Mitchell Consulting Services Group
Cybersecurity Engineer (SAP)
Mitchell Consulting Services Group, Colorado Springs, Colorado, United States, 80509
JOB SUMMARY: Provide guidance assistance to all levels of Assessment and Authorization (A&A) technical and non-technical personnel. Put A&A packages together and submit them to the proper agency. Track and report the status to the customer. Document existing and proposed information architecture to convey compliance, problems, and solutions. Resolve incidents and breaches, mitigating problems, and informing key personnel. Analyze Special Access Program networks to identify vulnerabilities and reduce breaches. Develop and implement scanning and certification plans for network control and maintenance. Assist the Government in performing threat assessments to determine if potential threats to a system/network exist and the likelihood of that threat actually occurring to the system. Assist in ensuring that IA and IA-enabled software, hardware, and firmware comply with appropriate security configuration guidelines. Assist in executing all security tests and evaluations and support the creation of comprehensive threat and risk assessment reports. Location: Schriever SFB in Colorado Springs PRIMARY DUTIES: Oversee the overall security, integrity and operations of organizational Special Access Program networks IAW DoDD 5205.07, DODI 5205.11, DoDM 5207.07 Vol I-IV, DoDJSIG, CNSSP 22, CNSSI 1253, ICD 503, AFI 17-101, AFI 17-130, AFI 17-203, AFMAN 17-1301, AFMAN 17-1302-O, AFMAN 17-1402, AFI 31-501, other Special Access Program and local policies and Collect and maintain data needed to meet cybersecurity reporting requirements. Ensure Security Technical Implementation Guide (STIG) configuration, patching, scanning and testing of systems. Develop/find technical solutions and work plans that are consistent with architectural and information system security guidelines. Support the Government in the development of SAP assessment and authorization (A&A) packages via the Risk Management Framework (RMF), IAW DoDJSIG, DoDD 8500.1, DoDI 8500.2, DoDI 8510.01, ICD 502, ICD 503, NIST SP 800-53, and AFPD 33-2, AFI 17-101 and supports organizational customers/users with their specific network and stand-alone system accreditations to include maintaining and updating Trusted Facility Manuals, system descriptions, security policies, user guides, system architectures and s Prepare and present training tailored for initial and periodic organizational Special Access Program network Information Assurance (IA) Training, System Administrator Technical Awareness, and executive level IA training Provide information to support System Administrators, Network Managers, users, procurement staff and security personnel and monitor, implement and report on all security/configuration patches/changes (i.e., NOTAM, IAVA and security/vulnerability advisories) for the organizational Special Access Program network. Perform a weekly review of the audit trail for organizational Special Access Program networks IAW DoDJSIG, ICS 500-27, and ICS 700-02 Conduct vulnerability testing and risk analysis as part of the organizational Special Access Program networks and systems Experience with ACAS, SCAP, XACTA and eMASS Travel is rare. RELEVANT EXPERIENCE: 8 years of experience in information system security development and management. EDUCATION/CERTIFICATION: High School Diploma. 8570 certification and/or IAT II certification required (Sec+ CE). SECURITY CLEARANCE: TOP SECRET/SCI
We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, national origin, disability status, protected veteran status or any other characteristic protected by law.
We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, national origin, disability status, protected veteran status or any other characteristic protected by law.