Title: Cybersecurity Compliance Inspector ~ CND

Location: Alexandria, VA; Washington, DC; Reston, VA; College Park, MD

Clearance: TS/SCI with the ability to obtain and maintain a CI polygraph

Responsibilities:

The Cybersecurity Compliance Inspector is responsible for conducting a review of an organizations cybersecurity services and completing checklists to ensure an organization is meeting IC policy requirements. These cybersecurity services include the Cybersecurity Framework Functions of Identify, Protect, Detect, Respond, and Recover. The IC policy checklists are for ICS 502-01, IC CIO 2018-124, CNSSD 504, and others will be added over time. The tools evaluated will vary (minimum set of tools expected: ArcSight, Splunk, McAfee Host Base Security, Tanium, and ACAS). In supporting inspections, the reviewer will:

• Coordinate with multiple organizations and the reviewer staff
• Consolidate reports on an organization's enterprise
• Validate correct tool configurations
• Conduct inspection interviews
• Develop and complete inspection checklists
• Provide input to written reports on compliance and associated risks
• Coordinate with purple team and cyber threat emulation activities
• Demonstrate advanced writing skills; experienced in coordinating multiple viewpoints into a cohesive document
• Demonstrate experience with DoD STIGs and STIG Viewer tool
• Demonstrate attention to detail
• Demonstrate the ability to work independently

• Verify IDS/IPS rules implementation
• Validate specific events (i.e., malware detection alerts) for use in polling other security systems to ensure events are captured

The reviewer will support the pre-inspection phase activities to include:

• Logistical and team coordination
• Virtual testing to determine feasibility of conducting reviews remote to the site (still within on-site facilities)
• Answering questions prior to the inspection with regards to the review
• Submitting administrative facilities and systems access forms
• Analyzing network diagrams

The reviewer will support the post-inspection phase activities to include:

• Responding to RFIs
• Cooperation with IV&V activities as organizations work to remediate vulnerabilities discovered during the vulnerability assessment

The reviewer will be expected to identify ways to improve the program. This includes development of program documentation, cross-functional coordination, community collaboration, and automation.

Requirements:

• Bachelor's degree in Cybersecurity, Computer Science or a related technical discipline plus ten (10) years of relevant experience; an additional four (4) years of hands-on experience may be substituted in lieu of a degree
• Must possess current DoD 8570 IAT Level III certification
• Current active TS/SCI clearance, with the ability to obtain and maintain a CI polygraph
• Must be willing to travel up to 10-25% (mostly local travel)

Equal Opportunity Employer/Veteran/Disabled