Job Location

Position Type

Education Level

Job Category

THE COMPANY

Since 1997, ICS has provided support to no-fail missions in the Federal DoD, Civilian, Military and Intelligence communities. Many of our programs are in direct support of the United State Military and the individual warfighter. We consider this both a duty and an honor. Our employees exemplify our Core Values of Integrity, Excellence, Grit, Selfless Service and Getting Stuff Done to ensure we do our part to support those on the frontlines defending the freedoms we hold dear.

THE POSITION

In this role, you will serve as the subject matter expert with a focus on cybersecurity risk management and governance, including the integration of cyber disciplines, such as mission assurance and supply chain risk management. You will work closely with the Cybersecurity Manager, Information Systems Security Engineers, and Systems/Network Engineers to ensure approaches, constraints, and perspectives are fully recommended and considered in risk management and policy decisions. Analyze the development of strategy, policy, governance, and implementation guidance recommendations to more closely integrate cybersecurity disciplines to enable a holistic risk management approach. You will also perform Risk Management Framework (RMF) Assessment and Authorization (A&A) responsibilities. Develop the documentation, validation, and accreditation processes necessary to assure systems meet security and privacy requirements. Evaluate test results, analyze risk, and develop security assessment documentation to support accreditation decisions. Create a risk mitigation strategy and ensure security configurations are maintained in accordance with DoD mandated policies. Interpret RMF guidance from Authorizing Officials for clients and provide information and input for the preparation of accreditation packages. Assess the applicability of emergent vulnerabilities to individual systems and technologies.

COMPENSATION AND BENEFITS

We offer a premium base salary with compensation commensurate with experience. We provide a robust benefits package including Tuition Reimbursement, 401K Match, BCBS Health Coverage, and Paid Time Off EVEN YOUR BIRTHDAY!

RESPONSIBILITIES:

• Lead the development and maintenance of information security policies, standards, and control procedures to enable compliance with RMF.
• Complete Security Authorization packages, to include system security plans, security assessment reports, POA&M summaries and a continuous monitoring plan/assessment schedule, and present executive briefing to senior management.
• Ensure security risk assessments are conducted as appropriate on any system upgrades, software/hardware changes, etc.
• Ensure security authorization boundaries are properly defined and captured in the system security plans, and that all interconnection agreements are in place and current.
• Ensure system security authorization controls contain accurate implementation statements and assessments results, and that appropriate artifacts are completed to support findings. Provide hands-on assistance as appropriate.
• Ensure POA&Ms have appropriate milestones, accurate description of the weaknesses and remediation, task owners, estimated cost to completion and realistic due dates. Provide hands-on assistance to Components as necessary.

ADDITIONAL INFORMATION

• Position is 100% onsite in Warrenton, VA
• Video interviews will be conducted
• Will be expected to be able to perform typical day-to-day tasks autonomously, requiring assistance in only the most complex tasks

• Active TS/SCI clearance, AND;
• Bachelor's degree in a related field
• Active DoD 8570.01-M IAT-II or IAM-I baseline certification requirements such as Security + or equivalent.
• 5+ years of directly related experience with eMASS, Exacta, and SCAP
• Excellent written and communication skills
• Experience in developing cybersecurity or IT policy and guidance
• Experience with developing IT policy, guidance, or procedure documentation supporting cybersecurity accreditations
• Experience with analyzing, assessing, or implementing NIST SP 800-53 security controls, CCIs, and associated assessment procedures
• Experience with developing and presenting complex technical information for technical and non-technical audiences
• Expert familiarity with RMF
• Ability to travel up to 25% of the time
• 4 additional years of experience can be substituted for no degree

PREFERRED:

• Previous supervision and/or participation with cybersecurity Assessment and Authorizations
• Ability to provide hands-on SOC tools assistance as necessary
• Familiarity with cybersecurity tool suite; Splunk, ACAS, ForeScout, Avanti (Lumension), and HBSS

Equal opportunity employer, including disability/vets.