DMI

  • Computer Network Defense Lead (CND) Lead*

    Posted Date 11 months ago(8/15/2017 8:45 AM)
    Job ID
    2017-11575
    Category
    Infrastructure Support
    Location
    US-VA-Arlington
  • About DMI

    DMI, the world’s first end-to-end mobility company, combines all the skills and services necessary to deliver mobile enterprise solutions. Built to reinvent business through mobility, DMI has expertise in mobile strategy, UX, web, and app development, omni-channel commerce, brand and marketing, IoT and big data analytics, and secure device and app management. The company’s unique, integrated approach to mobility has resulted in dramatic growth as well as an expanding client base, which includes hundreds of Fortune 1000 commercial clients and all fifteen U.S. Federal Departments. DMI is headquartered in Bethesda, MD, with satellite offices around the world. The company was named one of the 2018 Top Workplaces in the Washington, DC area by The Washington Post and received Inc. Magazine’s Hire Power Award as one of the top 100 Private Job Creators in the US. Additional information is available at www.dminc.com and on LinkedIn, Twitter, Facebook, and Instagram.

    About the Opportunity

    About the Opportunity

    Computer Network Defense (CND) Lead to oversee a team providing incident response and supporting a Security Operations Center (SOC) for the Office of the CIO (OCIO) at the Defense Security Service (DSS). This is a full-time position.

    Oversee a team providing information security support for computer network defense (CND), continuous monitoring and analysis, enterprise audit, security compliance, security event monitoring and analysis, data management, analytic rule development/adjustment, incident response, and investigative support. Take action to protect, monitor, detect, analyze, and respond to unauthorized activity within DSS information systems and computer networks. Deliver technical security expertise in the operation of an enterprise class CND system, dealing with events caused by internal and external factors and the related mitigation recommendations for issues caused by process, threat and technology changes over time. Act as a trusted advisor to senior leadership to make recommendations regarding strategic and tactical direction in leading activities in support of team and enterprise objectives. Serve as an expert on CND requirements and compliance to such requirements by using IA tools and techniques to perform compliance analysis and correlation, tracking and remediation coordination, and escalating CND non-compliance. Provides technical analysis and sustainment support for the enterprise for IA tools and applications.

    Must have a current DOD 8570.01 IAM Certification (CISSP, CISM, or GSLC) and a Master's Degree in an IT related field. Must have experience with CNSSi 1253, FIPS 140-2, FIPS 199, FIPS 200, NIST SP 800-53, ISO 27001, Fed RAMP, FISMA Reporting. Must have knowledge and experience working with DoD Risk Management Framework.

     

    Duties and Responsibilities:  

    • Lead will provide project planning, guidance and technical expertise in the following areas: program, policy, process, and planning; risk management, auditing, and assessments; Assessment and Authorization (A&A); and quality planning and control of all products.
    • Essential Duties and Responsibilities: (Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of this position)
    • Assist with development and maintain Operational Level Agreements (OLAs) and end-to- end Standard Operating Procedures (SOPs) to identify collaborative responsibilities and support process interaction with other Government and contractor IT groups.
    • Develop and maintain a detailed policy matrix mapping Federal, DoD, and local policies to the required security controls as identified by National Institute of Standards and Technology (NIST) SP 800-53 and DoDI 8510.01. Documents include but are not limited to:
    • Standard OperatingProcedures (SOPs)
    • Agency Training (e.g., cyber awareness, computer incidents, malicious codes, etc.)
    • Contingency Plan
    • Security Assessment Report (SAR)
    • Cybersecurity Instruction
    • Concept of Operations (CONOPS)
    • Incident Response Plan (IRP)
    • Configuration Management Plan (CMP)
    • System Authorization Access Request (SAAR)
    • Vulnerability Management Plan
    • System Security Plans (SSP)
    • Plan of Actions and Milestones (POAMs)
    • Administer CS training, to include the annual Cyber Awareness Challenge training per DoDD 8500.1 and compliance with the requirements of DoDD 8570.1 and DoD 8570-M for the IA Workforce Improvement Program (WIP).
    • Provide CS SME support in the development and presentation of a slide presentation and supporting documentation for a weekly synergy meeting for the Chief Information Officer (CIO).
    • Provide operational risk management support for CS-managed systems, whether networked or standalone. The networks include varying security classifications, architectures, mobile devices, Virtual Private Networks (VPNs) and other remote access architectures and technologies, including Secure Socket Layer.
    • Provide CS’ portion of the Tier 3 Computer Network Defense (CND) services in accordance with DoDI O-8530.2, CJCSI 6510.01E, and CJCSM 6510.01.
    • Support enterprise level Information Assurance Vulnerability Management (IAVM) and DoD Reporting Management and Support including vulnerability management oversight activities for all assets in the “Test” and “Production” enclaves and all standalone systems.
    • Participatein the CS change management process including attending the weekly Enterprise Change Control Board (ECCB) meetings, reviewing Requests for Change (RFCs) distributed in email, and performing risk assessments on hardware and software.
    • Evaluate all newly deployed servers and applications in the “Test” and “Production” enclaves and verify that the asset entries have been created in the DoD DPMS and ensure vulnerabilities have been mitigated and STIGs have been applied.
    • Review applications by performing an automated and/or manual scan of the application code and report findings in the application code scan to the SA for developer or remediation.
    • Plan and execute compliance, Assessment and Authorization (A&A) activities in support of CIO’s role as AO for client and its subcomponents including the following tasks:
    • Perform system registration in eMASS on behalf of the system owner
    • Perform system registration in DITPR on behalf of the system owner
    • Update eMass with IA Controls on behalf of system owner
    • Update eMASS POA&M information when required on behalf of the system owner
    • Provide support the DoD Risk Management Framework (RMF) for all Information Systems (IS), enclaves, and application systems under the purview of the CIO per DoDI 8510.01.

    Qualifications

    Education and Years of Experience: 

    • Must have a current DOD 8570.01 IAM Certification (CISSP, CISM, or GSLC) and a Master's Degree in an IT related field.
    • Must have experience with CNSSi 1253, FIPS 140-2, FIPS 199, FIPS 200, NIST SP 800-53, ISO 27001, Fed RAMP, FISMA Reporting.
    • Must have knowledge and experience working with DoD Risk Management Framework.

     

    Required Skills/Certifications:

    Must have a current DOD 8570.01 IAM Certification (CISSP, CISM, or GSLC) and a Master's Degree in an IT related field. Must have experience with CNSSi 1253, FIPS 140-2, FIPS 199, FIPS 200, NIST SP 800-53, ISO 27001, Fed RAMP, FISMA Reporting. Must have knowledge and experience working with DoD Risk Management Framework.

     

    Physical Requirement(s): None

    Location: FT Knox

     

     

    Working at DMI

    DMI is a diverse, prosperous and rewarding place to work. We provide our employees with competitive benefits, educational assistance, and career growth opportunities. Every employee is valued for their talents and contributions. We all take pride in helping our customers achieve their goals, which in turn contributes to the overall success of the company.

    The company does and will take affirmative action to employ and advance in employment individuals with disabilities and protected veterans, and to treat qualified individuals without discrimination on the basis of their physical or mental disability or veteran status. DMI is an Equal Opportunity Employer Minority/Female/Veterans/Disability.


    ***************** No Agencies Please *****************


    Applicants selected may be subject to a government security investigation and must meet eligibility requirements for access to classified information. US citizenship may be required for some positions.

     

     

    PM2017

     

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed

    Connect With Us!

    Not ready to apply? Connect with us for general consideration.