At The One 23 Group, our mission is to set the benchmark for excellence in government services. We empower our clients in the Department of Defense, Intelligence Community, and Federal Civilian sectors to excel with our advanced capabilities. Our dedication lies in fostering a people-first culture, underpinned by steadfast ethical principles. Embracing innovative technologies and process improvements, we are steadfast in our journey toward a future that is both bright and transformative.
Our expertise spans Cyber, Mission IT and Enterprise IT. With our global footprint, we place a strong emphasis on nurturing our people and culture, which forms the core of our successful strategies in leadership and financial management. We pride ourselves on our extensive experience and effective approach, ensuring that we lead with both innovation and integrity.
The Defense Commissary Agency (DeCA) is responsible to Joint Force Headquarters, Department of Defense Information Network (JFHQ-DoDIN) and United States Cyber Command (USCYBERCOM) for the ongoing efforts to secure, operate and defend the Department of Defense Information Network (DoDIN) as a Tier-1 DoDIN Area of Operations (DAO). DeCA is also responsible for upholding other requirements including but not limited to those set by the Federal Information Security Management Act (FISMA), the Payment Card Industry Data Security Standard (PCI-DSS), and the National Institute of Standards and Technology Risk Management Framework (RMF) in order to continue operations. The requirements of this position will be to provide risk management, long-term vulnerability management, and general cybersecurity support.
Primary Responsibilities
· Protect and defend DeCA by working with DeCA’s Information Systems Security Managers (ISSM) and Information Systems Security Officers (ISSO), and others to secure the Desktop Common Operating Environment (DCOE) in accordance with National Institute of Standards and Technology Risk Management Framework, Department of Defense, and DeCA doctrine
· Assist in the development of Plan(s) of Action and Milestones (POA&M, or POAM) and Risk Acceptance
· Vulnerability Management
Secondary Responsibilities
· Assist in managing vulnerability patching
· Reporting of vulnerability baselines
Knowledge/Experience must include
· Customer Service/Support
· Risk Management Framework (RMF)
· RMF Security Controls
· Information Assurance Vulnerability Management (IAVM)
· Assured Compliance Assessment Solution (ACAS)
· Enterprise Mission Assurance Support Service (eMASS)
· System Security Plans (SSPs)
· Authority to Operate (ATOs)
· Plan of Action & Milestones (POA&Ms)
· Designating Approving Authority Risk Acceptance (DRAs)
· Security Content Automation Protocol (SCAP)
· Security Compliance Checker (SCC)
· Public Key Infrastructure (PKI)
· Security Technical Implementation Guides (STIGs)
· McAfee Endpoint Security Solutions (ESS-)
· National Institute of Standards and Technology (NIST)
· Ticketing System Experience (e.g. BMC Remedy/ServiceNow/SolarWinds/Ivanti)
· Excellent Oral/Written Communication
· Federal Risk and Authorization Management Program (FedRAMP)
Qualifications
· Bachelor's degree or HS/GED + 5 yrs in Windows Computing Environment
· Baseline Certification (required): DoD 8140 certification from CSSP Infrastructure Support or CSSP Auditor category (CEH, CYSA+, GICSP, SSCP, CHFI, CFR, Cloud+, CND, CISA, GSNA, CFR, PenTest+), CISM or CISSP
· Computing Environment Certification (ACASS or EMASS) – can be obtained within six months of hire
· ITIL Training Course (ITIL v4 recommended) – can be obtained after hire