As part of the cybersecurity team you will be tasked with verification of compliance across all systems utilized by the teams. Perform scans as required and within USAF and DISA IA guidelines. Create impact reports, and make recommendations for corrective actions to be performed after analyzing ACAS scans, SCAP scans, and manual STIG compliance checks. Provide IA artifacts when necessary for monthly reporting and accreditation renewals. As required gather updates from IA databases for IA packages. As needed you will work with the technical publication team to publish TCTOs for CCB approval.

As a dynamic systems integrator, SMS offers proven solutions in engineering, operations, cybersecurity, and digital transformation. With expertise in modernizing and optimizing legacy infrastructure and systems, ensuring operational efficiency, and designing, implementing, and managing secure environments, SMS supports business and mission goals with proficiency, quality, and integrity.

SMS has been serving the advanced information technology needs of the federal government since 1976, delivering talented teams and innovative, cost-effective solutions and services to support our customers' missions for more than 40 years. SMS is headquartered in McLean, Virginia, with offices and on-site operations at customer locations throughout the United States. For additional information on SMS, visit www.sms.com.

Submit your resume today!

Continuously perform security reviews in accordance with USAF and DISA Information Assurance (IA) guidelines.
• Create and update security assessment plans to reflect the most recent STIG releases.
• Perform required testing to update system baselines in accordance with the USAF IA requirements.
• Provide STIG Impact Reports (SIR) for all STIG reviews and include an analysis of current STIG compliance. Report will include the following:
  • A STIG Matrix mapped to products (HNI & ITF), TO controlled systems and Authorization to Operate (ATO)
  • Recommendation on implementation necessities (TCTO, IA artifacts, other) for updated STIGs analysis and testing (as required) performed of the STIG updates.
  • Recommendations for Plan of Action and Milestone (POA&M) for non-compliance
• Update required artifacts necessary for accreditation renewal.
• Prepare data documentation for the implementation of the applicable STIG updates and working with the Technical Publications team to create and publish a TCTO within 30 days of SIR CDRL acceptance and Configuration Control Board (CCB) approval.
• Submit a change proposal detailing the updates.
• Perform annual IA/Cyber Security testing for organizations deployed systems and the ITF infrastructure.
• Utilizing ACAS conduct periodic Cybersecurity testing.
• Perform manual STIG compliance checks as required.
• Analyze scanning results and compliance checks.
• Make recommendations for corrective action based on scanning results.
• Submit recommendations for TO changes
• Provide IA support for the day-to-day operations of the ITF infrastructure to include: scanning, STIG implementation, security patch application, security testing, and STIG reviews as needed for the ITF and its customers.
• Provide updated IA/Cybersecurity Artifacts when changes to the ITF baselines are approved by the Government.
• Utilizing approved IA databases to include eMASS gather updates for IA packages.
• Draft and submit a summary of IA artifacts monthly.
• Participate in a bi-weekly meeting with the customer to present work completed during that period.

Requirements

• 7-9 years of experience in IA/Cyber Security in an enterprise environment.
• Experience with McAfee ePolicy Orchestrator
• Experience with Entercept & Policy Auditor/Remediation
• Experience with SAP security
• Experience with eMASS and IA databases used to gather updates.
• Experience working with STIG:
  • Understanding requirements
  • Scanning, and verification
• Experience producing and presenting IA artifacts
• Experience working with and utilizing IA controls

Education:

• Bachelor's degree in related technical discipline, or MIS related field is preferred but not mandatory.

Required Certifications:

• CompTIA Security+CE or IAT Level II equivalent
• CompTIA Cloud+, Server+, Network+, or A+
• ITILv3 Foundation

Desired Certifications:

• CISSP

Clearance:

• Active DOD Secret required with ability to upgrade to TS/SCI if necessary

SMS is a veteran-owned network integrator established in 1976. With an employee retention rate averaging over 5 years, our ability to hire quality people and retain them in a rapidly evolving IT market proves why we are a world-class information technology company. At SMS, we place a high value on quality of service, customer satisfaction, and best-of-breed policies and practices. As a result, SMS is proud to be ISO 9001:2008 Registered and a CMMI Level 3 certified company, ensuring that we continue to meet and exceed the expectations of our customers, partners and employees.

SMS is an Equal Opportunity Employer.