Lead Information Assurance SME

Empower AI is AI for government. Empower AI gives federal agency leaders the tools to elevate the potential of their workforce with a direct path for meaningful transformation. Headquartered in Reston, Va., Empower AI leverages three decades of experience solving complex challenges in Health, Defense, and Civilian missions. Our proven Empower AI Platform® provides a practical, sustainable path for clients to achieve transformation that is true to who they are, what they do, how they work, with the resources they have. The result is a government workforce that is exponentially more creative and productive. For more information, visit www.Empower.ai.

Empower AI is proud to be recognized as a 2022 Military Friendly Employer by Viqtory, the publisher of G.I. Jobs. This designation reflects the company’s commitment to hiring and supporting active-duty and veteran employees.

Empower AI: As the Lead Information Assurance SME, you will be a key member of the Empower AI team providing support to the Defense Information Systems Agency (DISA) Joint Service Provider (JSP) on the Platform Services contract. JSP operates and defends the Department of Defense’s (DOD) key cyber terrain and provides information technology (IT) services to Pentagon and National Capital Region (NCR) customers. For Platform Services, Empower AI will provide an integrated, structured approach to operating, managing, and maintaining the JSP-supported infrastructure across all managed platforms, as well as assist in defining requirements for future upgrades and enhancements based on operational and customer trends. We will provide a unified approach to managing server, storage, and application resources (to include virtualized applications) at an enterprise level. In order to drive standardization in the hosting environment, Empower AI will assist customers, both external and internal, by moving applications to the JSP IT environments. This will allow JSP to offer services and infrastructure to customers via a Platform as a Service model, Infrastructure as a Service (IaaS) model, Desktop as a Service (DaaS) model, or at minimum, limit application deployments only to standardized servers.

Highlights of Responsibilities:

• Serve as the knowledge expert of all security related aspects of the JSP computing environment.
• Provide expertise implementing and maintaining security postures within complex network architectures.
• Provide expertise in Defense in Depth concepts supporting DoD infrastructures, C&A, physical and personnel security concepts.
• Provide the appropriate level of confidentiality, integrity, availability, authentication, and non-repudiation IAW DoD 8500.01, DoD 8500.2, Chairman of the Joint Chiefs of Staff Manual (CJCSM) 6510.01, NIST 800-37 Risk Management Framework, NIST 800-137 Information Security Continuous Monitoring, as well as local security policies created and enforced by JSP’s Cyber Security Center.
• Work in support of other JSP customer organizations to integrate and automate IA solutions.
• Establish a robust security posture for JSP IT environments by independently identifying vulnerabilities, remediating found vulnerabilities, and improving processes to maintain a robust security posture as it pertains to the Information System (IS) vulnerability management.
• Ensure that all managed assets are compliant and communicating with all required security tools, such as HBSS, ACAS, Splunk, Tanium and SCCM.
• Provide System/Windows updates. Support all versions of the JSP standard image security updates and policies to include technology enhancements, upgrades, and/or replacements and address security vulnerabilities as prescribed by DoD orders which include U.S.Cyber Command (USCYBERCOM), JFHQ DODIN and DISA.
• Provide computer security response support. Provide immediate response in the investigation of computer security incidents deemed to originate from the Platform Services in line with CJCSM 6510.01.
• Ensure all assets supported by JSP are fully compliant with JFHQ-DODIN OPORDS, TASKORDs (10-12 a month), IAVM notifications and STIG requirements per published compliance dates.
• Provide compliance support. Ensure all assets supported by JSP are fully compliant with JFHQ-DODIN OPORDS, TASKORDs (10-12 a month), IAVM notifications and STIG requirements per published compliance dates.
• Provide compliance with IA, Hardware, Software, Procedural, Physical, and Personnel Security Inspections Support. Assist the Government Security/IA Manager(s) in the development, implementation, and execution of a facility-wide, fully compliant security program for all aspects of Physical Security, Personnel Security, IA Security, Communications Security, and Government-required compliance monitoring, reporting, and tracking.
• Provide RMF program and processes that enables system owners to ensure systems are compliant and operating under appropriate security and assurance controls for the full system lifecycle.
• Support the Connection Approval Program (CAP), A&A Support and Tenant Security Plan (TSP). Support all activities needed to obtain A&A on all the tenant networks, equipment, and systems at all classification levels with the JSP IT platform services and hosted levels.

Minimum Requirements:

• Bachelor of Science in Information Technology Security Management, telecommunications, management information systems, and 2 - 7 years of documented experience relevant to this key position.
• Information Assurance (IA) Certification: DoDI 8570 IAM II certification.
• Computing Environment (CE) Certification: Not required.
• Top Secret security clearance.
• Proven experience implementing and maintaining security postures within complex network architectures.
• Possess knowledge of Defense in Depth concepts supporting DoD infrastructures, C&A, physical and personnel security concepts.
• Demonstrated ability for oral and written communication with the highest levels of management.
• Experience in a DoD Technology environment.
• Experience/knowledge of the DoD IAVM programs.
• Knowledge of the DISA VMSand CMRS.
• Knowledge of the Army Automated Vulnerability Tracking & Reporting (AVT&R) System.
• Knowledge of the DoD vulnerability scanning requirements utilizing DOD DRSI Standards and Tools.
• Experience in FISMA, OMB, DoD IG Inspection, ACA, and other accreditation and certification programs.
• Knowledge of the Defense in Depth concepts and implementation.
• Knowledge of physical and personal security experience.
• Knowledge of A&A processes RMF NIST SP-800-37.
• Knowledge of NIST SP 800-53R Common Control documentation and validation.
• Knowledge of Incident Response, Auditing, and CNDSP.
• Knowledge of and comprehension on how to implement 8570.01-M./DoD 8140.
• Demonstrated ability for oral and written communication with the highest levels of management

Preferred Qualifications:

• ITILv4 certification

Physical Requirements:

• Sitting for long periods
• Standing for long periods
• Ambulate throughout an office
• Ambulate between several buildings
• Stoop, kneel, crouch, or crawl as required
• Travel by land or air transportation 25% or less

It is the policy of Empower AI to provide equal opportunity in recruiting, hiring, training, and promoting individuals in all job categories without regard to race, color, religion, national origin, gender, age, disability, genetic information, veteran status, sexual orientation, gender identity, or any other protected class or category as may be defined by federal, state, or local laws or regulations. In addition, we affirm that all compensation, benefits, company-sponsored training, educational assistance, social, and recreational programs are administered without regard to race, color, religion, national origin, gender, age, disability, genetic information, veteran status, sexual orientation, or gender identity. It is our firm intent to support equal employment opportunity and affirmative action in keeping with applicable federal, state, and local laws and regulations.  Empower AI is a VEVRAA Federal Contractor.