Previous Job
Cyber Security Specialist II
Ref No.: 18-04672
Location: Ft. Sam Houston, Texas
Position Type:Direct Placement
Cyber Security Specialist II
Ft. Sam Houston, TX

  • IAT or IAM Level II certification
  • Active Secret or a current IT-II Level Security Clearance
  • Bachelor's Degree and 4 years of combined IT and security work experience with a broad exposure to infrastructure/network and multi-platform environments.
  • Requires knowledge of security issues, techniques and implications across all existing computer platforms.
  • Ability to work under tight deadlines. Time management skills, including organization, coordination of duties, and/or accomplishment of goals

All tasks below will be performed by a Cybersecurity Specialist, with a level II being more expert such as a Subject Matter Expert (SME), and Level I providing basic input and analytical skills consistent with and in compliance with the appropriate certification based on DoD 8570.1-M guidance.
The candidate shall perform the necessary actions to properly scope the level of validation effort that will be required at each respective medical device/system. This includes any pre-coordination necessary to ensure that the size and complexity of the device/system is understood and to ensure that the workload is distributed amongst team members in order to meet the necessary timeframe needed to certify and accredit the device/system. The Contractor shall provide recommendations to the COR to ensure that validation activities are accomplished in the most economical, efficient, and timely manner.
The candidate shall develop all Risk Management Framework (RMF) documentation needed into meet DoD and Army validation requirements. Documentation must be delivered to the US Army-appointed SCA-V in a timely manner so that system/device meets the go live dates at the MTFs.
The candidate shall review RMF-related publications such as those within the DOD, those within the US Army, and shall provide input on those RMF or similar regulatory processes that are implemented through Army Best Business Practices. The contractor will provide recommendations on draft RMF and IA-related publications and will be tasked to provide input in both written and oral form.
The candidate shall aid in the RMF process by providing expert advice on the number of team members required to perform validation activities on each device/system, the amount of time it will take to validate the RMF IA controls on each device or system, and with validating the RMF or similar regulatory controls in accordance with Federal, DOD, and US Army RMF or similar regulatory requirements.
The candidate shall provide ongoing verbal/email assistance to the necessary personnel who are performing the RMF or similar regulatory validation activities or who are working to fix IA controls.
The candidate shall develop and maintain C&A security artifacts such as security plans, contingency plans, risk assessments, privacy impact assessments, incident response plans, configuration management plans, configurations checklists, and interconnection security agreements.
The candidate shall be in compliance with DoD 8570.1-M and all regional and local training requirements according to the latest policies and guidance.
The candidate shall provide the US Government-appointed COR a monthly activity report for each significant action that briefly states what was accomplished. Also, the contractor shall provide trip reports for any location visited for RMF or similar regulatory validation or for any conferences attended. The contractor must write trip reports or weekly activity reports in a format provided by the SCA-V or Contracting Officer's Representative (COR).
The Contractor shall develop briefing slides that describe tasks completed, ongoing and outstanding tasks for the month, expected completion dates, issues, and concerns. Slide content and delivery schedule may be adjusted by the US Government-appointed SCA-V, the QAE, or the COR.
The candidate
shall conduct threat and vulnerability assessments and submit effective measures to minimize such risk to the MEDCOM Cyber Security Program Office.
The candidate shall write and execute test procedures for C&A / A&A effort including STIGs, Nessus/ACAS, Flying Squirrel, Grass Marlin, Wire Shark, CSET, etc.
The contractor shall document residual risks by conducting a thorough review of all the vulnerabilities, architecture and defense in depth and provide the IA risk analysis and mitigation determination results for the Test Report.
The candidate shall travel to CONUS and OCONUS sites to conduct physical and cyber security assessments; conduct complete security baseline and inventory reports and packages.
The contractor shall conduct testing for the integration of proposed new technologies to be included in the enterprise design. The contractor shall research and analyze current DoD and Department of the Army (DA) policies and recommend mitigation strategies.
The candidate shall perform threat, security audits, vulnerability, and conduct risk assessments based on scans and other data pertaining to each system within the eMASS
The contractor shall assist in the maintenance of the current network and systems certification and accreditation statement (ATO), and when directed initiate continuing or re-accreditation processes and procedures when changes effecting the accreditation of the network or attached systems have occurred.
The candidate in accordance with all applicable DoD, Army and MEDCOM policies shall only use DoD/Army approved IA software products, for performing security scans furnished by the Government for use on DoD/Army computers and networks only.