Founded in 2009, RSC2, Inc. is a Small Business Administration (SBA) Certified HUBZone Professional Services company headquartered in Baltimore, Maryland. RSC2 provides breakthrough expertise, support services, and technologies to make operations, programs and systems of record perform better. Our professional staff is trained to provide world-class services to all types of customers. We uphold the integrity and quality of our work so you can expect only the best from us.
Team (Project) Introduction
The ISSE project provides system security engineering expertise in support of VA IT applications and infrastructure. This includes project management, risk management, strategic planning support for enterprise systems and modernization as well as implementation, cloud services support, technical analysis of documentation, publications and handbooks, technical analysis of new policies and emerging technologies to include implementation and training support, systems integration and implementation to include the analysis of program security deficiencies and application integration monitoring through the governance process, multimedia communications and outreach, operations and services support, information and cybersecurity training, administrative support, follow the product line management (PLM) process, Assessment and Authorization support, and system security engineering support. We are responsible for promoting security as part of the system engineering development life cycle and required engineering activities.
RSC2 is looking for Level 4H, Hybrid Manager, Sr. Cyber Security Engineer to join this team.
Professional Level Information:
A Hybrid Manager at RSC2 accomplishes department objectives by managing staff and processes and evaluating department activities. Focuses on leading a team and working hands-on with projects involving technology. Hybrid Managers require skills and qualifications such as exceptional leadership, communication and interpersonal skills.
Functional Job Information:
As the Director of Cyber Security Operations for RSC2, you will help build and our Cyber Security Center of Excellence (COE). This COE will define and standardize the cutting edge best practices our project teams follow in the delivery of high quality Cyber Security Services to all of our customers. Develop Cyber security training plans and curriculums to ensure our Cyber Security Subject Matter Experts maintain their certifications and stay ahead of trends in the industry. Will work in close coordination with the Business development team to help identify growth opportunities on current contracts and develop responses to new opportunities that will help distinguish RSC2 from our competitors and elevate our reputation as experts in cyber security operations. Additionally, this role will also fulfill a team lead role on the ISSE contract. The ISSE Team provides advisory and engineering activities to the VA Offices in an effort to incorporate security throughout the entire system development lifecycle, from inception to decommission. This work includes defining system security engineering requirements in networking, cloud computing, software development and applications, and identity and access management. Providing technical security engineering support services to OIS throughout the SDLC including concept planning, development and sustainment lifecycle for ATO. Additionally, the team analyzes and recommends integrated system security engineering activities and processes, which shall encompass security requirements, controls, critical milestones, roles, and responsibilities. Performing security assessments in accordance with VA and NIST guidelines, data and risk management categorizations, as well as baseline support to ensure VA compliance with both VA and federal security requirements as well as the OIG.
- Implement the cybersecurity requirements of IT systems and applications documenting them in formal security engineering documents using Risk Management Framework and supporting artifacts associated with risk assessments.
- Expertise in cybersecurity engineering requirements and authorizations (FedRAMP/RMF) into systems and applications.
- Ability to perform security analysis to determine gap, compensating/mitigating controls, and residual risk
- Identify security risks through the security impact analysis, system risk assessments and technology security risk reports.
- Implement IT security solutions and assures successful implementation
- Apply knowledge of security principles, policy, and regulations to daily tasking
- Conduct security compliance evaluations on IT products using all source analysis, test lab, and apply test results to create secure configuration guidelines and baselines.
- Analyze security evaluation tools results from Tenable Nessus, Nmap, Wireshark and Metasploit
- Assess operating system and security configuration guideline into images for IT products initialization and deployment within the infrastructure
- Apply knowledge of security principles, policy, and regulations to daily tasking
- Expertise working in the FedRAMP cloud environment understanding IaaS, PaaS, and SaaS regarding cloud service provider security control responsibilities and customer responsibilities in the design, security, development, systems engineering, and implementation efforts.
- Organize, develop, and present security briefings, written summaries, and written reports incorporating narrative, tabular and/or graphic elements on security assessments, whitepapers relating to computer and network security technologies and tools.
- Effectively and efficiently communicate and collaborate with external and internal customers of any hardware and software configuration changes that adversely affect any current system security and their configurations or violates policy
- Expertise in Federal Assessment and Authorization (A&A) and Authorization to Operate (ATO) activities, as well as NIST, FISMA, and VA policies, processes, and standards.
- Lead a team of cybersecurity engineers in daily management activities.
- Maintain, manage, and track deliverables for program task area.
- Perform annual performance appraisals.
- Other responsibilities as assigned
- Bachelor’s Degree or higher in Business Administration, Business Management, Cybersecurity, Computer Science, Information Systems, Information Assurance, Information Security, Information Resource Management, or related fields.
- 10+ years of Information Security work experience; 5 years of which in cybersecurity and cloud security experience at a government agency.
- One or more of the following: IAT III, IAM III or IASAE III certifications
- Must be authorized to work for any employer in the U.S
- Must be able to obtain and maintain the required security clearance
- Familiarity with VA Directive 6500 and VA Knowledge Service
- Experience working in the FedRAMP cloud environment understanding IaaS, PaaS, and SaaS regarding cloud service provider security control responsibilities and customer responsibilities
- CISSP, CISA, CISM, CCNP, CISSP-ISSAP, CISSP-ISSEP, CASP-CE
Clearance, background investigation:
Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information.
This position offers remote flexibility. RSC2 reserves the right to adjust work location based upon mission requirements.
All positions will require successful candidates to obtain and show proof of a COVID-19 vaccination (or medical/religious exemption) on the first day of employment. RSC2 is an equal opportunity employer and will provide reasonable accommodation to those individuals who cannot be vaccinated.
We’re an equal employment opportunity/affirmative action employer that empowers our people to fearlessly drive change – no matter their race, color, ethnicity, religion, sex (including pregnancy, childbirth, lactation, or related medical conditions), national origin, ancestry, age, marital status, sexual orientation, gender identity and expression, disability, veteran status, military or uniformed service member status, genetic information, or any other status protected by applicable federal, state, local, or international law. firstname.lastname@example.org