Cyber Assessor, VMD, Fairfax, VA
VMD -
Fairfax, VA,
US
Cyber Assessor
Date Posted: 2024-06-17
Job description
Description
We are a team of visionary leaders who shift the paradigm to bring our customers game changing innovations and emerging technologies to strengthen their missions. As a Vision, Mission, and Driven company, VMD has been delivering information technology solutions to the Federal government in Agile Engineering, Cybersecurity, and Critical Infrastructure Protection since 2002. Why Join VMD Corp? At VMD you have the opportunity to thrive in your career and become a Game Changer. The quality and talent of our people is what drives the success of VMD. We embrace an employee-first culture and make it a priority to provide professional development opportunities that foster career growth.We help protect American Citizens and the nation's most critical infrastructure by working alongside our customers and delivering game changing solutions to strengthen their missions. We believe our passion and commitment to achieve our customers' goals and solve their most critical challenges defines who we are. We don't just dream big, we act on it - through teamwork, dedication, and resilience.
Learn more about VMD culture here: VMD Culture About the Mission You Will Join: The Cyber Assessor role will play a vital role on a contract supporting the government customer's OCIO, conducting comprehensive cyber security assessments to ensure the overall security posture of the organization. Your Impact to the Mission: As a Cyber Assessor you will work alongside a team of specialized assessors to conduct formal, independent, and objective cybersecurity audits and inspections to determine compliance of requirements and assess effectiveness and resiliency of cybersecurity measures applied to IT and OT systems and applications. The Cyber Assessor will:
- Ensure all assessments are conducted according to approved organizational cybersecurity technical and programmatic processes, which are modeled to National Institute of Standards and Technology (NIST) Special Publication (SP) 800-115 and Department of Defense Command Cyber Security Readiness Inspections (CCRI) processes.
- Provide formal audit and inspection expertise in accordance with national cybersecurity requirements and industry related best practices for all end nodes and devices connected to NNSA classified and unclassified networks;
- Demonstrate and utilize expert knowledge in the review of technical and programmatic cybersecurity protections as documented in NIST SP 800-53 and the Committee on National Security Systems Instruction 1253; understand NIST and organizational implementations of risk management processes; cybersecurity threat and vulnerability identification and analysis; and the ability to quantify and qualify impact and risk posed to the confidentiality, integrity, and availability of government information and operational technology systems, applications, and information under assessment;
- Demonstrate sufficient knowledge in other security disciplines such as information security, technical security (i.e., Protected Distribution Systems, TEMPEST, and Wireless Security), communications security, operations security, and physical security to assess related cybersecurity protection measures in support of CCRI and enterprise system assessment activities;
- Support all assessment types according to the target scope; support scheduling and coordination activities; manage data call information; draft technical rules of engagement; complete assessment plans and onsite validation logistics prior to the assessment.
- Prepare for all assessments as scheduled, interview personnel, test controls, and physically examine IT/OT systems, applications, components, and related security artifacts documenting findings and deficiencies to requirement non-compliance, offering recommendations for improvement, or denoting best practices as defined in approved assessment plans, processes, and procedures.
- Correlate, conduct trend analysis, and support the development of key assessment and finding data.
- Support daily and final briefings, and complete audience appropriate, comprehensive reports.
- Support the development of the assessment program by documenting or updating processes and procedures, supporting and tracking issues management, and participating in strategic planning.
- Experience in all phases of the planning, development, and execution of a cybersecurity assessment program.
- Ability to provide informed, expert technical opinion and translate technical findings to business impact.
- Highly skilled in baseline cybersecurity requirements for a federal government agency.
- Highly skilled in research, writing, and communication of technical cybersecurity topics.
- Remains abreast of threats to diverse information and operational technologies
- Effective information and data management.
- Education Requirement: Bachelor's degree
- Can Additional Years of Experience Substitute for Degree?Yes
- Required Certification(s):Maintain technical certifications to satisfy requirements of the DoD 8570 Information Assurance Manager III category (CISSP, CISM, etc)
- Minimum Years of Overall Experience:12
- Minimum Years of Specific Experience in Field:8
- Minimum Clearance to Start:Top Secret
- Work Status Allowable:US Citizen
- Foster a culture of information sharing.
- Maintain impeccable time and organization skills.
- Possess expert writing and presentation skills.
- Capable of thinking outside-the-box.
- High attention to detail
- Travel:Significant(between 25%-75%)
- Telecommute Options:Remote, with frequent travel. Work will be conducted at various sites across the continental US. Position will be remote when not traveling.