Caribou Thunder Cybersecurity Lead in Colorado Springs, Colorado
Caribou Thunder LLC is a provider of global engineering services since 2006. The company is certified by the Small Business Administration as Native American and woman owned, HUBZone and Small Disadvantaged Business, that has completed projects for Department of Defense and Intelligence Community in 22 countries and 35 states around the globe.
Caribou Thunder is seeking a Cybersecurity Lead in Colorado Springs, Colorado that will support a large Department of Defense contract. The work environment is that of a casual small-company feel but backed by large-company resources and infrastructure. Our diverse systems engineering team is mission-focused while also committed to personal development.
Report directly to the Weapon System (WS) Chief Engineer/Manager relating to all aspects of cybersecurity to improve the cybersecurity posture of the WS
Brief the government Program Manager (PM) on progress of cybersecurity & risk/impacts to the WS
Participate within an Agile environment, meeting in regular scrums, and developing stories to move the WS?s cyber posture forward.
Lead/host bi-weekly the WS Cyber Integrated Project Team and quarterly Cybersecurity Working Groups with the government cyber team
Lead WS assigned cyber personnel in performing assessments of systems and networks within the networking environment and identify where those systems and networks deviate from acceptable configurations, enclave policy, or local policy. This is achieved through passive evaluations such as compliance audits using Security Technical Implementation Guide (STIG) Viewer, Security Content Automation Protocol (SCAP), Xylok, etc and active evaluations such as vulnerability assessments utilizing Assured Compliance Assessment Solution (ACAS).
Establish/adhere to strict program control processes to ensure mitigation of risks and supports obtaining Assessment & Authorization (A&A) of systems.
Support program test milestones through pre-test preparations, participating in the tests, analysis of the results, and preparation of required artifacts supporting authorization.
Assist the program test team in identifying where cybersecurity requirements may be inhibiting mission requirements and develop/recommend solutions that balances the overall risk to the system and mission requirements.
Assist in the implementation of the required government policy (i.e., NISPOM, NIST), making recommendations on process tailoring, participating in and documenting process activities.
Perform assessments of non-technical Risk Management Framework (RMF) artifacts received as Government Furnished Information, identify where those artifacts deviate RMF control requirements, and draft Deficiency Reports.
Lead the cybersecurity analysis and draft Courses of Actions for government approval. This is achieved through a thorough understanding of routing and switching, firewalls, IP, timing sources, and other cybersecurity technologies.
Manage/Perform ?lock-down? of systems to include STIG settings, patch updates, Information Assurance Vulnerability Alerts (IAVA), Information Assurance Vulnerability Bulletins (IAVB), Time Compliance Network Orders (TCNO), and Time Compliance Technical Orders (TCTO)
Perform analyses to validate established cybersecurity controls and requirements and recommend cybersecurity safeguards.
Oversee/prepare/update eMASS Test Results, Authorization Boundary Diagrams (ABD), Network Topologies, Flow-diagrams, Hardware and Software listings, Ports, Protocols, and Services Management documentation, and Plan of Actions and Milestones (POA&M) supporting regular updates to eMASS packages and Continuous Monitoring activities.
?Active Secret clearance required to start
Current CISSP certification (DoD Approved 8570 Baseline; IAM Level II) required to start
Security engineering skills with a thorough understanding of routing and switching, firewalls, IP, timing sources, and other cybersecurity technologies
Understanding and application of DoD/Federal cybersecurity policy (i.e., DoDI 8500.01, NIST SP 800-53, etc.).
Thorough knowledge and experience working with Enterprise Mission Assurance Support Service (eMASS)
Thorough understanding and previous experience working in an Agile framework.
Experience with Software Assurance (SwA) static and dynamic code analysis
Experience with Security Information and Event Management (SIEM) solutions (e.g. QRadar/LogRhythm)
Experience with Host Based Security System (HBSS)
Experience with Windows and Linux servers
About Caribou Thunder
Caribou Thunder is an established Department of Defense contractor with over 15 years of experience delivering global engineering programs. We offer industry leading salaries as well as world class benefits including Medical, Dental, Vision, Life Insurance, Disability Insurance, Health Savings Plans, and 401k offerings. We offer challenging and exciting work opportunities with growth potential, within several Department of Defense contracts and have a turnover level much lower than industry averages due to our tradition of serving our employees with the highest level of support. Caribou Thunder Engineering Services is pleased to be an Equal Opportunity/Affirmative Action Employer, in which hiring decisions are made without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. United States citizenship is a requirement for all positions.