207 Business Park Dr., Ste. 100
VA Beach, VA 23462
Employee Type: Full-Time
Location: Suffolk, VA
Job Type: IT Specialist
Experience: 3+ Years
Clearance: Top Secret / SCI Eligible
AERMOR LLC is qualified candidates to provide technical and analytical support for FCC OCA in support of all OCA inspections. Candidates shall perform a wide variety of technical support services and functions required to meet the mission of FCC OCA to enhance overall DoDIN-N readiness and security.
- Identifying critical flaws in applications and systems that cyber attackers could exploit
- Conducting vulnerability assessments for networks, applications, and operating systems
- Conducting network security audits and scanning on a predetermined basis using automated tools (e.g. Security Content Automation Protocol (SCAP)) to pinpoint vulnerabilities and reduce time-consuming tasks
- Experienced with performing manual testing methods and procedures using STIGs, SRGs, and checklists
- Using automated or manual testing techniques and methods to gain a better understanding of the environment and reduce false negatives
- Validating report findings to reduce false positives
- Compiling and tracking vulnerabilities for metrics purposes
- Writing and presenting a comprehensive Vulnerability Assessment report
- Reviewing and defining requirements for information security solutions
- Prepare reports and presentations regarding internal/external investigations, physical losses, or violations of regulations, policies, and procedures related to physical security.
- Adhere to established Navy / DoD policies and procedures
- Travel to commands/sites and/or remotely perform technical duties such as running vulnerability scans, reviewing command documentation/policies, uploading inspection results into data repositories and portals, providing a summary of inspection findings, conducting root cause analysis, providing mitigation recommendations, and other tasks necessary to complete a cybersecurity assessment/inspection. Travel is required unless an approved remote inspection plan is authorized by the Government.
- Notify Government CE/VE Lead of pending issues affecting the completion or outcome of a cybersecurity inspection/assessment.
- Develop and provide inspection finding summary/detail information, finding impact information to include operational impact, finding analysis information, and other related inspection deliverables as identified by the government.
- Provide guidance/coaching to inspection site personnel as well as internally to other OCA personnel to increase awareness and understanding of inspection technical areas.
- Assist in researching trend data for vulnerabilities associated with individual technology areas to support cybersecurity inspections.
- Detail all findings in a written report while providing recommendations to mitigate prioritizing by risk using industry standards and best practices.
- Submit lessons learned if applicable to the inspection within a specified timeframe in accordance with the CCORI process.
Required Skills and Experience:
- Minimum of three (3) years’ experience in the application of DoD security principles and practices as it relates to physical, personnel, information, and industrial security.
- Shall be able to check and verify the security of doors, windows, and other secure entry points, monitor Closed Circuit Television (CCTV) and other automated systems installation and operation, check overheads, and false decks.
- Knowledge of physical badges, panels, and consoles.
- Shall have a thorough understanding of Security Technical Implementation Guides for general areas such as secure room, Controlled Access Area, & Restricted Access Area construction, classified storage/handling, Need-to-Know/Non-Disclosure Agreements, Protected Distribution Systems, and Clearance/Investigative requirements.
- Shall have knowledge on the following security disciplines: information assurance, physical security, personnel security, TEMPEST, Key Management Infrastructure (KMI)/Communications Security (COMSEC), Foreign National Security, Control of Unclassified Information (CUI), and other security disciplines.
- Certifications: At a minimum candidates must have Security +, all Computer-Based Training (CBTs) must be completed, along with Security Fundamentals Professional Certification (SFPC) Level I Security Professional Education Development (SPēD) certification.
- DoD Security Specialist (DSS) Course, and Traditional Security SRR within 3-months of hire and before conducting OJTs with the OCA inspection team.
- Education: No formalized collegiate degree is required but will be required to complete/pass DISA Traditional Security SRR training before going out on inspections
For more information contact: firstname.lastname@example.org
Technical Cybersecurity Assessor - UNIX