Computer Security System Specialist-II

• Six (6) years of information assurance/cybersecurity experience with military automated information systems and information technology. 
• Working knowledge of the Risk Management Framework (RMF) for Information Technology. Support cybersecurity tasks for program applications, components, and sub-components.
• Assist with tracking, updating, and coordinating information related to Change Requests as they impact cybersecurity activities.
• Follow cybersecurity processes and procedures under DoD to protect US Government sensitive information.
• Update cybersecurity documentation in accordance with DOD policy and instruction as required by the ISSM and upload that documentation to a location identified by the ISSM where it is accessible to authorized individuals. 
• Verify and validate that security updates and patches are tested and applied to software and operating systems. 
• Review information assurance vulnerability management (IAVMs), communications tasking orders (CTOs), operational directives (OPDIRs), vulnerability alerts, and vendor notifications to determine applicability to systems and to assess the impact and provide assessment to the ISSM.
• Track, report status, and provide remediation suggestions for identified vulnerabilities. 
• Participate in cybersecurity discussions and vulnerability assessment scan reviews and provide technical guidance and solutions implementing cybersecurity best practices which will increase the security of the system and mitigate or eliminate vulnerabilities. 
• Generate, review, and update cybersecurity documentation as required by risk management framework (RMF) processes. 
• Support all activities required for maintaining the authority to operate (ATO) and Federal Information Security Management Act (FISMA) compliances. These activities include, but are not limited to, Annual Security Reviews, Annual Security Control testing, Annual Contingency Plan testing, and quarterly update and submission of a quarterly Plan of Action and Milestones (POA&M). 
• Support cyber readiness inspections (CRI) and IV&V events as required. This includes but is not limited to; reviewing and updating systems security documentation, performing pre-assessment scans, analyzing vulnerability scan results, analyzing and updating configuration documentation, evaluating STIGs, evaluating test results, preparing and reviewing POA&Ms, and providing remediation options for vulnerabilities. All vulnerabilities shall be identified in the Security POA&M.

Technical Skills Required

• Knowledge of DoD cybersecurity processes and procedures
• Firm Knowledge of common cybersecurity threats, vulnerabilities, and attack vectors, including malware, phishing, social engineering, and network attacks.
• Familiarity with security tools and technologies, such as firewalls, intrusion detection/prevention systems, antivirus software, and vulnerability scanners
• Strong analytical and problem-solving skills to identify security risks, analyze logs and security events, and propose effective solutions.
• Excellent communication and interpersonal skills to collaborate with teams, and educate users on security best practices, and provide clear and concise reports and documentation.

Education Required

• High school diploma is required 
• Associates degree is preferred 

Clearance

• Public Trust clearance or higher is Required

Certifications Required 

• Security+ is Required 

At least one of the following is also Required:

• Certified Information Systems Security Professional (CISSP) 
• Certified Information Security Manager (CISM) 
• Certified Authorization Professional (CAP) 
• CompTIA Advanced Security Practitioner (CASP+) 
• GIAC Security Leadership Certificate (GSLC) 
• Certified Chief Information Security Officer (CCISO) 
• Healthcare Information Security & Privacy Practitioner (HCISPP)