The OSA program has divided the controls into quarterly increments that ensure complete coverage of all controls during a three-year cycle. The OSA documentation provides the current quarterly breakout of the assessed controls. The Department is looking for innovative ways to administer this program and would like automation ingrained into the testing of controls and reporting of results. The candidate will be expected to leverage the DHS Continuous Diagnostics and Mitigation program, the information security continuous monitoring program, NIST SP 800-137 and NIST SP 800-37 as amended
This candidate will provide support to include, but is not limited to:
- Create or update a 3-year OSA test plan for each system that includes the most resent versions of NIST SP 800-53 control tests and any additional tests the Department requires to be included for OSA.
- A subset of the controls will be tested or assessed each quarter so that all controls will be tested or assessed at least once during a three-year period;
- Using NIST assessment methods and approved OSA procedures complete and maintain an OSA master project schedule.
- Create or update program management documentation that include rules of engagement, schedules, annual document reviews, process for POA&M and accepted risk reviews,
- Ensure that appropriate vulnerability and penetration tests are scheduled, conducted, analyzed, and presented to the system owner ad information systems security officer (ISSO).
- As needed, meet with the system ISSO(s), systems contractors and the POAM Team, to develop mitigation strategies and identify acceptable evidence criteria to close deficiencies. For all security deficiencies found during a test cycle, per system populate an FSA’s vulnerability tracking tool injection template ensuring appropriate content is included in all required fields.
- Review and provide advice based on analysis for Third Party Website and Applications (TPWA)?Review and analyze all system artifacts for accuracy, completeness, in support of an authorization to operate (ATO) requests
- Create and submit to the CISO, a monthly OSA report that itemizes and describes the OSA scheduled assessment activities (controls, scans, etc.); Production Readiness Reviews (PRRs), scorecards, audits, CM, other tests completed during the past month, and any residual risks added.
- Provide a risk rating, based on the risk profiles of all systems in the OSA program, identify trends, and provides recommendations for improving security across the enterprise. This report shall provide sufficient granularity to provide subordinate reports to systems, principal offices (FSA) and individuals
- At least two (2) years of web application penetration testing experience;
- Certifications within web penetration testing;
- At least five (5) years of experience in network intrusion analysis and/or warning intelligence support (planning, execution and assessment of threats);
- Specialized training in reverse engineering;
- Experience and specialized training in DoD’s ACAS and HBSS systems, to include Information Security Continuous Monitoring (ISCM) and Insider Threat (InT);
- Experience supporting cybersecurity service provider certification efforts and/or subscriber validation efforts;
- Experience with an ISCM tool and leading ISCM tactics, tools, and procedures;
- Specialized Insider Threat training;?Knowledge of and experience with applications, operation systems, etc. in accordance with DoD Directive 8140.01 Cyberspace Workforce Management;
- At least five (5) years of experience in network intrusion analysis and packet analysis;
- At least two (2) years of Python programming experience;
- Experience monitoring networks in real time using automated tools (e.g., Splunk, ELK stack, Snort, or other custom tools);
- Specialized training in forensic investigation;
- At least ten (10) years of experience in systems/infrastructure administration on a variety of technologies (e.g., databases, networks, storage, servers, directories, etc.);
- Knowledge of DoD cybersecurity requirements to include Security Technical Implementation Guides (STIGs), IAVM patching guidelines, etc.;
- Knowledge of Command Cyber Readiness Inspections (CCRIs) or similar inspection requirements, preferably in a DoD environment;
- Experience operating in classified environments
- At least two (2) years of experience in leading/managing a technical team;