CND-SP Auditor Inspector Level 4 010
IC-CAP LLC is a Woman Owned / HUBZone Small Business working in the Department of Defense and Intelligence Community. We are always looking for highly talented, energetic, and dynamic professionals that are interested in protecting the defense of our nation.
We are looking to fill this position at the following location(s):
- Washington, DC
CND-SP Auditor/Inspector Security Auditing Level 4:
Responsible for strengthening the defensive posture and cyber defense operational readiness of an IT Enterprise, our Enterprise Cyber Network Defense (ECND) program defends and protects Government assets from external Cyber Security attacks and Insider Threats that can potentially cause orcreate data, systems, networks, and personnelvulnerabilities.
Skill Level 4:
Skills and Tasks:
Exceptionally Complex, Inter-Discipline, Inter-Organizational. Can perform tasks of senior level technicians, specialists, and or managers not performed at Level 3 due to the size and/or complexity of the tasks.
May work individually or as a key member of a senior leadership team.
Oversees and monitors performance across several disciplines, and when required, takes steps to resolve issues.
Provides expert guidance and direction to Government and Vendor senior level technicians and managers.
Directs multiple contractor and subcontractor teams through to project completion.
Identify and manage network and system vulnerabilities and security events
Receive, acknowledge, disseminate, track, report (daily/weekly, and update vulnerability management (VM) alerts, vulnerability assessments, red/blue team events, security incidents, and the VM common operating picture (VM COP)
Provide inspection services across the enterprise on behalf of the organization's Special Enclave (SE) program manager
Support or perform global DoD inspections of GENSER and SE (e.g., JWICS) services to ensure compliance to DoDI 8530 standards
Education and Experience:
HS/GED + 12 years
Associates Degree + 10 years
Bachelor's Degree + 8 years
Master's Degree + 6 years
PhD + 4 years
Functional duties consist of:
In support of the Enterprise Cyber Network Defense (ECND) program IC CAP seeks an Auditor skilled in cybersecurityand cyberspace defense processes, procedures, and governance that will provide impactful contributions to the Cyber Security Auditing section. The qualified candidate will be responsible for Risk Management Framework (RMF) Security Control Assessment and Authorization (A&A) of management, operational, and technical security controls used to protect, detect, characterize, counter and mitigate network and system vulnerabilities and security events, to improve the security posture of Department of Defense (DOD) and Intelligence Community (IC) networks and information systems. The candidate will perform recurring, world-wide RMF A&A on behalf of the Defense Intelligence Agency (DIA) Cybersecurity Service Provider (CSSP) Program Management Office (PMO) for General Services (GENSER), and Special Access Program (SAP) / Special Access Requirements (SAR) CSSPs in accordance with (IAW) DODI-8530.01, CJCS 6510 series, and IC Directives and Standards; and for sites connected to the Joint Worldwide Intelligence Communications (JWICS) backbone IAW DIA JWICS Connection Approval Program (JCAP) policy.
Conducting world-wide SAP/SAR and GENSER CSSP security control assessments to improve services and standards
Conduct internal assessments of the DIA CSSP SAP/SAR and GENSER program
Coordinate remediation of DIA internal assessment findings with responsible DIA support offices to ensure mitigation
Provide monthly Plan of Action and Milestones (POAM) metrics for DIA internal assessments
Develop auditor requirements and recommendations for Cyberspace Defense Services (CDS) assessments for sites connected the JWICS backbone in support of JCAP
Perform security assessments at remote sites .
Perform security assessments of contractor sites processing and storing data.
Assists with implementation of counter-measures or mitigating controls
Maintains current knowledge of relevant technology as assigned.
Participates in special projects as required
Training and Certifications:
DoD 8570 compliance or information assurance certification commensurate with technical objectives and services required within the task order.
Applicable software or hardware training and certifications commensurate with the technical objectives, services required, and IT environment specified within the task order.
TS/SCI with CI poly