to a disability, you may contact us at ************ or ************** Salary Description $67,800-$83,000

Serco is looking for an **Industrial Security Analyst - Security Engineer,** at **Langley Air Force Base** in **Hampton, Virginia.** Bring your expertise and collaborative skills to make an impact towards our military defense by discovering your new role supporting this critical mission. **In this position you will:** Control all aspects of Physical, Personnel and Industrial Security at the ACC Distributed Training Center (DTC) located at Langley, AFB (with direction and/or support from SERCO Facility Security Officer (FSO) as well as Air Combat Command (ACC) and Air Force Logistics Command (AFLCMC/WNR): Government Special Security Officer (GSSO) and Contract SCI Security Officer (CSSO) including the following. + Ensure all equipment used within the DTC (faxes, copiers, shredders, etc.) meet applicable standards and are approved, if required. + Ensure compliance with Emanations Security (TEMPEST) Technical Surveillance Countermeasures (TSCM) requirements. + Ensure systems authorization for government network systems required for CAF DTC Mission support such as but not limited to NIPRNET, SIPRNET and CV2. + Interpret and apply DTC Security Directives and Security Classification Guides as it applies to Cyber Security, Physical Security and Personnel Security. + Prepare preconstruction surveys and review technical drawings/blueprints for accuracy and compliance with directives. Submit preconstruction plans and Fixed Facility Checklists (FFC) for approval. + Monitor all construction in the DTC to ensure it meets DODM 5205.07 Vol 3 and ICD 705 standard, prepare facility for accreditation, and ensure any modifications are authorized and meet all security requirements. + Conduct self-inspections. + When deficiencies are identified, prepare and implement corrective action plan and ensure correction timelines are met. + DTC POC for HHQ security reviews. + Development and maintain of the following documentation as a stand-alone DTC and ensure all assigned personnel are familiar with and follow procedures. + Standard Operating Procedures (SOP) - facility operating procedures + Emergency Action Plan (EAP) - for safeguarding classified material in emergency situations + Inspection Readiness Plan - plan for treaty compliance inspections + OPSEC Plan - plan that identifies critical information to determine if friendly actions can be observed by adversary intelligence systems and measures that eliminate or reduce adversary exploitation of friendly critical information. + Top Secret Control Officer (TSCO) - Responsible for all aspects of managing, controlling and accounting for Top Secret material. Currently there is no Top Secret material being used. + As TSCO, conduct 100% inventory annually or as required by the CPSO. + Identify DTC assigned employees and subcontractors for special accesses. + Report known or suspected security incidents to the GSSO/CPSO. + Perform technical reviews of incident reports and recommend appropriate corrective actions to the GSSO/CPSO. + When necessary, assist Higher Headquarters in conducting a damage assessment. + Monitor contractors to ensure they are following stated security requirements. + Develop, maintain, and conduct specific DTC security training program for all DTC assigned personnel. + Prepare, send, and receive of all visit requests for DTC activities. Verify that incoming visitors have the required security clearance necessary for discussions. + Be knowledgeable of export control and International Traffic in Arms Regulations (ITAR) in the event foreign nationals are allowed to visit the DTC. + Responsible for day-to-day control/maintenance of access control system (e.g., make sure it is working). + Identify and authorize persons for unescorted access as necessary. + Perform required security container combination changes along with associated paperwork. + Conduct random, no-notice, entry/exit inspections. + Monitor facility alarm system: + Respond to after-hours activations. + Conduct semi-annual test of alarm system. + Coordinate semi-annual timed response test with local Security Forces. + Report malfunctions and prepare plan for compensatory security measures for GSSO/CPSO, if required. + Prepare and receipt for classified material shipments entering/exiting the facility (to include mail, faxes, electronic data transfers). + Ensure all personnel follow written procedures to review classified holdings on a recurring basis and reduce inventories to the minimum necessary. + Maintain knowledge of the following: + DODI 5205.11 (Basic security rules for SAP) + DODM 5205.07 Vol 1-Vol 4 (DoD Manuals governing SAP) + DODM 5105.21 Vol 1- vol 4 (DoD Manuals governing SCI) + DD Form 254 (Contract Security Classification Specifications) + AFI 31-401 (Information Security) and AFI 31-501 (Personnel Security) + Top Secret Control procedures (if appointed as TSCO) + Special Access Program Nomination Process (SAPNP) + ICD 705 (Intelligence Community Directives governing SCIFs) + Conducts initial, annual, and other recurring security training for assigned personnel. May be required to develop training material and lesson plans that meet baseline security requirements. + Comply with industrial security standards. **Qualifications** **To be Successful in this role, you will have:** + One of the following: + Bachelor's degree with a minimum of 5 years of industrial security experience + Master's degree with a minimum of 3 years of industrial security experience + Active U.S. Department of Defense (DoD) Secret security clearance with the ability to obtain Top Secret / Sensitive Compartmented Information (TS/SCI) and Special Access Program (SAP) eligibility + Must be able to work on-site at Langley Air Force Base in Hampton, Virginia. + Must be able to travel as needed (up to 10% of the time) **Additional desired experience and skills:** + Security Professional Education Development (SPēD) Certification + Active TS/SCI **If you are interested in supporting and working with our military and a passionate Serco team, submit your application now for immediate consideration. It only takes a few minutes and could change your career!** **Company Overview** Serco Inc. (Serco) is the Americas division of Serco Group, plc. In North America, Serco's 9,000+ employees strive to make an impact every day across 100+ sites in the areas of Defense, Citizen Services, and Transportation. We help our clients deliver vital services more efficiently while increasing the satisfaction of their end customers. Serco serves every branch of the U.S. military, numerous U.S. Federal civilian agencies, the Intelligence Community, the Canadian government, state, provincial and local governments, and commercial clients. While your place may look a little different depending on your role, we know you will find yours here. Wherever you work and whatever you do, we invite you to discover your place in our world. Serco is a place you can count on and where you can make an impact because every contribution matters. To review Serco benefits please visit: *********************************************************** . If you require an accommodation with the application process please email: ******************** or call the HR Service Desk at ************, option 1. Please note, due to EEOC/OFCCP compliance, Serco is unable to accept resumes by email. Candidates may be asked to present proof of identify during the selection process. If requested, this will require presentation of a government-issued I.D. (with photo) with name and address that match the information entered on the application. Serco will not take possession of or retain/store the information provided as proof of identity. For more information on how Serco uses your information, please see our Applicant Privacy Policy and Notice (**************************************** . Serco does not accept unsolicited resumes through or from search firms or staffing agencies without being a contracted approved vendor. All unsolicited resumes will be considered the property of Serco and will not be obligated to pay a placement or contract fee. If you are interested in becoming an approved vendor at Serco, please email ********************* . Serco is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, and other legally protected characteristics. Click here to apply now (****************************************************************************************************************************************************** **New to Serco?** Join our Talent Community! (*************************************************** **ID** _70141_ **Recruiting Location : Location** _US-VA-Langley AFB_ **Category** _Engineering_ **Position Type** _Full-Time_ **Security Clearance** _Other_ **Clearance Details** _Active U.S. Department of Defense (DoD) Secret security clearance with the ability to obtain Top Secret / Sensitive Compartmented Information (TS/SCI) and Special Access Program (SAP) eligibility_ **Telework** _No - Teleworking not available for this position_

Information Systems Solutions (ISS) is looking for a candidate to support the JS J7 Joint Training DevSecOps pipeline core infrastructure and data center in Suffolk, VA. The selected candidate will be responsible for supporting the Deputy Directorate, Joint Training (DDJT). This role is 100% onsite. Specific duties include, but are not limited to the following: Knowledge of applicable regulations including DoD 8500.02, DoD 8510, NIST SP 800, 37, NIST SP 800, 53 or 53A, NIST 800 53-r4, NIST SP 800, 30, or CNSSI 1253. Evaluate the information assurance (IA) compliance of systems against current RMF and DoD Cybersecurity Policies. Deep understanding of ACAS vulnerability software and Trellix endpoint security software. 5+ years of experience preferred. Expertise in security technologies and frameworks such as firewalls, VPNs, encryption, SIEM, IDS/IPS, and endpoint protection. Working with onsite government, contractor, or subcontractor staff to resolve issues with onsite products as first line of support. Managed IPS and HIPS firewalls configuring traffic with content filter, ip filtering, and whitelisting. Reviewing, applying, and remediating security vulnerabilities or security controls based on STIG guidance or scanning reports. Excellent problem-solving, analytical, and troubleshooting skills. Hands-on experience with DevSecOps principles and secure software development practices. Familiarity with scripting languages such as Python or PowerShell for automation tasks. Experience with threat intelligence platforms and malware analysis. Strong communication and interpersonal skills, with the ability to explain complex technical concepts to non-technical stakeholders. Ability to work in high-pressure environments and manage multiple projects simultaneously. Why Work For ISS? At ISS we pride ourselves on providing an employee-focused and family first environment. Being a small business, we take the time to get to know our employees and have a vested interest in helping them achieve their career goals. We work to schedule regular social gatherings within the company to foster camaraderie. ISS values their employees by providing a comprehensive benefits package that includes a fully vested 401(k) matching program, coverage of family medical deductibles, spot bonuses, and educational assistance to further your career. Clearance Level Top Secret/SCI Certifications (IAT Level III) (One of the following) • CompTIA Advanced Security Practitioner (CASP) (Preferred) • Cisco Certified Network Prof. Security (CCNP Security) • Certified Information Systems Auditor (CISA) • Certified Info. Systems Security Prof. (CISSP) • Certified Cloud Security Professional (CCSP) And Functional area certification: eMASS, HBSS, ACAS (required prior to start date) Required Skills A Bachelor's degree in Computer Information Technology or Cybersecurity discipline, or related educational field and/or six years of relevant experience.

Input is currently seeking a Public Key Infrastructure (PKI) Auditor & Trainer/Information Systems Security Officer (ISSO) for a potential contract to assist the Department of the Navy (DON) Public Key Infrastructure (KPI) and Key Management Infrastructure (KMI) Services. Location(s): Andrews AFB, MD; Norfolk, VA; San Diego, CA; and Pearl Harbor, HI Key Responsibilities: Maintain Naval Communications Security Material System (NCMS) PKI Registration Authority (RA) and Local RA (LRA) systems, perform operating system updates and validate machines are operating in accordance with Authority to Operate (ATO). Coordinated with Navy Marine Corps Intranet (NMCI) for machine and network troubleshooting. Maintain standard system security and disaster recovery plans and ensure implementation across the detachment. Maintain enterprise architecture Standard Operating Procedures (SOPs) and documentation to include illustrations network topology, system access requirements and processes for obtaining material and replacement hardware and software. Function as the NCMS PKI liaison to external LRA sites providing assistance and information pertaining to System access, network access, peripheral devices. Liaison support also includes working with the government Information System Security Managers (ISSM), and Information System Security Officers (ISSO) to achieve and maintain ATO requirements. Perform Cybersecurity tasks to include validation of Assured Compliance Assessment System (ACAS) scans and patching, apply Security Technical Implementation Guides (STIGs). Properly secure and maintain PKI archives until moved to long term storage facility. Perform backups, validate scans, perform software updates as needed, and review workstation system logs. Complete compliance audits in accordance with Joint Force Head Quarters Department of Defense Information Network (JFHQ-DODIN) PKI Audit requirements, audits drafts, reports, track audit Plan of Action and Milestones (POA&M), schedule audits and perform Training and Assist Visits (TAV). Schedule, conduct and update PKI LRA, Trusted Agent (TA), System Administrator (SA), ISSO classroom training for newly appointed personnel through the Navy. Qualifications: Understanding of Department of Defense (DoD) Common Access Card (CAC) characteristics and CAC/Smart card operation and procedures to include CAC middleware and hardware, with a least one-year experience. Knowledge of the principles, concepts, and methodology of Information Technology (IT) processing and a working knowledge of computer system architecture, performance characteristics and DoD and Service IT security policies with a least one-year experience. Familiar with DoD 8520.02, Public Key Infrastructure and Public Key Enabling. Skilled verbal and written communication techniques required to conduct meetings, and prepare reports and other correspondence Must be able to work independently. Possess analytical processing skills. Possess DoD 8140 qualification of 461 Basic or 451 Intermediate upon first day of employment and continue to maintain extended training requirements as identified in SECNAV M-5239.2. Navy COOL - Navy Cyber Workforce (CWF) Program - CWF Model JFHQ-DODIN PKI Auditor Qualified or served as Navy RA, LRA or PKI ISSO for 3 years.

Solvere Technical has an immediate need for an ONSITE Information Systems Security Engineer (ISSE) at Navy Information Warfighting Development Center (NIWDC) based in Norfolk, Virginia. MUST be a US CITIZEN, live close to NORFOLK, VA, have an ACTIVE TOP SECRET CLEARANCE, with active IAT II CERTIFICATION. Job Description Supports our customer providing system Risk Management Framework (RMF) ATO security engineering services and documentation. Support the Government to ensure core security engineering principles are implemented into assigned programs information systems architecture. Determine client security control requirements and support security categorization of the system. Implement security controls utilizing eMASS and Xacta 360 support tools. Conduct certification and testing in accordance with the Risk Management Framework (RMF) and National Institute of Standards and Technology (NIST) policy; identify deficiencies and providing recommendations of risk mitigation to customer. Perform Risk Assessments and develop Concepts of Operations (CONOPS), Security Policies, Cybersecurity Strategy, Test Plans, System Security Plans and CYBERSAFE related documentation. Maintain the Plan of Action and Milestones (POA&M) to ensure documentation and traceability which outlines a plan to address identified security weaknesses or vulnerabilities within an organization's systems. Perform cybersecurity hardening and security monitoring on network infrastructures (STIGs, patching, ACAS scanning, etc.). Ability to develop and interpret security architectures, data flow diagrams, and publications that depict the system(s) architecture. Ability to be able to identify risk areas of non-compliance and propose solutions to design to full-fill operational requirements and meet cybersecurity requirements simultaneously. Incorporate cybersecurity vulnerability solutions into system designs (e.g., Cybersecurity Vulnerability Alerts). Provide support to security/certification test and evaluation activities. Job Qualifications: MUST be a US Citizen MUST have an active Security Clearance Top Secret MUST reside in Norfolk, Virginia or surrounding areas and able to commute onsite daily. MUST have at least five (5) years of experience as an ISSE on programs and contracts of similar scope, type, and complexity within the Federal Government. MUST have an active CompTIA Security+ CEU or equivalent certification (CISSP, SSCP, CSA+, or equivalent). MUST have an Active DoD 8570 IAT II certification. MUST have a Bachelor's degree in Cybersecurity, Information Assurance, Computer Science, or equivalent 5+ years experience. Must be Proficient in Microsoft Office tools. (Power Point, Word, Visio, etc.). Must have excellent technical writing, reporting and communication skills. Desired Qualifications: Experience conducting security assessments and working with Security Control Assessors (SCAs) and applying standard auditing techniques during systems security control assessments, including the proper interpretation of the control requirements, determining if the artifacts provided are sufficient and recommending remedial action to Government customer to ensure compliance. Knowledge of Department of Defense Architecture Framework (DoDAF) views facilitating integration and promoting interoperability across capabilities and among integrated architectures. Experience with modern networks, operating systems, databases, and virtual computing. Expert knowledge of security engineering, design concepts and principles. Exceptional verbal and written communication skills, with the ability to collaborate across teams and organizations, including senior level management. Proven ability to multi-task and deliver on-time with the highest quality. Experience with the NAVY RMF ATO process. Experience working with Navy EMASS and Xacta 360. Experience with Cloud Systems Masters degree in Cybersecurity, Information Assurance, Computer Science, or equivalent 9+ years experience. Security Requirements: Must already have an Active DoD Top Secret security clearance. Travel Requirements: Occasional travel might be required Physical Requirements: Repeating motions that may include the wrists, hands and/or fingers. Light work that includes moving objects up to 20 pounds BENEFITS Solvere offers a comprehensive and generous benefits package. The Solvere benefits package includes medical, dental, and vision insurance for the employee and/or families. Solvere also includes basic life insurance plus short- and long-term disability for the employee. Employees may elect to enroll in our company s 401k plan. Employees will also accrue paid time off and holidays. Additional voluntary options include supplemental insurance plans. About the Company Visit: ************************ Solvere Technical Group is committed to non-discrimination and equal employment opportunity. All qualified applicants will receive consideration for employment without discrimination based on disability, protected veteran status or any other characteristics protected by law.

Job Description The Cyber Analyst, Mid-Level, applies expertise and work experience executing cyber risk assessments. The ideal candidate will provide a broad range of information assurance activities and has a strong knowledge of systems, operating environments, system security, and networking. *This position requires onsite work Duties Determines system vulnerabilities and residual risk based on analysis of technical artifacts, interviews, and evaluation of current system state Evaluates effectiveness of proposed mitigations Contributes toward recommendations on technical/policy changes, processes and methodologies to assess and mitigate cybersecurity risk on information technology within the SCA's appointed authorization boundary Works with other Cyber Analysts, Subject Matter Experts (SMEs), and SCARs to ensure that all cybersecurity analysis and cybersecurity risk assessments are completed with time and quality standards established by Division leadership and Task Lead Supports program and projects with security and information assurance requirements elicitation based on customer and SME communication and independent research Performs all other duties, as assigned Requirements Bachelor's degree in Cybersecurity, Computer Science, Information Technology, Information Systems required. Equivalent work experience may be substituted for Bachelor's degree. Master's degree preferred. IAM Level II Certification in accordance with the Department of Defense (DoD) approved 8140 baseline certifications required Must have at least 5 years of experience in cyber risk assessment in cyber risk assessment or experience with technologies utilized in AFNET or DoD systems Proficiency with eMASS preferred Must have familiarization with NIST SP 800-53, AFI 17-130, and DODI 8510.01 Strong planning, organization, and analytical skills, with attention to detail required Must be able to take initiative and be self-motivated Quick learner; passionate about technology and able to learn new technology areas as directed Ability to elicit, identify, and research information assurance requirements and perform as a member of an assessment review team Effective team player with good interpersonal skills Must be able to work independently with minimal supervision Excellent written and verbal communication skills required Must be able to display professionalism in all situations Knowledge in emerging technologies including cloud, AI and virtualization, networking, systems engineering, identity management, web technologies, system administration, and system security is preferred This position requires onsite work. Must be flexible to be able to work in the office, as assigned. Must have an active DoD security clearance

Top Secret Clearance Jobs is dedicated to helping those with the most exclusive security clearance find their next career opportunity and get interviews within 48 hours. Overview Delaware Nation Industries is supporting the Naval Surface Warfare Center Dahlgren Division Dam Neck Activity (NSWCDD DNA). We are providing providing enterprise management and technical support of the Navy Marine Corps Intranet (NMCI) by providing assistance in policy, procedures, seat refresh, engineering/technical solutions, ordering to Next Generation Enterprise Network (NGEN)and the Naval Networking Environment (NNE) strategy. Job Summary: The RMF Analyst will assist in developing RMF accreditation packages and assist in maintaining Authorization to Operate (ATO) certifications for networked systems and applications used by the organization. The RMF Analyst will assist in the development of information system documentation and the provision of a designated set of common controls for the authorization package, including the executive summary, system security plan, privacy plan, security control assessment, privacy control assessment, and any relevant plans of action and milestones. This system certification documentation must comply with DoD and Civilian Agency policy focused on NIST 800-37, NIST 800-53 rev 4. Responsibilities Monitor and assess existing Information Security Management and Security Technical Architecture, regulations, and controls (FIPS, NIST, DISN Connection Process Guide(CPG), Navy RMF Process Guide (RPG), Navy Testing Guidance) Assess proposed Information Security Management and Security Technical Architecture, regulations, and controls (FIPS, NIST, DISN CPG, Navy RPG, Navy Testing Guidance) Maintain regular meetings/notes and informal dialog with RDT&E Lab Managers and ISSOs to keep them abreast of upcoming Technical Information Office (TIO) requirements and to gather specifics on their capability and core support requirements and trends Maintain records in the Enterprise Mission Assurance Support Service (eMASS) Evaluating technical testing from Assured Compliance Assessment Solution (ACAS) scans, Evaluate STIG, eMASSter), and Security Technical Implementation Guide Viewer tool using FMATS or other NAVSEA or DoD-approved toolset. Monitor security access, passwords, badges, log-ins, to keep a site or system safe Use firewalls and information security standards to keep their organization secure Perform security assessments, vulnerability testing and risk analysis Conduct security audits internal and external Identify the cause of security breaches and responses to mitigate incidents Qualifications DoD Top Secret Security Clearance 7+ Years of Experience in Cyber Security Bachelor Degree or Equivalent Work Experience Familiarity with NIST IT Security Special Publication (SP) 800 Series with emphasis on NIST SP 800-37 and NIST SP 800-53 rev 4 Cyber Security Workforce level IAM II/III CASP,CISM, or CISSP preferred Experienced STIG reviewer Microsoft Visio and Microsoft Project user Desired: Navy Qualified Validator (NQV) Level II Familiarity with ACAS and RedSeal Familiarity with Evaluate-STIG tool Familiarity with the Vulnerability Remediation Asset Manager (VRAM) web tool Familiarity with the Continuous Monitoring and Risk Scoring (CMRS) web tool AAP/EEO Statement: DNI complies with all federal, state and local laws designed to protect employees and job applicants from discrimination based on race, religion, color, sex, parental status, national origin, age, disability, genetic information, military service, or other non-merit-based factors.

We're seeking a Cyber Network Defense Analyst (CND) to support the Intelligence, Surveillance, Reconnaissance (ISR) Wing Security Office and the Distributed Common Ground System (DCGS) Processing, Exploitation, Dissemination (PED) Operations Center (DPOC).

Solvere Technical has an immediate need for an ONSITE Information Systems Security Engineer (ISSE) at Navy Information Warfighting Development Center (NIWDC) based in Norfolk, Virginia. MUST be a US CITIZEN, live close to NORFOLK, VA, have an ACTIVE TOP SECRET CLEARANCE, with active IAT II CERTIFICATION. Job Description Supports our customer providing system Risk Management Framework (RMF) ATO security engineering services and documentation. Support the Government to ensure core security engineering principles are implemented into assigned programs information systems architecture. Determine client security control requirements and support security categorization of the system. Implement security controls utilizing eMASS and Xacta 360 support tools. Conduct certification and testing in accordance with the Risk Management Framework (RMF) and National Institute of Standards and Technology (NIST) policy; identify deficiencies and providing recommendations of risk mitigation to customer. Perform Risk Assessments and develop Concepts of Operations (CONOPS), Security Policies, Cybersecurity Strategy, Test Plans, System Security Plans and CYBERSAFE related documentation. Maintain the Plan of Action and Milestones (POA&M) to ensure documentation and traceability which outlines a plan to address identified security weaknesses or vulnerabilities within an organization's systems. Perform cybersecurity hardening and security monitoring on network infrastructures (STIGs, patching, ACAS scanning, etc.). Ability to develop and interpret security architectures, data flow diagrams, and publications that depict the system(s) architecture. Ability to be able to identify risk areas of non-compliance and propose solutions to design to full-fill operational requirements and meet cybersecurity requirements simultaneously. Incorporate cybersecurity vulnerability solutions into system designs (e.g., Cybersecurity Vulnerability Alerts). Provide support to security/certification test and evaluation activities. Job Qualifications: MUST be a US Citizen MUST have an active Security Clearance – Top Secret MUST reside in Norfolk, Virginia or surrounding areas and able to commute onsite daily. MUST have at least five (5) years of experience as an ISSE on programs and contracts of similar scope, type, and complexity within the Federal Government. MUST have an active CompTIA Security+ CEU or equivalent certification (CISSP, SSCP, CSA+, or equivalent). MUST have an Active DoD 8570 IAT II certification. MUST have a Bachelor's degree in Cybersecurity, Information Assurance, Computer Science, or equivalent 5+ years experience. Must be Proficient in Microsoft Office tools. (Power Point, Word, Visio, etc.). Must have excellent technical writing, reporting and communication skills. Desired Qualifications: Experience conducting security assessments and working with Security Control Assessors (SCAs) and applying standard auditing techniques during systems security control assessments, including the proper interpretation of the control requirements, determining if the artifacts provided are sufficient and recommending remedial action to Government customer to ensure compliance. Knowledge of Department of Defense Architecture Framework (DoDAF) views facilitating integration and promoting interoperability across capabilities and among integrated architectures. Experience with modern networks, operating systems, databases, and virtual computing. Expert knowledge of security engineering, design concepts and principles. Exceptional verbal and written communication skills, with the ability to collaborate across teams and organizations, including senior level management. Proven ability to multi-task and deliver on-time with the highest quality. Experience with the NAVY RMF ATO process. Experience working with Navy EMASS and Xacta 360. Experience with Cloud Systems Masters degree in Cybersecurity, Information Assurance, Computer Science, or equivalent 9+ years experience. Security Requirements: Must already have an Active DoD Top Secret security clearance. Travel Requirements: Occasional travel might be required Physical Requirements: Repeating motions that may include the wrists, hands and/or fingers. Light work that includes moving objects up to 20 pounds BENEFITS Solvere offers a comprehensive and generous benefits package. The Solvere benefits package includes medical, dental, and vision insurance for the employee and/or families. Solvere also includes basic life insurance plus short- and long-term disability for the employee. Employees may elect to enroll in our company’s 401k plan. Employees will also accrue paid time off and holidays. Additional voluntary options include supplemental insurance plans. About the Company Visit: ************************ Solvere Technical Group is committed to non-discrimination and equal employment opportunity. All qualified applicants will receive consideration for employment without discrimination based on disability, protected veteran status or any other characteristics protected by law.