Founded in 2009, RSC2, Inc. is a Small Business Administration (SBA) Certified HUBZone Professional Services company headquartered in Baltimore, Maryland. RSC2 provides breakthrough expertise, support services, and technologies to make operations, programs and systems of record perform better. Our professional staff is trained to provide world-class services to all types of customers. We uphold the integrity and quality of our work so you can expect only the best from us.
We are looking for a Cybersecurity Specialist to join our growing team!
Team (Project) Introduction
The ISSE project provides system security engineering expertise in support of VA IT applications and infrastructure. This includes project management, risk management, strategic planning support for enterprise systems and modernization as well as implementation, cloud services support, technical analysis of documentation, publications and handbooks, technical analysis of new policies and emerging technologies to include implementation and training support, systems integration and implementation to include the analysis of program security deficiencies and application integration monitoring through the governance process, multimedia communications and outreach, operations and services support, information and cybersecurity training, administrative support, follow the product line management (PLM) process, Assessment and Authorization support, and system security engineering support. We are responsible for promoting security as part of the system engineering development life cycle and required engineering activities.
Functional Job (LCAT) Information:
This risk management team performs system security analysis and delivers a System Risk Assessment Report to the Authorizing Official (AO) for each system that will enable OIS and the VA to make informed risk-based decisions regarding the accreditation of systems. This team supports the VA’s Enterprise Security Architecture (ESA) Enterprise Security Risk Assessment Model (ESRAM) with developing questions and metrics to support the risk scoring development process. Part of the risk assessment is to identify and label each systems data security categorization level following the NIST RMF standards.
Responsibilities:
Implement the cybersecurity requirements of IT systems and applications documenting them in formal security engineering documents using Risk Management Framework and supporting artifacts associated with risk assessments.
Ability to perform security analysis to determine gap, compensating/mitigating controls, and residual risk
Identify security risks through the security impact analysis, system risk assessments and technology security risk reports.
Implement IT security solutions and assures successful implementation
Apply knowledge of security principles, policy, and regulations to daily tasking
Conduct security compliance evaluations on IT products using all source analysis, test lab, and apply test results to create secure configuration guidelines and baselines.
Analyze security evaluation tools results from Tenable Nessus, Nmap, Wireshark and Metasploit
Assess operating system and security configuration guideline into images for IT products initialization and deployment within the infrastructure
Apply knowledge of security principles, policy, and regulations to daily tasking
Experience working in the FedRAMP cloud environment understanding IaaS, PaaS, and SaaS regarding cloud service provider security control responsibilities and customer responsibilities
Organize, develop, and present security briefings, written summaries, and written reports incorporating narrative, tabular and/or graphic elements on security assessments, whitepapers relating to computer and network security technologies and tools.
Effectively and efficiently communicate and collaborate with external and internal customers of any hardware and software configuration changes that adversely affect any current system security and their configurations or violates policy
Other responsibilities as assigned
Requirements:
Bachelor’s Degree or higher in computer science, electronics engineering, or other engineering or technical discipline
5 years of cybersecurity and cloud security experience (3 year at a government agency)
One or more of the following: IAT II, IAM II or IASAE II certifications
Must be authorized to work for any employer in the U.S
Must be able to obtain and maintain the required security clearance
Preferred/Desired:
Familiarity with VA Directive 6500 and VA Knowledge Service
Experience working in the FedRAMP cloud environment understanding IaaS, PaaS, and SaaS regarding cloud service provider security control responsibilities and customer responsibilities
Clearance, background investigation: Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information.
Work Location: Aberdeen, MD Employment Type: Full-time, Salary-Exempt Benefits Package: We offer a top tier benefits package which includes medical, dental, vision, PTO, employer matching retirement plan, and more!
We are an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other protected characteristic. The EEO is the Law poster is available here.