JMSC-IP Information Technology (IT) and Cyber Risk Auditor Associate – TS/SCI Required

About The Position

Requirements

• BS/BA in Cyber Security, Information Security or Computer Science or a related technical discipline, or the equivalent combination of education, technical training, or work experience
• 4 years of related experience; Military and MTC experience preferred
• Competent with eMASS
• Solid knowledge of the SCA-V process and inspection program
• Understanding of NIST, DoD, & Army Cybersecurity & Risk Management Framework policies, directives, instructions, manuals, and best business practices
• SecurityX (CASP+) and/or SEC+ is required
• TS/SCI

Nice To Haves

• Knowledge of current industry methods for evaluating, implementing, and disseminating IT security assessment, monitoring, detection and remediation tools and procedures utilizing standards-based concepts and capabilities
• Basic understanding of disaster recovery continuity of operations plans
• Basic understanding of enterprise incident response program, roles, and responsibilities
• Knowledge of network security architecture concepts
• Knowledge of server administration and systems engineering theories, concepts, and methods
• Experience with VMWare environments
• Experience with Solarwinds or similar discovery and analysis tools
• Experience with vulnerability assessment tools

Responsibilities

• Support cybersecurity risk management activities for training enclaves and exercise networks
• Assist with implementation and documentation of the Risk Management Framework (RMF) in accordance with Department of Defense and U.S. Army policies, control implementation and assessment support
• Support RMF-based cybersecurity risk management for training enclaves and exercise networks in accordance with Department of Defense (DoD) and U.S. Army policies, vulnerability management, POA&M tracking, and continuous monitoring
• Maintain and update RMF artifacts in Enterprise Mission Assurance Support Service (eMASS) to ensure compliance with DoD cybersecurity requirements and support Authorization to Operate (ATO) processes
• Ensure cybersecurity compliance with DoD directives (DoD 8140, 8570.01-M), U.S. Army regulation AR 25-2, and NIST SP 800-53 / NIST SP 800-39, while incorporating guidance from USARPAC CSPMO, U.S. Army Network Enterprise Technology Command, and United States Cyber Command
• Update and document Security Technical Implementation Guide (STIG) compliance in response to vulnerabilities identified during assessments, audits, and inspections, ensuring alignment with Defense Information Systems Agency and Department of Defense cybersecurity standards
• Support the preparation of RMF artifacts, trackers, and supporting documentation required for Security Control Assessment Validation (SCA-V) activities to maintain the U.S. Army Pacific Type ATO
• Assists with audits, vulnerability assessments, and cybersecurity inspections documenting findings and supporting remediation in accordance with Department of Defense and U.S. Army cybersecurity policies
• Performs other cybersecurity duties as required to support RMF compliance, continuous monitoring, and mission assurance in alignment with Department of Defense and U.S. Army standards

Benefits

• Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match.
• To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave.
• To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available.