Title: Cybersecurity Compliance Inspector ~ Windows

Location: Reston, VA; Alexandria, VA; Washington, DC; College Park, MD

Clearance: TS/SCI with the ability to obtain and maintain a CI polygraph

Responsibilities:

The Cybersecurity Compliance Inspector is responsible for conducting Windows system reviews using DISA STIGs and IC Policy requirements. DISA STIGs include Windows OS, Windows Database Server, Windows Web, Windows Domain Controllers, Exchange, and Windows Workstations.

This includes the following during an inspection:

• Coordinate with multiple organizations and the reviewer staff
• Consolidate reports on an organization's enterprise
• Validate correct configurations
• Conduct inspection interviews
• Develop and complete inspection checklists
• Provide input to written reports on compliance and associated risks
• Coordinate with purple team and cyber threat emulation activities
• Demonstrate advanced writing skills; experienced in coordinating multiple viewpoints into a cohesive document
• Demonstrate experience with DoD STIGs and STIG Viewer tool
• Demonstrate attention to detail
• Demonstrate the ability to work independently

• Demonstrate Knowledge and understanding of key windows management skills (Windows 10 End of Support Schedules, OS info, windows secure host baseline, windows TPM, Bit locker drive encryption, PowerShell essential commands, windows management instrumentation, LDAP, user/group members, password management, group policies, file/share permissions, logging, retention settings, etc.)

The reviewer will support the pre-inspection phase activities to include:

• Logistical and team coordination
• Virtual testing to determine feasibility of conducting reviews remote to the site (still within on-site facilities)
• Answering questions prior to the inspection with regards to the review
• Submitting administrative facilities and systems access forms
• Analyzing network diagrams

The reviewer will support the post-inspection phase activities to include:

• Responding to RFIs
• Cooperation with IV&V activities as organizations work to remediate vulnerabilities discovered during the vulnerability assessment

The reviewer will be expected to identify ways to improve the program. This includes development of program documentation, cross-functional coordination, community collaboration, and automation.

Requirements:

• Bachelor's degree in Cybersecurity, Computer Science or a related technical discipline plus ten (10) years of relevant experience; an additional four (4) years of hands-on experience may be substituted in lieu of a degree
• Must possess current DoD 8570 IAT Level III certification
• Current active TS/SCI clearance, with the ability to obtain and maintain a CI polygraph
• Must be willing to travel up to 10-25% (mostly local travel)

Equal Opportunity Employer/Veteran/Disabled