Cybersecurity Specialist
Umyuaq Technology, Part of the Wood River Federal group of companies primarily focused on providing information technology (IT) support services and personnel to various government customers. We help our customer's leverage technology and operate with total confidence in their technology resources' predictability, security, and reliability to meet business objectives by providing a wide array of professional services and products. Umyuaq Technology is looking for a qualified Cybersecurity Specialist to support our contract at the Brooke Army Medical Center, located on Joint Base San Antonio-Fort Sam Houston, in San Antonio, TX.
Job description
We’re seeking a Cybersecurity Specialist, you’ll perform complex cyber technical analysis for new and existing technologies, vendors, and hardware to identify and mitigate cybersecurity risk to Government systems. Utilize cutting edge cyber technology in making secure design recommendations and identifying threats, and vulnerabilities with technology implementations, and current production systems. Collaborate with other cybersecurity teams such as cyber incident response, tools and technologies, and engineering to help make risk-based
decisions to mitigate cybersecurity risk. Collaborate with other team members on current vulnerabilities, and threat actor’s tactics, techniques, and procedures.
Qualifications:
- Conduct cybersecurity risk assessments on vendors to identify security deficiencies of the vendor’s security posture utilizing passive traffic analysis techniques with commercially available technology and open source tools.
- Utilize Open Source Intelligence (OSINT) platforms and threat intelligence software to understand potential threat of breach to vendor and historical security incidents to communicate basic recommendations of compensating controls. Determines deviations from standards, policies, or contractual terms and conditions.
- Apply specialized cybersecurity expertise and industry best practice methodology to determine the impact of a realized incident to the organizations data/infrastructure of the identified vulnerabilities and develops and/or recommends appropriate mitigation countermeasures to remediate or mitigate risk to the organization.
- Conduct cybersecurity penetration testing to perform complex technical analysis on vendor’s software and hardware by configuring commercially available and open source technology to identify insecure configuration settings and software vulnerabilities to recommend the most efficient implementation techniques and tools for solutions to address system deficiencies or consider alternative system planning and design.
- Review Third Party Audit Documentation, Penetration Testing Reports, and Security Certifications for Equipment and Secure Code Design to understand and communicate potential risk to the organization. Determines deviations from standards, policies, or contractual terms.·
- Serve as principal staff advisor on all matters relating to vulnerabilities and threats to computer systems.
- Develop correspondence security countermeasures necessary to protect sensitive and PHI/PII information processed on DoD/DHA computer equipment.
- Provide guidance and support for the protection of information technology (IT) systems, e.g. personal computers, Local Area Networks (LAN).
- Support the organization(s) Cybersecurity program to include Network Security Improvement Program (NSIP) initiatives and requirements, Cybersecurity Vulnerability Alert monitoring, analysis and reporting, Cybersecurity issue resolution, development of Cybersecurity policy/guidance, implementation of Cybersecurity technologies, administration of Cybersecurity programs such as Information Operations Condition (INFOCON) and the Department of Defense Information Risk Management Framework (RMF) and Cybersecurity assessment and compliance monitoring.
- Provide guidance on accreditation procedures and appropriate computer security measures by administering and monitoring implementation of RMF.
- Review certification and accreditation documentation to ensure it is compliant with RMF standards.
- Develop guidance and assist customers through the RMF process.
- Participate in the development of hardware and software safeguards to reduce risks during electronic processing of sensitive information.
- Implement audit measures to ensure activity compliance with regulatory requirements.
- Participate in inspections and surveys of computer systems.
- Provide inspection results and violations to top management in the form of briefings and formal reports and approves the adequacy of corrective actions taken.
- Review and evaluate the impact of new systems or system changes in relation to DoD/DHA IA configuration management, architecture, and network security standards and requirements, including existing or proposed interfaces with other computerized systems.
- Review computer systems techniques for accessing files and the total system to assure data, files, and equipment are not compromised and fully meet security measures (to include environmental control, system stability, data integrity, system reliability) and that ports, protocols, communication links, and services adhere to the deny all, permit by exception policy, Security Requirements Guides (SRG), Security Technical Implementation Guidance (STIG), and Best Business Practices (BBP).
- Provide technical security input and assistance on the design, development, integration, implementation, and operation of all management information systems.
- Ensure all Information Security and Commercial Off The Shelf (COTS)/Government Off The Shelf (GOTS) within the area of responsibility are properly certified and accredited in accordance with RMF and configuration management policies and practices prior to installing, developing, beta testing, or operating on a garrison-managed/controlled device.
- Coordinate and conduct surveys, inspections, and assistance visits that improve the level of security.
- Implement a training and education program to ensure that all cybersecurity personnel and individual computer users are familiar with computer and information security requirements and are adequately trained to operate and maintain automated information systems in compliance with all applicable regulations and safeguards.
Qualifications
The essentials
- Three (3) to (5) years of Cybersecurity experience.
- Have a CompTIA Advanced Security Practitioner (CASP) certification or equivalent.
- Have a IAT Level II position as defined in DOD 8570-01-M.
The preferred
·
- Bachelor’s degree.
- CEH, OSCP, GSEC, OWASP, CISSP.
- Experience with risk assessments and/or penetration testing using open source or commercially available technology
- Experience in applying DoD/ IT architecture, interrelationships among multiple IT specialties, new IT developments and applications, emerging technologies, and their application to business processes, IT security concepts, standards, and methods, project management principles, methods, and practices; and oral and written communication techniques sufficient to serve as a subject matter expert in cybersecurity/IA and manage assigned IT projects and program.
- Experience of total infrastructure protection environment; system security certification and accreditation requirements and processes; and Federal information systems protocols in order to integrate information systems security with other IT and security disciplines, manage network and systems accreditation, and ensure coordination and collaboration on a wide range of security activities.
- Experience in IT and cybersecurity concepts, principles, and practices required to plan, and evaluate Information Security (IS) programs for Automated Information Systems.
- Coordinate and conduct surveys, inspections, and assistance visits that improve the level of security.
Umyuaq Technologies offers competitive Pay and Benefits package. Umyuaq is an equal opportunity employer.
Other details
- Pay Type Salary
- 3551 Roger Brooke Dr, Fort Sam Houston, TX 78234, USA