This job board retrieves part of its jobs from: Toronto Jobs | Emplois Montréal | IT Jobs Canada

God Enriches | Local jobs for the people of Arizona

To post a job, login or create an account |  Post a Job

New

Cyber Security Services (Cyber Security -SME) with Security Clearance

Amyx Inc

This is a Contract position in Fort Huachuca, AZ posted August 11, 2022.

Amyx is seeking an exceptional candidate to serve as Cyber Security Senior – SME Defense – SME for the US Army Regional Cyber Center – Continental United States (RCC-CONUS) program responsible for performing non-personal Information Technology (IT) Services and support requirements. RCC-CONUS is responsible to operate, manage, and defend the Army’s NIPRNet and Secure Internet Protocol Router Network (SIPRNet) CONUS portion of the GIG, and the NIPRNet and SIPRNet DoDIN-A. The RCC-CONUS functions as part of a larger joint environment, responding to the Theater Combatant Commanders, the ARCYBER, and the Army Cyber Command’s Army Cyberspace Operations and Integration Center (ACOIC), which operates the GIG in support of Department of Defense (DoD) operations around the world. Services include Network and System Modernization, Cyber Defensive Operations, Defensive Cyber Assessments, Defensive Cyber Infrastructure Support, Threat & Data Analytics, DoDIN Operation Support, Network Management, Systems Management, IT Lifecycle Management, IT Service Management (ITSM), Portfolio/IT Investment Management, and Theater Operations and Service Desk support. The candidate will provide Cyber Security services to aid the Government in securing DODIN-A information systems and networks (NIPRNet, SIPRNet) as dictated by AR 25-2, AR 380-5 and all other applicable DoD, Army and RCC-CONUS security policies and procedures. Responsibilities • Responsible for Vulnerability Management for all services for which the RCC-CONUS provides O&M support; Access Management for all provisioning network access for all RCC-CONUS employees; physical access control of the RCC-CONUS Network Operations Facilities (NOF); Command Cyber Readiness Inspections (CCRIs) and CSSP inspections preparation, visit and remediation; Security Assistance Visits (SAVs) preparation, visit and remediation; auditing of services, access, usage, etc., as outlined in existing policy and regulatory guidance; system authorization/Risk Management Framework (RMF) documentation and maintenance and Cyber Security Service Provider documentation and maintenance.
• Responsible for documenting all established security processes and provide to Government for review and/or approval. • Establish a vulnerability management process to identify, classify, prioritize, remediate and/or mitigate, verify, and document existing vulnerabilities to the network and information systems.
• Establish a vulnerability management plan to formalize their approach in maintaining, enhancing, and verifying the security posture of the network. • Familiar with secure and reliable connectivity of Enterprise and Cloud Systems.
• Responsible for monthly vulnerability scanning of all services for which the RCC-CONUS provides O&M support.
• Coordinate any findings with RCC-CONUS system and/or network owners for corrective action. The Contractor shall properly apply patches to the devices to remediate. • Adhere to Government security guidelines by using IAVMs and other published guidance for vulnerability tracking and remediation.
• Record all scans and actions taken, to include POA&M and mitigation plans, in DoD and/or other RCC-CONUS approved tracking system.
• Responsible for Vulnerability Management for all services for which the RCC-CONUS provides O&M support; Access Management for all provisioning network access for all RCC-CONUS employees; physical access control of the RCC-CONUS Network Operations Facilities (NOF); Command Cyber Readiness Inspections (CCRIs) and CSSP inspections preparation, visit and remediation; Security Assistance Visits (SAVs) preparation, visit and remediation; auditing of services, access, usage, etc., as outlined in existing policy and regulatory guidance; system authorization/Risk Management Framework (RMF) documentation and maintenance and Cyber Security Service Provider documentation and maintenance.
• Responsible for documenting all established security processes and provide to Government for review and/or approval. • Establish a vulnerability management process to identify, classify, prioritize, remediate and/or mitigate, verify, and document existing vulnerabilities to the network and information systems.
• Establish a vulnerability management plan to formalize their approach in maintaining, enhancing, and verifying the security posture of the network. • Familiar with secure and reliable connectivity of Enterprise and Cloud Systems.
• Responsible for monthly vulnerability scanning of all services for which the RCC-CONUS provides O&M support.
• Coordinate any findings with RCC-CONUS system and/or network owners for corrective action. The Contractor shall properly apply patches to the devices to remediate. • Adhere to Government security guidelines by using IAVMs and other published guidance for vulnerability tracking and remediation.
• Record all scans and actions taken, to include POA&M and mitigation plans, in DoD and/or other RCC-CONUS approved tracking system.
• Responsible for tracking all published IAVAs with RCC-CONUS current vulnerability status and maintain the IAVM compliance information in the Army/DoD designated tool. • Prepare any IAVA impact statements, extension requests, scorecards, and compliance reporting on a weekly basis. • Verify RCC-CONUS system owner security policy and IAVM compliance through regular network audits as dictated by existing regulatory guidance and policies.
• Responsible for including an approach for auditing required network controls, access, usage, unauthorized software, anti-virus definitions, etc. to include identifying the security posture of the network.
• Provide a monthly report summarizing audit findings which includes issue, prioritization, and remediation.
• Identify analyze and report any security breaches, to include virus reports, spillage, security leaks, or password compromise.
• Perform all management services for all accounts, credentials, badges, and network access for all RCC-CONUS employees (approximately 300+ Government and Contractor personnel) using a Role-Based Access Control approach to standardized access based upon the employee’s function within the RCC-CONUS. • Responsible for issuing accounts, credentials and badges based solely on the identified employee function and verification of the certification/training necessary to provide privileged access. • Manage certification and training requirements required for account and network access (privileged/non-privileged) and any other training specified in Section 5 for all RCC-CONUS employees within Army Training and Certification Tracking System (ATCTS).
• Provide a monthly status report for RCC-CONUS training and certification compliance to the Government.
• Manage the In and Out processing of all RCC-CONUS employees which includes but is not limited to account issuance and closure, issuance and collection of badges, tokens and keys, etc. • Provide physical security and access control for the RCC-CONUS NOF and extended facilities/rooms within Greely Hall in compliance with all existing policy and regulatory guidance (RCC-CONUS Security Policy, NETCOM G2, ARCYBER, DOD, etc.). • Must be familiar with DISS to validate security clearances.
• Perform periodic walk-throughs and monthly inspections to ensure adherence to established security procedures and policy within the RCC-CONUS.
• Provide the results of the inspection to the Government monthly. • Track remediation of all findings through closure. The Contractor shall perform these functions in support of the RCC-C Government Security Manager.
• Provide escort services to ensure external personnel have controlled access to the RCC-CONUS NOF to remediate facility health and safety concerns, cleaning staff, and warranty repairmen as required. All escort duties will be coordinated in advance by the Government to provide the Contractor sufficient notice for staffing. • Report all escort duties via a monthly report for tracking purposes.
shall sanitize unclassified and classified hard drives or other storage devices prior to turn-in, disposal and/or re-issuance. Qualifications Required: • BA /BS or an MA/MS preferred from an accredited university • Minimum of 12+ years of related IT experience
• Substitution Allowance (MA/MS with 10+ years’ experience can be substituted for above requirements)
• Top Secret/SCI security clearance • “Microsoft Certified: Azure Fundamentals, CompTIA Cloud+, AWS Certified Solutions Architect – Associate, or equivalent
• VMware Certified Advanced Professional; MCSE: Core Infrastructure, or equivalent
• IAT Level II Baseline Certification Desired: Demonstrated knowledge and understanding of the RCC-C mission
15+ years of related IT experience *Must demonstrate proof of vaccination against Covid-19* Please contact with any questions! Amyx is an Equal Opportunity employer. Amyx is committed to providing equal employment opportunity to all job seekers. Every qualified applicant receives focused consideration for employment and no one is discriminated against on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status. In addition to federal law requirements, Amyx complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training. Equal Opportunity Employer- Minorities/Females/Veterans/Individuals with Disabilities/Sexual Orientation/Gender Identity. Amyx is an E-Verify employer. Amyx proudly and proactively takes affirmative action to advance employment of individuals who are minorities, women, protected veterans and individuals with disabilities. Physical Demands Employee needs to be able to sit at a workstation for extended periods; use