JOB DESCRIPTION
Allied Technologies and Consulting (ATC) is recruiting for a Cybersecurity/Risk Management Framework Analyst to support medical device/system advanced development and fielding programs. This on-site position supporting the U.S. Army Medical Materiel Development Activity (USAMMDA) is based in Frederick, Maryland will require 2-3 days per week at a government office on Fort Detrick.
DUTIES AND RESPONSIBILITIES:
The experienced, professional and adaptable Cybersecurity/Risk Management Framework Analyst will perform the following duties:
Serve as a technical expert concerning programmatic information technology (IT) security/information assurance (IA), cybersecurity, and Risk Management Framework (RMF) requirements. Provide program development support in planning, developing, implementing and maintaining medical device equipment (MDE) security programs to ensure the confidentiality integrity, and availability of MDE systems, networks and data/information programs.
Provide advice and guidance on a wide range and variety of complex IT, cybersecurity and RMF issues, which cover development and modernization program systems and services. Provide cybersecurity and RMF programmatic support on programming techniques, equipment characteristics, systems and network software characteristics for MDE.
Be knowledgeable in DoD, DA, DHA, and National Institute of Standards and Technology (NIST) security regulation standards to include information technology security/information assurance laws, regulations, standards, principles, practices, and concepts in order to evaluate the effectiveness of cybersecurity and RMF procedures and operations used in product development to safeguard all MDEs. Program elements include security management, software security, IT equipment security, procedural security, data communications security, and Protected Health Information (PHI) security.
Ensure that MDE design complies with DOD and Army IA requirements and participates in IPT recommending system changes and modifications to ensure the development of related system security measures.
Review and evaluate the security impact of MDE system changes including interfaces with other systems. Support the government ensuring all MDE systems are operated and maintained according to higher authority regulations.
Support the conduct of threat and vulnerability inspections and identifies technical vulnerabilities, risk assessments, and determines effective measures to minimize such risks. Prepare and report inspection findings/recommendations to the government cybersecurity representative. Support the management of the review of systems audit trails and insure the thorough investigation of discrepancies. Conduct threat and vulnerability security awareness requirements training for Integrated Product Teams (IPTs).
Provide expert advice/guidance pertinent to IA and cybersecurity program policies, guides and procedures during all stages of the MDE acquisition process. Participate as an integrated product team member in conducting broad and comprehensive cybersecurity reviews, investigations and studies for development and modernization programs to evaluate the cybersecurity posture of MDE.
Support the enforcement of security policies and safeguards for MDE systems, including recommending stopping system operation if warranted by the seriousness of security violations. Support the development of cybersecurity plans, local policy guidance, regulations and procedures, and standard operating procedures to ensure regulatory requirements are followed. Conduct and participate in various cybersecurity/RMF meetings with IPTs, Army and DHA organizational elements and representatives of other commands to plan, evaluate and determine appropriate measures needed to ensure programmatic security requirements are met.
Be knowledgeable of security-related information technologies and tools such as Internet Protocol Suite (IP), Domain Name Service (DNS), Authentication, Remote Access, Routing and Switching, Public Key Infrastructure (PKI), Identity and Access Management, Encryption, and Assured Compliance Assessment Solution (ACAS)/Numerical Evaluation of Stochastic Structures Under Stress (NESSUS) scans. The work requires in-depth analysis of MDE cybersecurity postures. The Contractor shall be knowledgeable of the Defense adaptive acquisition framework processes.
EDUCATION, SKILLS AND EXPERIENCE REQUIRED:
Bachelor’s degree in Cybersecurity, Computer Science or Computer Forensics.
At least 3 years of related cybersecurity/RMR experience and 7 years of working experience within computer science/IT.
Excellent communication, program development, IT/cybersecurity knowledge, creative and technical problem-solving, strong attention-to-detail skills
Experience, knowledge and the ability to use Microsoft Office Suite including Word, PowerPoint, Excel, Outlook, and SharePoint.
Understanding of computer program fundamentals, regulatory knowledge, and risk/threat knowledge
At least 2—3 years’ experience in Federal contracting, government or military environment is preferred.
Public Trust T1-NACI Clearance Required
US Citizen
Must be able to pass background and drug testing.
THIS IS A FEDERAL CONTRACT.
About Allied Technologies and Consulting
Allied Technologies and Consulting, LLC is an Equal Opportunity Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status.
Equal Opportunity is the Law
https://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf
Equal Opportunity is the Law Supplement
https://www.dol.gov/ofccp/regs/compliance/posters/pdf/OFCCP_EEO_Supplement_Final_JRF_QA_508c.pdf
Pay Transparency Nondiscrimination Provision
https://www.dol.gov/ofccp/pdf/pay-transp_unformattedESQA508c.pdf