Security Expert II
Macalogic is a dynamic and growing company with broad competencies based on over a decade of experience working in the federal arena. We are an SBA-certified 8(a) and Economically Disadvantaged Woman-Owned Small Business (EDWOSB). We provide IT technical, program management, and business consulting services to customers in the Government and Commercial sectors.
Our core values of accountability, collaboration, value, and respect are central to everything we do at Macalogic. As such, we are always open to talking to self-motivated and responsible team players who are focused on contributing to the success of our clients. We offer a generous benefits package and compensation commensurate with your experience and skillset.
We are seeking a Security Expert who will provide cyber security support to the USAF Business Enterprise Systems (BES) systems portfolio. This includes using eMASS to document security control test results, creating and updating RMF related artifacts specific to NIST security control families, performing United States Air Force (USAF) Assessment and Authorization (A&A) processes. Also, the successful candidate will perform application code scans using a variety of code scanning tools, evaluate identified vulnerabilities, and work with software developers to eliminate any uncovered vulnerabilities. In addition, the successful candidate will perform a variety of routine project tasks associated with specialized cyber security problems for the BES portfolio. Successful candidates will have experience with providing cyber security support for the planning, design, development, testing, demonstration, and integration of USAF business information systems as well as have experience using eMASS to document security control test results.
Duties and Responsibilities:
- The successful candidate will provide cyber security support associated with the planning, design, development, testing, demonstration, and integration of information systems across the BES portfolio. This individual will develop System Security Plans using the Risk Management Framework (RMF) for DoD Information Technology (IT). They will perform STIG reviews and develop remediations and results. Other tasks will involve the integration of electronic processes or methodologies to resolve total system problems, or technology problems as they relate to cyber security requirements. Additional responsibilities include: Assisting in assessment and authorization activities for DoD information systems.
- Utilizing Enterprise Mission Assurance Service (eMASS) to document security control test results.
- Creating and updating Risk Management Framework (RMF) related artifacts specific to NIST security control families.
- Evaluating application code using scanning tools including SCAT to identify vulnerabilities and recommend mitigation actions.
- Perform Security Technical Implementation Guide (STIG) execution, review and analysis, and vulnerability remediation.
- Leading mitigation of vulnerabilities derived from security scans.
- Developing and implementing policies and procedures to ensure that systems support the organization's business requirements and meet the needs of end-users.
- Defining systems requirements based on user/client needs, cost, and required integration with existing applications, systems, or platforms.
- Defining technical standards and functionality tests.
- Developing specifications, prototypes, or initial user guides.
- Working with project managers, developers, and end-users to ensure application designs meet business requirements.
- Designing, planning, and coordinating application systems and programming work teams.
- Providing functional or operational support to project development and software test team members. Handles complex application strategies features and technical concepts.
Education and Experience Requirements:
- Bachelor’s Degree in a technical or related field. Relevant DoD or technical experience may be substituted in lieu of degree requirements.
- At least 10 years of relevant work experience.
- Must possess one of the following:
- Security+ CE
- Systems Security Certified Practices (SSCP)
- Global Information Assurance Certification (GIAC) Security Essentials (GSEC)
- Must have an active DoD Secret Security Clearance
- Must be a U.S. Citizen
Skills and Abilities:
- Excellent oral, written, and communication in English.
- Must be able to work in a team environment with members, including personnel from other companies, Government program management and administrative personnel, and technical staff members.
Working conditions, including location:
- Maxwell Air Force Base, Gunter Annex, Montgomery, AL
- Client duty hours Monday through Friday, ranging from 0600 hours to 1800hrs.