Cyber Security – Senior SME – 4134/3195/21260-5652

This job was posted by https://www.azjobconnection.gov : For more
information, please see: https://www.azjobconnection.gov/jobs/6692701

Job Description

Computer World Services, Corporation (CWS) is seeking an exceptional
candidate to serve as Cyber Security Senior – SME Defense – SME
for the US Army Regional Cyber Center – Continental United States
(RCC-CONUS) program responsible for performing non-personal
Information Technology (IT) Services and support requirements. RCC-CONUS
is responsible to operate, manage, and defend the Armys NIPRNet and
Secure Internet Protocol Router Network (SIPRNet) CONUS portion of the
GIG, and the NIPRNet and SIPRNet DoDIN-A. The RCC-CONUS functions as
part of a larger joint environment, responding to the Theater Combatant
Commanders, the ARCYBER, and the Army Cyber Commands Army Cyberspace
Operations and Integration Center (ACOIC), which operates the GIG in
support of Department of Defense (DoD) operations around the world.
Services include Network and System Modernization, Cyber Defensive
Operations, Defensive Cyber Assessments, Defensive Cyber Infrastructure
Support, Threat & Data Analytics, DoDIN Operation Support, Network
Management, Systems Management, IT Lifecycle Management, IT Service
Management (ITSM), Portfolio/IT Investment Management, and Theater
Operations and Service Desk support.

The candidate will provide Cyber Security services to aid the Government
in securing DODIN-A information systems and networks (NIPRNet, SIPRNet)
as dictated by AR 25-2, AR 380-5 and all other applicable DoD, Army and
RCC-CONUS security policies and procedures.

Key Tasks and Responsibilities

Responsible for Vulnerability Management for all services for which the
RCC-CONUS provides O&M support; Access Management for all provisioning
network access for all RCC-CONUS employees; physical access control of
the RCC-CONUS Network Operations Facilities (NOF); Command Cyber
Readiness Inspections (CCRIs) and CSSP inspections preparation, visit
and remediation; Security Assistance Visits (SAVs) preparation, visit
and remediation; auditing of services, access, usage, etc., as outlined
in existing policy and regulatory guidance; system authorization/Risk
Management Framework (RMF) documentation and maintenance and Cyber
Security Service Provider documentation and maintenance.

Responsible for documenting all established security processes and
provide to Government for review and/or approval.

Establish a vulnerability management process to identify, classify,
prioritize, remediate and/or mitigate, verify, and document existing
vulnerabilities to the network and information systems.

Establish a vulnerability management plan to formalize their approach in
maintaining, enhancing, and verifying the security posture of the
network.

Familiar with secure and reliable connectivity of Enterprise and Cloud
Systems.

Responsible for monthly vulnerability scanning of all services for which
the RCC-CONUS provides O&M support.

Coordinate any findings with RCC-CONUS system and/or network owners for
corrective action. The Contractor shall properly apply patches to the
devices to remediate.

Adhere to Government security guidelines by using IAVMs and other
published guidance for vulnerability tracking and remediation.

Record all scans and actions taken, to include POA&M and mitigation
plans, in DoD and/or other RCC-CONUS approved tracking system.

Responsible for tracking all published IAVAs with RCC-CONUS current
vulnerability status and maintain the IAVM compliance information in the
Army/DoD designated tool.

Prepare any IAVA impact statements, extension requests, scorecards, and
compliance reporting on a weekly basis.

Verify RCC-CONUS system owner security policy and IAVM compliance
through regular network audits as dictated by existing regulatory
guidance and policies.

Responsible for including an approach for auditi g required network
controls, access, usage, unauthorized software, anti-virus definitions,
etc. to include identifying the security posture of the network.

Provide a monthly report summarizing audit findings which includes
issue, prioritization, and remediation.

Identify analyze and report any security breaches, to include virus
reports, spillage, security leaks, or password compromise.

Perform all management services for all accounts, credentials, badges,
and network access for all RCC-CONUS employees (approximately 300
Government and Contractor personnel) using a Role-Based Access Control
approach to standardized access based upon the employees function
within the RCC-CONUS.

Responsible for issuing accounts, credentials and badges based solely on
the identified employee function and verification of the
certification/training necessary to provide privileged access.

Manage certification and training requirements required for account and
network access (privileged/non-privileged) and any other training
specified in Section 5 for all RCC-CONUS employees within Army Training
and Certification Tracking System (ATCTS).

Provide a monthly status report for RCC-CONUS training and certification
compliance to the Government.

Manage the In and Out processing of all RCC-CONUS employees which
includes but is not