Cyber Security Team Lead
Information and Data are some of the most important organizational assets in today’s businesses. As a Security Consultant, you will be a key advisor for IBM’s clients, analyzing business requirements to design and implement the best security solutions for their needs. You will apply your technical skills to find the balance between enabling and securing the client's organization with the cognitive solutions that are making IBM the fastest growing enterprise security business in the world.
Your Role and Responsibilities
Octo, an IBM company, is an industry-leading, award-winning provider of technical solutions for the federal government. At Octo, we specialize in providing agile software engineering, user experience design, cloud services, and digital strategy services that address government's most pressing missions. Octo delivers intelligent solutions and rapid results, yielding lower costs and measurable outcomes.
Our team is what makes Octo great. At Octo you'll work beside some of the smartest and most accomplished staff you'll find in your career. Octo offers fantastic benefits and an amazing workplace culture where you will feel valued while you perform mission critical work for our government. Voted one of the region’s best places to work multiple times, Octo is an employer of choice!
Are you a self-motivated and experienced Cyber Security professional? Are you looking for a significant career growth opportunity? You will be joining the team that is deploying and delivering a cloud-based, multi-domain Common Data Fabric (CDF), which provides data sharing services to the entire DoD Intelligence Community (IC). The CDF connects all IC data providers and consumers. It uses fully automated policy-based access controls to create a machine-to-machine data brokerage service, which is enabling the transition away from legacy point-to-point solutions across the IC enterprise.
Octo offers modern approaches to solve your toughest challenges. We believe the status quo can be improved, and we’ve made it our job to use emerging technology to help our customers achieve their objectives with the most modern systems and software possible. That’s why our digital solution innovators develop transformative, scalable solutions to make sure your agency is always a step ahead.
The CDF program is an evolution for the way DoD programs, services, and combat support agencies access data by providing data consumers (e.g., systems, app developers, etc.) with a “one-stop shop” for obtaining ISR data. The CDF significantly increases the DI2E’s ability to meet the ISR needs of joint and combined task force commanders by providing enterprise data at scale. The CDF serves as the scalable, modular, open architecture that enables interoperability for the collection, processing, exploitation, dissemination, and archiving of all forms and formats of intelligence data. Through the CDF, programs can easily share data and access new sources using their existing architecture. The CDF is a network and end-user agnostic capability that enables enterprise intelligence data sharing from sensor tasking to product dissemination.
Primarily responsible for the management of a team of approximately eight (8) personnel who are responsible for the security accreditation of CDF components and instances, to include validation and maintenance of all Information Assurance (IA) requirements mandated ISO a defense organization’s business systems environment. In this role, you will:
- Manage, oversee and coordinate the accreditation and delivery of the assembled enterprise data capabilities across all platforms, and perform continuous monitoring of the fielded solutions.
- Manage, oversee and coordinate security team interactions with CDF Platform / systems engineers to remediate security defects in a timely manner on any open findings for all development, test and production systems.
- Responsible authority for monitoring ACAS and CMRS weekly reports, Information Assurance Vulnerability Alerts (IAVAs), Cyber Tasking Orders, and vendor announcements for alerts and forward relevant alerts to the Operations and Maintenance teams for mitigation and response
- Supervise and ensure the proper preparation of necessary documentation to describe the protection and sustainment of the IA requirements and support for the DoD Public Key Infrastructure (PKI) implementation strategies.
- Supervise and ensure the proper preparation of IA documentation for Government representatives to include authorization change requests, Security Technical Implementation Guide (STIG) reports, or any other IA pertinent documents.
- Manage, oversee and coordinate the creation of needed evidence in A&A packages for submission into the required registry databases and author documents and diagrams to satisfy the corresponding NIST SP-800-53 controls associated with the information security targets for Confidentiality, Integrity, and Availability (CIA).
- Manage the PMO and IA stakeholders to maintain Authorities to Operate (ATOs) for multiple systems.
- Provide input into the Federal Information Security Management Act (FISMA) reporting, and work with the PMO in addressing any identified vulnerabilities.
- Facilitate and/or conduct drills or table-top exercises such as Continuity of Operations (COOP), spillage, or other events
Years of Experience: 10 years of experience or more.
Education: Bachelor's degree
Location: Chantilly, VA
Clearance: Active TS/SCI w/ ability to obtain CI Poly
Required Technical and Professional Expertise
- Active TS/SCI clearance
- Certified Information Systems Security Professional (CISSP) Certificate
- DoD 8570 IAT Level I & Level II Certifications (A+, Security+)
- 10+ years hands-on experience obtaining and maintaining security accreditation for Linux-based software systems and capabilities, including documenting and reviewing Security Controls and Test Plans, and using the Xacta cyber risk management tool
- Understanding of Risk Management Framework (RMF) and IC Authority to Operate (ATO) and Interim Authority to Test (IATT) processes
- Working knowledge and experience with security certification, ICD 503, NIST 800-53 security controls, and DISA Control Correlation Identifiers (CCIs) / Security Technical Implementation Guides (STIGs)
- Proven expertise obtaining ATOs and IATTs on IC programs (desired)
- Demonstrated understanding and commitment to modern Continuous ATO processes (desired)
- Advanced organizational skills with the ability to handle multiple assignments
- Strong written and oral communication skills
- Strong critical thinking skills with Inquiring mind / inquisitive nature
- Microsoft Office proficiency
- Clearance: Active TS/SCI w/ ability to obtain CI Poly
Preferred Technical and Professional Expertise
About Business Unit
Your Life @ IBM
Being an IBMer means you’ll be able to learn and develop yourself and your career, you’ll be encouraged to be courageous and experiment everyday, all whilst having continuous trust and support in an environment where everyone can thrive whatever their personal or professional background.
Our IBMers are growth minded, always staying curious, open to feedback and learning new information and skills to constantly transform themselves and our company. They are trusted to provide on-going feedback to help other IBMers grow, as well as collaborate with colleagues keeping in mind a team focused approach to include different perspectives to drive exceptional outcomes for our customers. The courage our IBMers have to make critical decisions everyday is essential to IBM becoming the catalyst for progress, always embracing challenges with resources they have to hand, a can-do attitude and always striving for an outcome focused approach within everything that they do.
Are you ready to be an IBMer?
- Healthcare benefits including medical & prescription drug coverage, dental, vision, and mental health & well being
- Financial programs such as 401(k), the IBM Employee Stock Purchase Plan, financial counseling, life insurance, short & long- term disability coverage, and opportunities for performance based salary incentive programs
- Generous paid time off including 12 holidays, minimum 56 hours sick time, 120 hours vacation, 12 weeks parental bonding leave in accordance with IBM Policy, and other Paid Care Leave programs. IBM also offers paid family leave benefits to eligible employees where required by applicable law
- Training and educational resources on our personalized, AI-driven learning platform where IBMers can grow skills and obtain industry-recognized certifications to achieve their career goals
- Diverse and inclusive employee resource groups, giving & volunteer opportunities, and discounts on retail products, services & experiences
The compensation range and benefits for this position are based on a full-time schedule for a full calendar year. The salary will vary depending on your job-related skills, experience and location. Pay increment and frequency of pay will be in accordance with employment classification and applicable laws. For part time roles, your compensation and benefits will be adjusted to reflect your hours. Benefits may be pro-rated for those who start working during the calendar year.
We consider qualified applicants with criminal histories, consistent with applicable law.
IBM will not be providing visa sponsorship for this position now or in the future. Therefore, in order to be considered for this position, you must have the ability to work without a need for current or future visa sponsorship.
Being You @ IBM