Cybersecurity, Senior

DCS has an exciting opportunity for a Cybersecurity support to ensure that all system and application deliverables meet the requirements of all DoD and Air Force cybersecurity policies as identified in the following paragraphs. The applicant shall ensure that all system deliverables comply with DoD and Air Force cybersecurity policy, specifically DoDI 8500.01, Cybersecurity, and that application deliverables are complaint with Public Law 111-383, which states the general need for software assurance.

To ensure that cybersecurity policy is implemented correctly on systems, the applicant shall ensure compliance with DoD and Air Force certification and accreditation policies, specifically Department of Defense Instruction (DoDI) 8510.01, Risk Management Framework (RMF) for DoD Information Technology. The applicant shall ensure that all application deliverables comply with DISA Application Security Development Security Technical Implementation Guide (STIG), which includes the need for source code scanning to mitigate vulnerabilities associated with SQL injections, cross-site scripting and buffer overflows.

The applicant shall support activities and meet the requirements of DoDI 8520.02, Public Key Infrastructure (PKI) and Public Key (PK) Enabling, in order to achieve standardized, PKI- supported capabilities for biometrics, digital signatures, encryption, identification and authentication.

The applicant shall be able to perform work that involves ensuring the confidentiality, integrity, and availability of systems, networks, and data through the planning, analysis, development, implementation, maintenance, and enhancement of information systems security programs, policies, procedures, and tools.

The applicant shall travel as required to support cybersecurity assessments or cybersecurity incidents.

The applicant shall ensure personnel performing cybersecurity activities obtain and remain current with technical and/or management certifications to ensure compliance as directed by DoD 8140.02, Identification, Tracking, and Reporting of Cyberspace Workforce Requirements, and outlined in DoD 8570.01-M, Department of Defense Computer Network Defense (CND) Service Provider Certification and Accreditation Program, Appendix 3, Table 1.

Responsibilities may include but are not limited to:

• Assist with development of System Security Management Plans, Program Protection Plans, Security Risk Analyses, OPSEC Plans, Computer Certification and Accreditation, Security Vulnerability and Countermeasures Analyses, Security Concepts of Operations, and other system security engineering-related documents identified in MIL-STD 1785, DoDI 5000.02, Operation of the Adaptive Acquisition Framework, and DoDI 8510.01.
• Support the system/application Authorization and Accreditation (A&A) effort to include assessing and guiding the quality and completeness of A&A activities, tasks and resulting artifacts mandated by governing DoD and Air Force policies (i.e., Risk Management Framework (RMF).
• Update, monitor, and manage information in systems for the program office.
• Process and manage system user account requests and process tools.
• Process and manage system port/protocol and access control list requirements.
• Process and manage system Public Key Infrastructure (PKI) identification and authorization requirements.
• Manage the distribution, implementation, remediation, and tracking of system security updates and configurations as required by the DoD.
• Recommend policies and procedures to ensure information systems reliability and accessibility to prevent and defend against unauthorized access to systems, networks, and data.
• Conduct risk and vulnerability assessments of planned and installed information systems to identify vulnerabilities, risk, and protection needs.
• Promote awareness of security issues among management and ensuring sound security principles are reflected in organizations' vision and goals.
• Conduct systems security evaluations, audits and reviews.
• Recommend systems security contingency plans and disaster recovery procedures.
• Recommend and implementing programs to ensure that systems, network, and data users are…