Galapagos is looking for a Senior Cyber Security Professional with extensive experience certifying information systems, policy development, management of a Cyber Security program, and a working knowledge of Cyber Security policies, directives, and instructions used within the Intelligence and DoD communities. The SCA is responsible for conducting a comprehensive assessment of the management, operational, and technical security controls employed within or inherited by an Information System (IS) to determine the overall effectiveness of the controls (i.e., the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system). SCAs also provide an assessment of the severity of weaknesses or deficiencies discovered in the IS and its environment of operation and recommend corrective actions to address identified vulnerabilities.
Essential Duties and Responsibilities:
Demonstrate subject matter expertise with the RMF processes, policies, and methodologies and apply it to meet the government’s security needs.
Develop and review Security Assessment Report (SAR), Risk Assessment Report (RAR), System Security Plan (SSP), Plan of Action and Milestones (POA&M), Security Control Traceability Matrix (SCTM) and Cross Domain Solutions (CDS) rule sets.
Must have extensive experience in conducting security testing including actual experience as a Test Director with responsibility for recommending accreditation decisions.
Must be proficient in the use of VISIO or other drawing software and have extensive experience in the generation of functional logical and physical diagrams from high level depictions to extremely detailed diagrams of networks and site information technology architectures.
Knowledge of encryption algorithms (e.g., internet Protocol Security [IPSEC]. Advanced Encryption Standard [AES], Message Digest Algorithm [MD5], Secure Hash Algorithm [SHA], triple Data Encryption Standard [3DES]).
Knowledge of host/network access controls (e.g., access control list).
Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusion via intrusion detection technologies.
Knowledge of network protocols (e.g., Transmission Critical Protocol and Internet Protocol [TCP/IP], Dynamic Host Configuration Protocol (DHCP), and directory services (e.g., Domain Name System [DNS]).
Knowledge of penetration testing principles, tools, and techniques.
Knowledge of system and application security threats and vulnerabilities (e.g. buffer overflow, mobile code, crosstie scripting, Procedural Language/Standard Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return oriented attacks, malicious code).
Provide situational awareness to the customer on all accredited and pending accreditation systems.
Applies knowledge of Information Assurance Vulnerability Alerts (IAVAs)
Applies experience with compliance and vulnerability scanning tools (Nessus, McAfee ePO).
Conducts comprehensive security control assessments levied against a system and documenting the results, including recommendations for correcting any weaknesses or deficiencies in the controls.
Conducts comprehensive reviews of security authorization documents to ensure the appropriate security guidelines were used during the assessments and the selections of security controls are relevant to the confidentiality, integrity, and availability of the system.
Performs security control assessments on cloud-based systems (i.e., AWS).
Education and/or Experience
8+ years of experience using different Information Assurance (IA) disciplines
Minimum of a Bachelor’s degree from an accredited college or university in Engineering, Cybersecurity, Computer Science, or related discipline preferred. Relevant work experience and training may be considered in lieu of a degree, like Office of Personnel Management’s (OPM) Crediting Combinations of Education and Experience standard
Knowledge of Windows, Solaris, and UNIX based operating systems
Active TS/ SCI government clearance or SCI eligible
MUST meet DoD 8570 IAT Level II requirements (Security+ ce; CCNA-Security, SSCP, GSEC)
IAM Level III Certifications (CISSP, CISM, or GSLC) preferred
Experience with RMF, CNSSI 1253, NIST SP 800-53, ICD 503
Experience with Security Technical Implementation Guides (STIGs) and Security Content Automation Protocol (SCAP) Compliance Checker (SCC)
Work may involve sitting or standing for extended periods of time. Position may require typing and reading from a computer screen. Must have enough mobility, including but not limited to bending, reaching, and kneeling to complete daily duties in a timely and efficient manner. May include lifting weigh up to thirty (30) pounds as necessary.
Position requires a Top-Secret/SCI clearance
Galapagos, LLC reserves the right to change or modify job duties and assignments at any time. The above job description is not all encompassing. Positions functions and qualifications may vary depending on business needs.
Galapagos, LLC is an equal opportunity employer and does not discriminate against applicants based on race, color, creed, religion, medical condition, legally protected genetic information, national origin, sex (including pregnancy, childbirth or related medical condition), sexual orientation, gender identity and expression, age, disability, or Vietnam era, or other eligible veteran status or legally protected characteristics.