Command Cyber Readiness Inspection (CCRI) Compliance Analyst (Job Number:409956)
SAIC currently has a contingency position for a Command Cyber Readiness Inspection (CCRI) Analyst to support the United States Cyber Command (USCYBERCOM) at Fort Meade, Maryland.
The Command Cyber Readiness Inspection (CCRI) Program is a rigorous inspection-oriented process designed to validate security compliance across the DODIN. The intent of the inspection program is to establish a framework to enforce security control compliance for DoD components and senior command accountability. This process is accomplished by utilizing following capabilities to determine risks of non-compliance assets: Network Infrastructure (e.g. Network Intrusion Detection System (NIDS), Host Intrusion Detection System (HIDS), routers, switches, and firewalls), Network Vulnerability Scanning, e.g. vulnerability patching, Domain Name System, Traditional Security (e.g. Physical security), HBSS, Continuous Monitoring, Cross Domain Solutions (CDS), Releasable Networks, and Wireless Technologies. This task requires expertise and understanding of DCO mitigation and remediation strategies related to CCRI deficiencies, emerging threats, vulnerabilities, and inspection findings.
Daily activities include:
- Provide and maintain situational awareness of CCRI inspection results and mitigation status to include identification of key issues and priorities affecting the defense of the DODIN
- Provide USCYBERCOM guidance to DoD Components for DCO mitigation and remediation strategies related to CCRI deficiencies, emerging threats, vulnerabilities, and inspection findings
- Acquire threat and vulnerability data for inspected site and its geographical Area of Responsibility (AOR) to determine mitigation and remediation strategies
- Maintain weekly situational awareness of threat activity directed toward DoD Components, Cleared Defense Contractors (CDC's), and non-DoD Federal Organizations
- Analyze and evaluate mitigation/remedial action plans of inspected sites
- Develop Situational Awareness Reports (SAR) and USCYBERCOM orders and directives
- Participate in technical working groups and discussions and provide technical recommendations with appropriate COAs
- Analyze threats and vulnerabilities of DODIN assets based on aggregated CCRI data, and develop recommended actions to significantly improve the readiness and defensive posture of DODIN
- Identify systemic causes of inspection/assessment failures and develop recommended courses of corrective actions to increase defensive posture of the DODIN
- Provide analytical support to the CCRI process by reviewing CCRI results, operational reporting, and USCYBERCOM Threat Mitigation Framework (TMF)
- Coordinate inspection results with USCYBERCOM Staff elements and Service Cyber Centers
- Provide input to the development of DoD and USCYBERCOM policies, processes, procedures and operations. Possess and maintain cognizance of national-level cyber security policies, plans, processes, and coordination procedures
- Establish and maintain working relationship with the Intelligence, Law Enforcement, and Homeland Defense Communities
- Analyze and report on technical issues of current and future DoD plans, programs, policies, and activity related to the assessment of the DODIN
- Identify shortfalls and capability gaps in DoD, USCYBERCOM, Defense Security Service (DSS), and Department of Homeland Security (DHS) policies and guidance
- Analyze implementation plans and policies; analysis shall be specific to DOD but include familiarity with National Industrial Security Program (NISP) and National Institute of Standards and Technology (NIST) cybersecurity requirements and leverage industry and/or academia methods for addressing current and emerging cyberspace requirements
- Provide technical analysis, develop and assess current DODIN plans and policies supporting cybersecurity assessments, to include emerging technologies
- Assist the Government in providing collaborative mission support with Joint Staff, NSA, DISA, Services, and other DoD components deemed essential working groups in assessing, prioritizing and developing guidance for the DoD-wide implementation plans for the cybersecurity Strategy
- Develop white papers, briefs and analysis reports. All products shall include clear, concise summaries of complex technical concepts suitable for presentation to senior leaders.
- Minimum five (5) years of experience with cybersecurity or information assurance.
- Creation and dissemination of orders and directives to provide guidance to the DoD community.
- Staff experience researching and writing white papers, compliance reports and assessment reports in support of activities for defining policy.
- Ability to develop briefing materials, administrative, and logistics support.
- Excellent writing skills and ability to communicate effectively, including public speaking, and briefing senior officers.
- Proficiency in the use of Microsoft Office Suite.
- Vulnerability Management
- Nessus Vulnerability Scanner
- DIACAP Experience
- Microsoft Server or Red Hat Linux Enterprise Server
- Bachelor's Degree or higher from an accredited college or university in Computer Science, Cybersecurity, Computer Engineering, or related discipline
- Master's Degree may be substituted for two (2) years of relevant experience
- DoD 8570 Level II Information Assurance Certification is required
TRAVEL AND SECURITY: CONUS/OCONUS; TS/SCI with Polygraph
SAIC Overview:SAIC is a leading provider of technical, engineering and enterprise information technology services to the U.S. government. Our 13,000 employees deliver systems engineering and information technology offerings for large, complex government programs, as well as a broad range of higher-end, differentiated technology services. The company is headquartered in McLean, Va. For more information, visit www.saic.com.
EOE AA M/F/Vet/Disability
Job Posting: Apr 10, 2015, 10:35:30 AM
Primary Location: United States-MD-FORT GEORGE G MEADE
Clearance Level Must Currently Possess: Top Secret/SCI with Polygraph
Clearance Level Must Be Able to Obtain: None
Potential for Teleworking: No
Shift: Day Job