Job was saved successfully.
Job was removed from Saved Jobs.

Job Details

Cybersecurity Specialist Level II (TUV02101)

Equipment/Technology Specialist

Equipment and Facilities Specialist



Maryland, United States

**Cybersecurity Specialist Level II****Description****Tuvli, an Akima Company** **,** is dedicated to providing our customers with superior, integrated technology and program support services and solutions. Our systems engineering, information technology, information assurance, program support and project management staff work closely with customers to ensure that our solutions are directly aligned with their business processes and desired program outcomes. We emphasize affordability, and delivering the best value for technology investments. Our personnel enjoy competitive benefits packages and challenging roles in work environments committed to innovation, diversity and opportunity for career growth. As an Alaska Native Corporation (ANC), 100% of our companys profits go back to our 14,300 Iupiat shareholders that have resided near and above the Arctic Circle for more than 10,000 years. Our business helps support their way of life and contributes to the survival of a culture that has thrived in a challenging environment.As part of the USAMEDCOMs transition to the new electronic health record (EHR) and due to new requirements for Cybersecurity through the Risk Management Framework (RMF) it is necessary to certify not only applications and software for servers but also all medical devices and any item that connects not only to the Army MEDCOM network but to the Medical Community of Interest (Med-COI) network.**Job Summary:**The candidate will increase the number of RMF packets being processed and approved for an Authority to Operate (ATO) in the DoD eMASS system, throughout the MEDCOM at all MTFs and Clinics globally, to improve the security posture of the MEDCOM networks. Reduce the amount of time it takes to process a package in the eMASS system from start of a package to the ATO through process standardization for Medical devices, Common IT, and Facility related Control Systems (FRCS) such as Air conditioners and power and generator systems that have embedded IT. Improve the Interaction with packet submitters and reviewers to validate the completeness of packets and to make recommendations on certifications based on reviews of the submitted packets and artifacts.**Responsibilities:**+ All tasks below will be performed by a Cybersecurity Specialist, with a level II being more expert such as a Subject Matter Expert (SME), and Level I providing basic input and analytical skills consistent with and in compliance with the appropriate certification based on DoD 8570.1-M guidance.+ The candidate shall perform the necessary actions to properly scope the level of validation effort that will be required at each respective medical device/system. This includes any pre-coordination necessary to ensure that the size and complexity of the device/system is understood and to ensure that the workload is distributed amongst team members in order to meet the necessary timeframe needed to certify and accredit the device/system. The Contractor shall provide recommendations to the COR to ensure that validation activities are accomplished in the most economical, efficient, and timely manner.+ The candidate shall develop all Risk Management Framework (RMF) documentation needed into meet DoD and Army validation requirements. Documentation must be delivered to the US Army-appointed SCA-V in a timely manner so that system/device meets the go live dates at the MTFs.+ The candidate shall review RMF-related publications such as those within the DOD, those within the US Army, and shall provide input on those RMF or similar regulatory processes that are implemented through Army Best Business Practices. The contractor will provide recommendations on draft RMF and IA-related publications and will be tasked to provide input in both written and oral form.+ The candidate shall aid in the RMF process by providing expert advice on the number of team members required to perform validation activities on each device/system, the amount of time it will take to validate the RMF IA controls on each device or system, and with validating the RMF or similar regulatory controls in accordance with Federal, DOD, and US Army RMF or similar regulatory requirements.+ The candidate shall provide ongoing verbal/email assistance to the necessary personnel who are performing the RMF or similar regulatory validation activities or who are working to fix IA controls.+ The candidate shall develop and maintain C&A security artifacts such as security plans, contingency plans, risk assessments, privacy impact assessments, incident response plans, configuration management plans, configurations checklists, and interconnection security agreements.+ The candidate shall be in compliance with DoD 8570.1-M and all regional and local training requirements according to the latest policies and guidance.+ The candidate shall provide the US Government-appointed COR a monthly activity report for each significant action that briefly states what was accomplished. Also, the contractor shall provide trip reports for any location visited for RMF or similar regulatory validation or for any conferences attended. The contractor must write trip reports or weekly activity reports in a format provided by the SCA-V or Contracting Officers Representative (COR).+ The Contractor shall develop briefing slides that describe tasks completed, ongoing and outstanding tasks for the month, expected completion dates, issues, and concerns. Slide content and delivery schedule may be adjusted by the US Government-appointed SCA-V, the QAE, or the COR.+ The candidate shall conduct threat and vulnerability assessments and submit effective measures to minimize such risk to the MEDCOM Cyber Security Program Office.+ The candidate shall write and execute test procedures for C&A / A&A effort including STIGs, Nessus/ACAS, Flying Squirrel, Grass Marlin, Wire Shark, CSET, etc.+ The contractor shall document residual risks by conducting a thorough review of all the vulnerabilities, architecture and defense in depth and provide the IA risk analysis and mitigation determination results for the Test Report.+ The candidate shall travel to CONUS and OCONUS sites to conduct physical and cyber security assessments; conduct complete security baseline and inventory reports and packages.+ The contractor shall conduct testing for the integration of proposed new technologies to be included in the enterprise design. The contractor shall research and analyze current DoD and Department of the Army (DA) policies and recommend mitigation strategies.+ The candidate shall perform threat, security audits, vulnerability, and conduct risk assessments based on scans and other data pertaining to each system within the eMASS+ The contractor shall assist in the maintenance of the current network and systems certification and accreditation statement (ATO), and when directed initiate continuing or re-accreditation processes and procedures when changes effecting the accreditation of the network or attached systems have occurred.+ The candidate in accordance with all applicable DoD, Army and MEDCOM policies shall only use DoD/Army approved IA software products, for performing security scans furnished by the Government for use on DoD/Army computers and networks only.**Qualifications****Minimum Qualifications:**+ IAT or IAM Level II certification.+ Active Secret clearance.+ Bachelors Degree desired and 4 years of combined IT and security work experience with a broad exposure to infrastructure/network and multi-platform environments.+ Requires knowledge of security issues, techniques and implications across all existing computer platforms.+ Ability to work under tight deadlines. Time management skills, including organization, coordination of duties, and/or accomplishment of goals.The duties and responsibilities listed in this job description generally cover the nature and level of work being performed by individuals assigned to this position. This is not intended to be a complete list of all duties, responsibilities, and skills required. Subject to the terms of an applicable collective bargaining agreement, the company management reserves the right to modify, add, or remove duties and to assign other duties as may be necessary. We wish to thank all applicants for their interest and effort in applying for the position; however, only candidates selected for interviews will be contacted.We are an equal opportunity employer. All applicants will receive consideration for employment, without regard to race, color, religion, creed, national origin, gender or gender-identity, age, marital status, sexual orientation, veteran status, disability, pregnancy or parental status, or any other basis prohibited by law.We are committed to Equal Employment Opportunity and providing reasonable accommodations to applicants with physical and/or mental disabilities. If you have a physical and/or mental disability and are interested in applying for employment and need special accommodations to use our website to apply for a position please contact, Recruiting Services at or [Register to View] . Reasonable accommodation requests are considered on a case-by-case basis.The dedicated email and telephonic options above are reserved only for individuals with disabilities needing accessibility assistance to apply to an open position using our website.Please do not use the dedicated email or phone number above to inquire on the status of your job application._In order for our company to stay compliant with government regulations, please apply on line. Please DO NOT email resumes or call in lieu of applying online unless you have a physical and/or mental disability and need assistance with the online application._**Job:** Information Technology**Primary Location:** US-MD-Fort Detrick**Shift:** Day Job**Req ID:** TUV02101