Agil3Tech (A3T), a fast growing firm, specializes in Defensive Cyber Security Services driven by our customer requirements.

Join A3T and watch your career soar! A3T, is a small but mature, and agile, company looking for incredible and specialized talent to our customers in many important cyber security requirements.  A3T is looking to bring on an experienced Secret cleared Cyber Security / IA Network Specialist (Assess and Authorize Support SME) with “Next-Level Thinking” and who is ready to take their career to a new level with A3T and support our Department of Defense customer.

This position may be eligible for a Sign-on Bonus.

The successful IA Network Specialist Subject Matter Expert (SME) shall support DFAS in conducting security control assessments, risk analysis and drafting Security Assessment Reports and recommendations.  The IA Network Specialist SME shall have the ability to complete accurate
documentation in all Microsoft product formats and effectively brief agency management, Security Control Assessors and Authorizing Official is required. This includes performing the below cybersecurity tasks.

Duties/Responsibilities:

• Conduct assessment of information systems security controls to include technical controls.  DFAS currently has policy and procedure for conducting security assessments. Use these and provide recommendations for any needed improvements.

• Conduct risk assessments for system’s non-compliant security controls IAW NIST 800-30
  and DoD/DFAS processes.  Document results and submit recommendations to SCA.  DFAS
  currently has guidance and procedures for conducting risk assessments. Use these in the evaluation and provide recommendations for any needed improvements.

• Conduct Continuous Monitoring activities such as Annual Assessment evaluations, POA&M analysis and Analyze system’s POA&Ms, providing recommended mitigations and needed fix timelines.   DFAS currently has Program Strategy and System Strategy template. Use these in the evaluation and submit recommendations for any improvements needed.

• Review proposed mitigations, requests for risk acceptance, and the rationale provided for stated residual risk acceptance. Provide evaluation results on an official form used to verify awareness of or risk acceptance by DFAS leadership.

• Analyze proposed system changes, determining minor or significant change and provide guidance on appropriate technical security testing.

Clearance:  Secret

Certifications: 

• Information Assurance Management (IAM) level III.  Certified Information Systems Security Professional (CISSP) or other Equivalent DoD 8570.01-M management level III CS certifications (e.g. other IA management level III baseline certifications). 

Experience:

• Must have a minimum 10 years of experience in cybersecurity documentation and system
  authorization artifacts (System Security Plan, lifecycle documentation, continuous monitoring plan, Security Assessment Plan, Security Assessment Report, Risk Assessment, etc.). 

• Must have working knowledge of the DoD CS policy requirements set forth in Dodi 8500.01, “Cybersecurity,” and DoDI 8510.01, “Risk Management Framework (RMF) for DoD Information Technology” and their successors. Available at http://www.dtic.mil/

• Must have strong critical thinking/analytical skills, creativity, a proven drive for quality, and excellent oral and written communication skills.

• Must have strong technical writing skills.

• Must be able to work under only general direction and be able to independently determine and develop an approach to assessor solutions, only needing review upon completion for adequacy in meeting objectives.

• Must be able to interpret and provide consulting on the development of security guidance, and serve as a RMF SME at key stakeholder meetings.

• Must have extensive knowledge in reviewing, analyzing, and documenting the secure
  implementation of logical controls, physical controls, environmental controls, personnel security and incident handling,

• Must have experience with DoD security hardening, collection and assessment tools (STIGS, ACAS SCAP, Nessus, etc.) and experience with security architectures, firewalls and network access.  

• Must have strong organizational skills and an ability to stay focused while managing multiple tasks concurrently.

• Must have experience in application code analysis, both static and dynamic, utilizing tools such as HP Fortify and Web Inspect.

• Must have extensive DoD Information Assurance Certification & Accreditation Process (DIACAP) and NIST experience in security control assessments and risk assessments utilizing:
  

• NIST SP 800-53 Security and Privacy Controls for Federal Information Systems and
  Organizations, current edition

• NIST SP 800-37 Guide for Applying the Risk Management Framework to Federal
  Information Systems

• NIST SP 800-30 Guide for Conducting Risk Assessments, current edition

• NIST SP 800-39 Managing Information Security Risk, current edition

• Committee on National Security Systems Instruction 1253, Security Categorization and Control Selection for National Security Systems, March 15, 2012 as amended.

• Subchapter III of chapter 35 of Title 44, United States Code (also known as the Federal Information Security Management Act (FISMA of 2002)

• NIST SP 800-137 Information Security Continuous Monitoring (ISCM) for Federal
  Information Systems Organizations, current edition

Agil3Tech (A3T) offers a competitive benefits package to include: paid holidays, paid time off, medical, dental, vision, company paid long and short term disability and life insurance, referral bonuses, certification reimbursement program, etc.

It is the policy of A3T to provide equal opportunity in recruiting, hiring, training, and promoting individuals in all job categories without regard to race, color, religion, national origin, gender, age, disability, genetic information, veteran status, sexual orientation, gender identity, or any other protected class or category as may be defined by federal, state, or local laws or regulations.

We maintain a drug-free workplace and perform pre-employment substance abuse testing to include background checks.