The Contractor shall execute a comprehensive assessment, compliance and validation framework to assess Cybersecurity effectiveness, as well as assure and validate regulatory and standards compliance.  Key activities include the timely application of software maintenance patches, security assistance visits (SAVs), inspections, validation scanning, remediation, and reviews security assistance visits (SAVs), inspections, validate various capability packages and registration to support emerging technologies, to include but not limited to, WLAN, VPN, Mobility Access, Data at Rest and Enterprise Gray network solutions.  The Contractor shall perform duties in this task area in accordance with policies, procedures, regulations, directives, and software development guidelines from USSOCOM, its Component Commands, TSOCs, deployed forces and higher headquarters (e.g., DoD, DIA, DISA, NSA, and USCYBERCOM).

The tasks in this area include:

• Provide dedicated, on-site support for Cybersecurity assessments, compliance, and validation.
• Perform Cybersecurity Compliance and Validations to include Cybersecurity site visits, inspections, scanning, remediation, patch compliance, and reviews.
• Assess the SIE organizational security posture of USSOCOM’s Component Commands, TSOCs, and deployed forces and verify their compliance with DoD, DIA and USSOCOM guidance.  Assemble and execute an approved assessment schedule and create a report summarizing findings and mitigation actions taken within 60 calendar days of the completion of each assessment. Track and report on the actions taken at each site assessed until the actions are completed.
• Identify common security risks by analyzing findings, developing metrics, and trends.
• Validate the patching of systems, perform validation scanning, develop Plans of Action & Milestone (POA&Ms), and report as directed by applicable policies, procedures, and regulations.
• Assist Component Commands, TSOCs, and deployed forces with required scanning and vulnerability management programs.
• Track and report to higher headquarters organizations (e.g., USCYBERCOM, DIA) compliance with applicable Cybersecurity regulations and directives.
• Maintain records documenting compliance with federal laws, directives, policies and procedures and provide USSOCOM, its Component Commands, TSOCs, deployed forces and their delegates free and open access to these records.
• If audits or reviews result in a finding or risk, provide a POA&M  for correcting or mitigating the weakness within three business days; track POA&Ms and provide status updates.
• Periodically review USSOCOM, Component Command, TSOC, and deployed forces’ Information Security Plans and Physical Security Plans and recommend measures to safeguard classified, sensitive, and unclassified information.
• Identify and document that physical security elements identified to support DoD networks, systems, services and devices are in compliance with USCYBERCOM, DISA, DoD, DIA, NSA, USSOCOM, Component Command, TSOC, and deployed forces’ security controls for access control.
• Execute USSOCOM, Component Command, TSOC, and deployed forces’ Information Assurance Vulnerability Management (IAVM) programs; track and report Information Assurance Vulnerability Alert (IAVA) and Information Assurance Vulnerability Bulletin (IAVB) compliance status.  Coordinate with subordinate organizations for required reporting and compliance status.  Track and report the status of POA&Ms through their completion.
• Execute USSOCOM, Component Command, TSOC, and deployed forces’ Cybersecurity self-inspection programs; track and report on compliance and completion.
• Perform FISMA network and system security reviews in accordance with USSOCOM, Component Command, TSOC, and deployed forces’ policies, procedures, and regulations.
• Perform and publish trend analyses of SIE Cybersecurity assessments, lessons learned, and recommended mitigation approaches within 30 calendar days of the completion of an assessment.
• Provide subject matter expertise for COA development and the implementation of Cybersecurity mitigation strategies.
• Develop and implement required processes, procedures, and capabilities to mitigate vulnerabilities and weaknesses for software and hardware deployment.  Develop and submit documentation for government approval that includes: identification of weaknesses; recommendations for manual and automated methods of testing; process for submitting results for evaluation and mitigation.
• Respond to Cybersecurity Requests for Information (RFIs) from external organizations and NetOps decision makers.  Implement Cybersecurity related tasks directed in Task Orders, policies, procedures, regulations, and directives (e.g. Insider Threat Mitigation, data transfer authorities, privileged user oversight, etc.). Coordinate with USSOCOM, its Component Commands, TSOCs, and deployed forces for required reporting and compliance status. Track and report on associated POA&Ms.

Qualifications – External Knowledge, Skills and Abilities:

• Experience with the US Combatant Commands (USCENTCOM/USSOCOM) is desired
• Technical background with system administration experience, architecture and engineering preferred
• Technical background in networking, identity management, Microsoft and Linux operating systems, database, and mobility
• Working knowledge of the RMF.
• Knowledge of the Telos Xacta or Enterprise Mission Assurance Support Services (eMASS) system is desired.
• Must have excellent communications skill (written and oral) and interpersonal skills.
• Knowledge and experience with DoD IA processes and policies (e.g., DODI 8510.01, NIST, CNSS and other cybersecurity policies, Chairman of the Joint Chiefs of Staff Manual (CJCSM) 65101.01, Incident Response and other IA policies).
• Active TS/SCI clearance required.

Experience, Education, & Certification Requirements:

• Years of Experience Required: >5 yrs
• Education Required: BA/BS
• Certification Required: Current DoD 8570.01- M, IAT- Level II.
• Example Certs: CCNA-Security, GICSP, GSEC, Security+ CE, SSCP, CISSP (or Associate), CASP+CE, CISA, GCED, or GCIH
• Physical Requirements: May include lifting of weight up to forty (20) pounds as necessary
• Work Environment: Can involve inside or outside work depending on the task. An inside environment may be a cubicle
• (considerations: close quarters, low to moderate noise, bright or dim lighting). Outside work may include various
• environmental conditions including warm and cold climates. Needs to be able to work well with co-workers and all levels
• of management. No hazards on job or unusual environmental conditions.
• Equipment and Machines: Ability to operate office equipment such as a personal computer, printer, copy machine,
• telephone, fax machine and other equipment including desk supplies and other work-related tools as required. Possess
• heavy and light equipment licenses, or the ability to obtain the necessary licenses.
• Attendance: Normal hours are Monday – Friday between 6:00am to 4:00pm.  With the exception of STD/LTD/FMLA & approved
• time off, attendance is considered essential.
• Other Essential Functions:
• Must demonstrate professional behavior at all times when dealing with customers, management, and co-workers. Must have clear, concise and accurate communications skills in English, both verbal and written.
• Grooming and dress must be appropriate for the position and must not impose a safety risk to employees or others.
• Must maintain a positive work atmosphere by behaving and communicating in a professional manner.
• Independent personal transportation to office or work site is required. Travel (up to 10%) to and from customer locations and test locations (government and vendor) may be required to support projects. This may involve airline travel. In some cases, accommodations can possibly be made for POV, if necessary.
• When operating any vehicle for work purposes, must wear seat belt and in addition, no cellular devices are to be used when vehicle is in motion

Compensation Details:

The compensation range or hourly rate listed for this position is provided as a good-faith estimate of what the company intends to offer for this role at the time this posting was issued. Actual compensation may vary based on factors such as job responsibilities, education, experience, skills, internal equity, market data, applicable collective bargaining agreements, and relevant laws.

Benefits Overview:

Our health and welfare benefits are designed to support you and your priorities. Offerings include:

• Health, dental, and vision insurance

• Paid time off and holidays

• Retirement benefits (including 401(k) matching)

• Educational reimbursement

• Parental leave

• Employee stock purchase plan

• Tax-saving options

• Disability and life insurance

• Pet insurance

Note: Benefits may vary based on employment type, location, and applicable agreements. Positions governed by a Collective Bargaining Agreement (CBA), the McNamara-O'Hara Service Contract Act (SCA), or other employment contracts may include different provisions/benefits.

Original Posting:

Amentum anticipates this job requisition will remain open for at least three days, with a closing date no earlier than three days after the original posting. This timeline may change based on business needs.

Amentum is proud to be an Equal Opportunity Employer. Our hiring practices provide equal opportunity for employment without regard to race, sex, sexual orientation, pregnancy (including pregnancy, childbirth, breastfeeding, or medical conditions related to pregnancy, childbirth, or breastfeeding), age, ancestry, United States military or veteran status, color, religion, creed,  marital or domestic partner status, medical condition, genetic information, national origin, citizenship status, low-income status, or mental or physical disability so long as the essential functions of the job can be performed with or without reasonable accommodation, or any other protected category under federal, state, or local law. Learn more about your rights under Federal laws and supplemental language at Labor Laws Posters.