Title:  Cybersecurity Compliance Inspector ~ ACAS

Location: Alexandria, VA; Washington, DC; Reston, VA; College Park, MD

Clearance: TS/SCI with the ability to obtain and maintain a CI polygraph

Responsibilities:

The Cybersecurity Compliance Inspector functions as the critical asset responsible for the collection of scan data for an inspection. Day-to-day responsibilities are to conduct ACAS reviews using the DISA ACAS Best Practice Guide and IC CIO 2018-051 vulnerability management policy checklists. In supporting inspections, the reviewer will:

• Coordinate with multiple organizations and the reviewer staff
• Consolidate reports on an organization's enterprise
• Validate correct configurations
• Conduct inspection interviews
• Develop and complete inspection checklists
• Provide input to written reports on compliance and associated risks
• Coordinate with purple team and cyber threat emulation activities
• Demonstrate advanced writing skills; experienced in coordinating multiple viewpoints into a cohesive document
• Work with system administrators to verify scan policies and run scans

• Troubleshoot coverage challenges across the multiple technologies (includes Windows Servers, network devices/routers/switches, windows workstations, windows virtual environments, host base security (McAfee and others), and other technologies)
• Obtain system specific scans utilized for sampling during an inspection
• Conduct compliance scans (using SCAP with Nessus .audit files)
• Conduct open port scans at each organization

• Demonstrate experience with DoD STIGs and STIG Viewer tool
• Demonstrate attention to detail
• Demonstrate the ability to work independently

The reviewer will support the pre-inspection phase activities to include:

• Logistical and team coordination
• Virtual testing to determine feasibility of conducting reviews remote to the site (still within on-site facilities)
• Answering questions prior to the inspection with regards to the review
• Submitting administrative facilities and systems access forms
• Analyzing network diagrams
• Identifying appropriate IP scope of an inspection through documentation and databases

The reviewer will support the post-inspection phase activities to include:

• Responding to RFIs
• Cooperation with IV&V activities as organizations work to remediate vulnerabilities discovered during the vulnerability assessment

The reviewer will be expected to identify ways to improve the program. This includes development of program documentation, cross-functional coordination, community collaboration, and automation.

Requirements:

• Bachelor's degree in Cybersecurity, Computer Science or a related technical discipline plus ten (10) years of relevant experience; an additional four (4) years of hands-on experience may be substituted in lieu of a degree
• Must possess current DoD 8570 IAT Level III certification
• Current active TS/SCI clearance, with the ability to obtain and maintain a CI polygraph
• Must be willing to travel up to 10-25% (mostly local travel)

Equal Opportunity Employer/Veteran/Disabled