8-koi is currently pursuing an opportunity that would support NAWCTSD in the Acquisition and Management of Navy Training Services, in Orlando, FL. This contract will provide support to overarching programs including; Aviation Platforms, Sea Platforms, Undersea Platforms, Schools, Research as well as other programs that fall under NAWCTSD Program Directorates or Competencies.
We are currently targeting an award date in late 2019 with Contract Transition to begin in early 2020. As is typical in the Government Contracts Arena, Incumbent (current) employees that fit the skill set and compensation metrics, with a successful performance record will be given first right of refusal to retain employment on this contract while new applicants will be considered for all position on an as needed basis.
Please review all opportunities that are listed and apply to any/all positions that match your skill set. For further information or any questions please reach out to firstname.lastname@example.org.
Systems Security Team:
The 8-koi team will execute duties under the direction of the Local Cybersecurity Authority (ISSM) and must be proficient or have a level of understanding on DoD information system security tools such as Security Content Automation Protocol (SCAP) Compliance Checker, Assured Compliance Assessment Solution (ACAS), and Host Based Security System (HBSS). The successful employee(s) duties will include, but are not limited to the following work:
a. Apply security policies to meet security objectives of the system and security architecture principles to meet organization's confidentiality, integrity, and availability requirements.
b. Apply security policies to applications that interface with one another, such as Business-to-Business (B2B) applications.
c. Develop procedures and test fail-over for system operations transfer to an alternate site based on system availability requirements.
d. Analyze and report system and organizational security posture trends.
e. Ensure all systems security operations and maintenance activities are properly documented and updated as necessary.
f. Ensure application of security patches for commercial products integrated into system design meet the timelines dictated by the management authority for the intended operational environment.
g. Ensure cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level.
h. Assess and apply adequate access controls based on principles of least privilege and need-to-know.
i. Ensure the execution and analysis Disaster Recovery and Continuity of Operations.
j. Implement security measures to resolve vulnerabilities, mitigate risks and recommend security changes to system or system components as needed
k. Ensure the integration and implementation of Cross-Domain Solutions (CDS) in a secure environment.
l. Integrate automated capabilities for updating or patching system software where practical and develop processes and procedures for manual updating and patching of system software based on current and projected patch timeline requirements for the operational environment of the system.
m. Mitigate/correct security deficiencies identified during security assessments and/or recommend risk acceptance for the appropriate senior leader or authorized representative.
n. Assess and monitor cybersecurity related to system implementation and testing practices. Verify minimum security requirements are in place for all applications.
o. Perform cybersecurity assessment of developed applications and/or systems.
p. Perform security reviews, identify gaps in security architecture, and develop a security risk management plan.
q. Plan and recommend modifications or adjustments based on exercise results or system environment.
r. Properly document all systems security implementation, operations and maintenance activities and update as necessary.
s. Provides cybersecurity recommendations to leadership based on significant threats and vulnerabilities.
t. Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures and maintenance training materials).
u. Work with stakeholders to resolve computer security incidents and vulnerability compliance.
v. Provide advice and input for Disaster Recovery, Contingency, and Continuity of Operations Plans.
w. Assess the effectiveness of security controls and risks associated with changes to the approved systems configuration.
x. Use DoD, DoN and NAVAIR specific published documents to manage operations of their device(s).
y. Develop and maintain the RMF Assess and Authorize documentation required to achieve an Authorization to Operate (ATO).
z. Develop and administer data retention and recovery program within device.
aa. Develop procedures to ensure system users are aware of their CS responsibilities before granting access to DoD information systems.
bb. Manage protective or corrective measures when an CS incident or vulnerability is discovered.
cc. Run vulnerability assessment tools; ACAS, SCAP, STIG Viewer periodically to test and maintain the device security posture.
dd. Ensure that RMF Annual Reviews and cybersecurity inspections, tests, and reviews are coordinated with all key stakeholders.
ee. Notify the ISSM when changes occur to the approved system configuration including; adding or removing other components to the devices. Follow configuration management procedures.
ff. Report security incidents to the ISSM in accordance with DoN policies and the device Incident Response Plan (IRP).
gg. Ensure support for security alert requirements to address device vulnerabilities and ensure security patches are installed, as appropriate. Develop and implement Vulnerability Management Plan.
hh. Ensure users of the device are provided appropriate security training and have signed a System Account Access Request-Navy (SAAR-N) form before granting access to the device. Ensure annual refresher security training is provided
ii. Ensure privileged users (i.e. System Administrators) of the device are provided have received Privilege Access Agreement (PAA) and are in compliance with SECNAV M-5239.2.
8-Koi and, its wholly owned subsidiary, CDE are Equal Opportunity Employers. 8-Koi and CDE do not discriminate on the basis of race, religion, color, sex, gender identity, sexual orientation, age, non-disqualifying physical or mental disability, national origin, veteran status or any other basis covered by appropriate law. All employment is decided on the basis of qualifications, merit, and business need.