Supervisor IT Specialist – Cybersecurity (Validator) NF5

By | November 3, 2022

Job Responsibilities : Supervisor IT Specialist – Cybersecurity (Validator) NF5

Salary : $115000 Per Year

Company : U.S. Marine Corps

Location : Remote US

Duties

Serves a Supervisory Cybersecurity Analystwithin the Enterprise Cybersecurity and Compliance Office as a Validator. The validator will examine through demonstration inspection or analysis the extent to which a system or application meets a set of security requirements as specified by the Authorizing Official (AO) governing instructions and directives. The Security Control Validator (SCV) develops and conducts tests of systems to evaluate compliance with specifications and requirements by applying principles and methods for cost effective planning evaluating verifying and validating of technical functional and performance characteristics of systems or elements of systems incorporating IT.

Conducts assessments of threats and vulnerabilities; determines deviations from acceptable configurations enterprise or local policy; assesses the level of risk; and develops and/or recommends appropriate mitigation countermeasures in operational and nonoperational situations. The position is responsible for evaluation of IT systems or its individual components to determine compliance with published standards. Plans prepares and executes tests of systems to evaluate results against specifications and requirements as well as analyze/report test results.

Supervises full performance employees to include: assigning and distributing work coaching counseling tutoring and mentoring employees; approving and disapproving leave recommending and completing personnel actions completing performance reviews and signing timecards and training employees.

Roles include:

Develop test plans to address specifications and requirements. Make recommendations based on test results. Determine scope infrastructure resources and data sample size to ensure system requirements are adequately demonstrated. Create auditable evidence of security measures. Validate specifications and requirements for testability. Analyze the results of software hardware or interoperability testing. Perform operational testing. Test evaluate and verify hardware and/or software to determine compliance with defined specifications and requirements. Develop methods to monitor and measure risk compliance and assurance efforts.

Evaluate the effectiveness of procurement function in addressing information security requirements and supply chain risks. Ensure that supply chain system network performance and cybersecurity requirements are included in contract language and delivered.

Prepare audit reports that identify technical and procedural findings and provide recommended remediation strategies/solutions. Perform technical (evaluation of technology) and nontechnical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas.

Coordinate with project management development and other technical teams to create and submit A&A packages using the Marine Corps Certification and Accreditation Support Tool. Assess the implementation of security controls and hardening on various technology platforms and guidance for vulnerabilities STIGs security requirements guides (SRG) RMF security controls. Coordinate and interface with a team of system administrators and network engineers to complete Cybersecurity testing on systems and networks and assist with remediation guidance and verification.

Assists in the daily operations and development of the MR Cybersecurity program that identifies architecture requirements objectives and policies personnel and processes and procedures as they relate to policy standards and guidelines. Provides security oversight for MR and subordinate commands. As a SCV test the implementation of applicable Cybersecurity controls for an assigned MCCS system. Ensure that development review endorsement and maintenance of security compliance documentation is accomplished. Validate that documentation includes the System Security Plan(s) (SSP) for all MR applications networks and stand-alone systems. Develop coordinate and conduct security CY and compliance training as required.

Performs security compliance efforts IAW the PCI FISMA NIST SP 800 series FIPS series and USMC related policies and procedures. Coordinates directly with Project Managers service providers consultants and other USMC commands for compliance requirements. Works directly and proactively with MCCS IT Security staff Project Managers IT Managers and HQMC C4/CY to meet objectives and to ensure maximum effective use of tools techniques and methodologies in proposing developing and implementing IT solutions. Liaises with designated HQMC C4 office staffs responsible for system CY and IT Portfolio management to ensure currency with compliance matters. Occasional travel may be required. This is a white-collar position where occasional lifting up to 20 lbs. may be required.

Requirements

Conditions of Employment

  • See Duties and Qualifications

EVALUATIONS:

Qualifications

Bachelors’ Degree in Information Technology or Business related field appropriate to the work of position OR ten years of experience performing specific tasks for Independent Verification and Validation (IV&V) security assessments risk assessments or cybersecurity (CY): OR an appropriate combination of education and experience that demonstrates possession of knowledge and skill equivalent to that gained in the above OR appropriate experience that demonstrates that the applicant has acquired the knowledge skills and abilities equivalent to that gained in the above. Must have the skillset to supervisor others in completion of work.

Certification as an Information Systems Security Professional (CISSP) is required or equivalent level education and appropriate experience with DoD system security and information assurance (IA) policy and procedures.

As an authorized and privileged user of Department of Defense Information Systems must fulfill the requirement to complete DoD Workforce Improvement Program certification (8570.01-M) as a condition of access within six months of employment.

Expertise in:

  • Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.
  • Ability to analyze test data.
  • Ability to collect verify and validate test data.
  • Ability to translate data and test results into evaluative conclusions.
  • Ability to ensure security practices are followed throughout the acquisition process.
  • Ability to share meaningful insights about the context of an organization’s threat environment that improve its risk management posture.
  • Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality integrity availability authentication non-repudiation).
  • Ability to produce technical documentation
  • Ability to conduct vulnerability scans and recognize vulnerabilities in security systems
  • Ability to prepare and present briefings
  • Ability to answer questions in a clear and concise manner
  • Ability to communicate effectively when writing

Proficient in/Experience with:

  • Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems.
  • Skill in assessing the robustness of security systems and designs.
  • Skill in conducting test events.
  • Skill in detecting host and network based intrusions via intrusion detection technologies (e.g. Snort).
  • Skill in determining an appropriate level of test rigor for a given system.
  • Skill in developing operations-based testing scenarios.
  • Skill in identifying measures or indicators of system performance and the actions needed to improve or correct performance relative to the goals of the system.
  • Skill in mimicking threat behaviors.
  • Skill in writing test plans
  • Skill in performing impact/risk assessments
  • Skill in preparing Test & Evaluation reports
  • Skill in running Security Content Automation Protocol (SCAP) content and Security Technical Implementation Guides (STIGS) based tools for benchmark compliance checks and security configuration reviews.
  • Skill in system administration of Active Directory Microsoft System Center Configuration Manager (SCCM)
  • Greater than five years’ experience in: all aspects of Information Assurance / Cyber Security Information Security and Network Security Programs for the USN and USMC; RMF network defense risk and compliance assessment remediation and mitigation; system and network engineering administration and security; physical security; forensic investigations; vulnerability scanning analysis remediation and reporting; incident handling and response
  • Extensive experience in developing plans and schedules estimating resource requirements defining milestones and deliverables monitoring activities and evaluating and reporting accomplishments and deficiencies
  • Skill in documenting security compliance related correspondence required by governing authorities and documenting instructions guidance and procedures to specified audiences

Broad Knowledge of:

  • Knowledge of computer networking concepts and protocols and network security methodologies.
  • Knowledge of risk management processes (e.g. methods for assessing and mitigating risk).
  • Knowledge of laws regulations policies and ethics as they relate to cybersecurity and privacy.
  • Knowledge of cybersecurity and privacy principles.
  • Knowledge of cyber threats and vulnerabilities.
  • Knowledge of specific operational impacts of cybersecurity lapses.
  • Knowledge of federal government enterprise information security architecture framework.
  • Knowledge of authorization and assessment evaluation and validation requirements.
  • Knowledge of Security Assessment and Authorization process.
  • Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality integrity availability authentication non-repudiation).
  • Knowledge of network hardware devices and functions.
  • Knowledge of Risk Management Framework (RMF) requirements.
  • Knowledge of network traffic analysis methods.
  • Knowledge of secure configuration management techniques. (e.g. Security Technical Implementation Guides (STIGs) cybersecurity best practices on cisecurity.org).
  • Knowledge of systems testing and evaluation methods.
  • Knowledge of Supply Chain Risk Management Practices (NIST SP 800-161).
  • Knowledge of network security architecture concepts including topology protocols components and principles (e.g. application of defense-in-depth).
  • Knowledge of Personally Identifiable Information (PII) data security standards.
  • Knowledge of Payment Card Industry (PCI) data security standards.
  • Knowledge of network protocols such as TCP/IP Dynamic Host Configuration Domain Name System (DNS) and directory services.

May serve as a liaison for communication and response to task orders issued by Marine Forces Cyber Command (MARFORCYBER) HQMC C4 Marine Corps Installations Command (MCICOM) and Marine Corps Systems Command (MCSC) for all Information Technology and Cybersecurity initiatives.

This position has been designated as a position of trust. The incumbent must be eligible for an Access National Agency Check and Inquiries (ANACI/ Tier 3) background investigation to review and respond to SIPRNet Task Orders (TASKORD) Warning Orders (WARNORD) Fragmentary Orders (FRAGO) and Operational Directives (OPDIRS) for all Cybersecurity Incident Response tasks. Appointment and continued employment is subject to a favorable adjudication of the security investigation.

Eligible for incremental telework as determined by MR/MF policy.

Additional information

GENERAL INFORMATION: Applicants are assured of equal consideration regardless of race age color religion national origin gender GINA political affiliation membership or non-membership in an employee organization marital status physical handicap which has no bearing on the ability to perform the duties of the position. This agency provides reasonable accommodations to applicants with disabilities. If you need a reasonable accommodation for any part of the application and hiring process please notify the agency. The decision on granting reasonable accommodation will be on a case-by-case basis.

It is Department of Navy (DON) policy to provide a workplace free of discrimination and retaliation. The DON No Fear Act policy link is provided for your review: https://www.donhr.navy.mil/NoFearAct.asp.

As part of the employment process Human Resources Division may obtain a Criminal Record Check and/or an Investigative Consumer Report. Employment is contingent upon the successful completion of a National Agency Check and Inquiries (NACI). For all positions requiring access to firearms or ammunition the Federal Government is prohibited from employing individuals in these positions who have ever been convicted of a misdemeanor crime of domestic violence or a felony crime of domestic violence adjudged on or after 27 November 2002. Selectees for such positions must submit a completed DD Form 2760 Qualification to Possess Firearms or Ammunition before a final job offer can be made.

CONDITION OF EMPLOYMENT: Per E.O. 14043 selectee(s) must be fully vaccinated for COVID-19 by 11/22/2021 or date of employment (which ever comes later) except in limited circumstances where an exception is approved due to a disability or sincerely held religious beliefs.

Direct Deposit of total NET pay is mandatory as a condition of employment for all appointments to positions within MCCS.
Required Documents:
  • Education/certification certificate(s) if applicable.
  • If prior military DD214 Member Copy
This activity is a Drug-free workplace. The use of illegal drugs by NAF employees whether on or off duty cannot and will not be tolerated. Federal employees have a right to a safe and secure workplace and Marines sailors and their family members have a right to a reliable and productive Federal workforce.
Involuntarily separated members of the armed forces and eligible family members applying through the Transition Assistance Program must submit a written request/statement (may be obtained from the MCCS Human Resources Office) and present ID card with TA stamped in red on front of card.
INDIVIDUALS SELECTED FROM THIS ANNOUNCEMENT MAY BE CHANGED TO PART-TIME OR FULL-TIME AT MANAGEMENT’S DISCRETION WITHOUT FURTHER COMPETITION.
ALL ONLINE APPLICATIONS MUST BE RECEIVED BY 1159PM EASTERN TIME (ET) ON THE CLOSING DATE LISTED IN THE JOB POSTING.

  • Benefits

    A career with the U.S. government provides employees with a comprehensive benefits package. As a federal employee you and your family will have access to a range of benefits that are designed to make your federal career very rewarding. Opens in a new windowLearn more about federal benefits.

    The Federal government offers a number of exceptional benefits to its employees. Benefits you get to enjoy while working at MCCS include but are not limited to:

    • Stability of Federal Civilian Service
    • People with passion for doing work that matters
    • Quality of Work Life Balance
    • Competitive Pay
    • Comprehensive Benefit Packages
    • Marine Corps Exchange and Base Facility Privileges

    Review our benefits

    Eligibility for benefits depends on the type of position you hold and whether your position is full-time part-time or intermittent. Contact the hiring agency for more information on the specific benefits offered.

How You Will Be Evaluated

You will be evaluated for this job based on how well you meet the qualifications above.

Your application/resume and supporting documentation will be used to determine whether you meet the job qualifications listed on this announcement. This vacancy will be filled by the best qualified applicant as determined by the selecting official.

  • Benefits

    A career with the U.S. government provides employees with a comprehensive benefits package. As a federal employee you and your family will have access to a range of benefits that are designed to make your federal career very rewarding. Opens in a new windowLearn more about federal benefits.

    The Federal government offers a number of exceptional benefits to its employees. Benefits you get to enjoy while working at MCCS include but are not limited to:

    • Stability of Federal Civilian Service
    • People with passion for doing work that matters
    • Quality of Work Life Balance
    • Competitive Pay
    • Comprehensive Benefit Packages
    • Marine Corps Exchange and Base Facility Privileges

    Review our benefits

    Eligibility for benefits depends on the type of position you hold and whether your position is full-time part-time or intermittent. Contact the hiring agency for more information on the specific benefits offered.

  • Required Documents

    As a new or existing federal employee you and your family may have access to a range of benefits. Your benefits depend on the type of position you have – whether you’re a permanent part-time temporary or an intermittent employee. You may be eligible for the following benefits however check with your agency to make sure you’re eligible under their policies.

    Varies – Review OTHER INFORMATION

    If you are relying on your education to meet qualification requirements:

    Education must be accredited by an accrediting institution recognized by the U.S. Department of Education in order for it to be credited towards qualifications. Therefore provide only the attendance and/or degrees from schools accredited by accrediting institutions recognized by the U.S. Department of Education.

    Failure to provide all of the required information as stated in this vacancy announcement may result in an ineligible rating or may affect the overall rating.

  • How to Apply

    All applications must be submitted online via the MCCS Careers website: https://careers.usmc-mccs.org

    Resumes/applications emailed or mailed will not be considered for this vacancy announcement. Resumes submitted with pictures will not be considered. To be considered for employment the application or resume must be submitted online by 11:59 PM (EST) on the closing date of the announcement.

    Note: To check the status of your application or return to a previous or incomplete application log into your MCCS user account and review your application status.

    Agency contact information

    BUSINESS AND SUPPORT SERVICES

    Phone

    703/432-0435

    Email

    hqhr.vacancies@usmc-mccs.org

    Address

    BUSINESS AND SUPPORT SERVICES

    DIVISION

    3044 CATLIN AVE

    QUANTICO VA 22134-5003

    USA

    Next steps

    All applicants who submit an application via our Careers page at https://careers.usmc-mccs.org will be able to view their application status online.

  • Fair and Transparent

    The Federal hiring process is set up to be fair and transparent. Please read the following guidance.

    • Equal Employment Opportunity (EEO) Policy
    • Reasonable accommodation policy
    • Financial suitability
    • Selective Service
    • New employee probationary period
    • Signature and false statements
    • Privacy Act
    • Social security number request

Required Documents

Varies – Review OTHER INFORMATION

If you are relying on your education to meet qualification requirements:

Education must be accredited by an accrediting institution recognized by the U.S. Department of Education in order for it to be credited towards qualifications. Therefore provide only the attendance and/or degrees from schools accredited by accrediting institutions recognized by the U.S. Department of Education.

Failure to provide all of the required information as stated in this vacancy announcement may result in an ineligible rating or may affect the overall rating.

Help

This job is open to

  • The public

    U.S. Citizens Nationals or those who owe allegiance to the U.S.

Clarification from the agency

Open to Public

Click Here : Apply Now