Cybersecurity Specialist ‐ Senior-Level (remote during COVID)

Akima Global Technology (AGT) is a technology solutions, program management and support company that collaborates with technology partners and the federal government to deliver IT, management, staffing, recruiting, contracting and logistics services. Our personnel enjoy competitive benefits packages and challenging roles in work environments committed to innovation, diversity and opportunity for career growth. As an Alaska Native Corporation (ANC), 100% of our company’s profits go back to our more than 14,000 Iñupiat shareholders that have resided near and above the Arctic Circle for more than 10,000 years. Our business helps support their way of life and contributes to the survival of a culture that has thrived in a challenging environment.

Summary:

Akima Global Technology is seeking a Senior-Level Cybersecurity Specialist to join our team to support and be responsible for identifying cybersecurity deficiencies in information systems by performing technical assessments of assigned systems and applications to determine the severity of weaknesses; Supports the Security Authorization (SA) and Continuous Monitoring (CM), Risk Management Framework (RMF) process. Results of the assessments will be documented in the MGMT compliance tool, (e.g., IACS, CSAM, etc.), utilizing a standard report format with the results and findings from the assessment, along with recommended mitigations. Results will also be entered into the compliance tool.

Responsibilities:

• Create, manage, and utilize Assessment Standard Operating Procedures and Testing Templates and ensure that assessments are conducted accurately, efficiently, and consistently.

• Create, manage, and utilize Assessment Guides and Training Materials Documents that assist system stakeholders in preparing for upcoming assessments. Includes, but is not limited to Frequently Asked Question guides, workflows, and Training Materials.

• Create, manage, and utilize Check-Point Reviews to determine the readiness of the system for assessments. Includes the status of POA&Ms for the system, review of control implementations for applicability and the state of the Body of Evidence (BOE) materials to support the assessment.

• Manage Assessment Entrance Conference Briefing, creating agenda and meeting minutes for the system stakeholders on what to expect and when during the upcoming assessments.

• Draft Security Assessment Report (SAR) for review by the stakeholders to prepare for the Exit Conference.

• Manage Assessment Exit Conference Briefing, creating agenda and meeting minutes for the system stakeholders on the results of the Exit conference to determine the final SAR.

• Create Final Security Assessment Report for review by the stakeholders to prepare for the Exit Conference.

• Develop and maintain an overall Security Assessment Schedule that forecasts system assignments.

• Develop testing artifacts for each system to include, as appropriate, the technical assessment plan, the Rules of Engagement (ROE), the Security Requirements Traceability Matrix (SRTM), the Security Assessment Report, and any other necessary documentation.

• Update and maintain all testing templates and Standard Operating Procedures (SOP) as needed, or on an annual basis per DHS guidelines, to include the utilization of the compliance tool.

• Create Assessment Guides to assist ISSOs, ISSMs, System Owners and other stakeholders to prepare for upcoming assessments. This includes but is not limited to Frequently Asked Questions (FAQs) guides, and Training Materials.

• Conduct and/or review vulnerability scans, review device configurations, and review system architecture.

• Provide advisement and recommendations to the Government for assessment and security best practices including tools that are used for assessment activities.

• Arrange for physical access to the system, if applicable, with the specific System Owner and the specific facility manager(s).

• Conduct an Assessment Kick-off meeting according to the Security Assessment Schedule that reviews the MGMT Compliance requirements, process, and artifacts to prepare the stakeholders for the scheduled assessment.

• Conduct up to two check point reviews after the kickoff, and prior to the planned assessment date to review the status of the artifacts in the compliance tool.

• Conduct an assessment entrance conference according to the Security Assessment Schedule that does a final overview of what is expected during the assessment.

• Execute the assessment through the review of system security documentation, vulnerability scan results, audit logs, configuration guides, and any other additional materials provided by the system and system stakeholders.

• Document the results of the technical assessments in the draft Security Assessment Report (SAR) with the criteria of the tests, testing methods, findings of the assessment and recommended mitigations.

• Conduct an assessment exit conference according to the Security Assessment Schedule to review of the findings of the draft SAR and address any final agreed changes.

• Produce the Final SAR to document the results of the technical assessments with the criteria of the tests, testing methods, findings of the assessment and recommended mitigations.

• Collect and securely store all final materials and media submitted by the system test team according to the SOP in the DHS compliance system.

Minimum Qualifications:

• CISSP, CISM, CRISC, or CSSP certification.

• Active SECRET security clearance.

• 8 years' experience in a cyber security position.

• Bachelor's Degree in Computer Science or a related field.

The duties and responsibilities listed in this job description generally cover the nature and level of work being performed by individuals assigned to this position. This is not intended to be a complete list of all duties, responsibilities, and skills required. Subject to the terms of an applicable collective bargaining agreement, the company management reserves the right to modify, add, or remove duties and to assign other duties as may be necessary. We wish to thank all applicants for their interest and effort in applying for the position; however, only candidates selected for interviews will be contacted.