Overview
This position description is subject to change at any time as needed to meet the requirements of the program or company.
Working across the globe, V2X builds smart solutions designed to integrate physical and digital infrastructure from base to battlefield.
We bring 120 years of successful mission support to improve security, streamline logistics, and enhance readiness. Aligned around a shared purpose, our $3.
9B company and 16,000 people work alongside our clients, here and abroad, to tackle their most complex challenges with integrity, respect, responsibility, and professionalism.
V2X is seeking a motivated & dynamic Senior Cyber Security Subject Matter Expert (SME) to serve as a Key Technical Staff Leader in supporting the Army’s Global Cyber Center (GCC).
In this role, candidate applies deep organizational, technical, and analytical skills to protect and defend US Army Department of Defense (DoD) Information Network (DoDIN) resources.
Builds and scales projects to detect vulnerabilities, mitigate threats and improve cybersecurity posture to ensure DoDIN operational capabilities are protected.
This role requires a strong mix of Information Technology (IT), cybersecurity, people and process management and analytical problem-solving skills.
Requires an active Secret (T5) clearance and meeting Cyber Security Workforce requirements.
Responsibilities
Major Job Activities :
SME in performing cyber security services to aid the Government in securing DODIN-A information systems and networks as dictated by AR 25-2, AR 380-5 and all other applicable DoD, Army and GCC security policies and procedures, Lead and prepare for various inspection efforts such as Cyber Operational Readiness Assessment (CORA).
Cybersecurity Service Provider (CSSP) Inspections, Security Assistance Visits (SAVs).
- Lead auditing of services, access, usage, etc., as outlined in existing policy and regulatory guidance.
- Lead and organize system authorization / Risk Management Framework (RMF) documentation and maintenance, and CSSP documentation and maintenance, as well as documenting and reviewing annually all established security processes.
- Establish and maintain a vulnerability management plan to formalize an approach in maintaining, enhancing, and verifying the security posture of the network.
- Oversees monthly vulnerability scans and guides coordination of any findings with system and / or network owners for corrective action.
- Create / Update / Track POA&M items associated with open STIG and Scan vulnerability results.
- Responsible for ensuring team members use IAVMs and other published guidance for vulnerability tracking and remediation.
- Shall also assist and report any IAVA impact statements, extensions requests, scorecards, and compliance reporting.
- Responsible for enforcing and reporting audits to monitor network controls, access, usage, unauthorized software, anti-virus definitions, etc.
to verify the security posture of the network.
- Responsible for reviewing and reporting any security breaches, to include virus reports, spillage, security leaks, or password compromise.
- Oversees the execution of management services for all accounts, credentials, badges, and network access for all GCC employees, ensuring accounts, credentials, and badges are solely issued on the identified employee function and verification of the certification / training necessary to provide required access.
- Lead and organize Whitelisting Registrar efforts for all ARMY JFHQ DoDIN commercial access points within the boundaries of GCC.
- Knowledge of computer networking concepts and protocols, and network security methodologies.
- Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
- Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.
- Knowledge of cybersecurity principles.
- Knowledge of cyber threats and vulnerabilities.
- Knowledge of specific operational impacts of cybersecurity lapses.
- Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).
- Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.
Material & Equipment Directly Used :
Basic Office Equipment.
Working Environment :
- Normal office environment.
- May require support during periods of non-traditional working hours including nights or weekends.
Physical Activities :
Must be able to lift / push / pull 40 lbs. unassisted.
Qualifications
Education / Certifications :
This position supports DCWF Work Role 722 (Advanced) and accordingly per DoD 8140.03 the candidate must be Certified in Governance, Risk, and Compliance (CGRC) (formerly Certified Authorization Professional (CAP) certification), OR one of the following DCWF requirements :
DCWF 722
OR DOD / Military Training
OR Certification
DoD / Military Training 4C-FA26A or M09CHN1 or A-531-0009 or A-531-0045 or ACQ 160 + ISA 220)
CISM or CISSO or FITSP-M or GCIA or GCSA or GCIH or GSLC or GICSP or CISSP-ISSMP or CISSP
- U.S. citizenship is required.
- Active DoD Secret with T5 Investigation Security Clearance.
- ITIL Foundations certification desired upon hire, required within three months of hiring date.
Experience / Skills :
- Five (5) years applicable experience. Strong verbal, written, and interpersonal communication skills.
- Ability to work independently as well as cooperatively in a team-oriented environment.
- Ability to communicate effectively, both orally and in writing with other IT professionals and end users and be able to present briefings to executive staff.
- Ability to work on multiple priorities and / or projects simultaneously, routinely multitasking and reassigning priorities.
- ACAS, eMASS, HBSS, WSUS.
Supervisory / Budget Responsibilities :
Acts in a technical based supervisory capacity.
We are committed to an inclusive and diverse workplace that values and supports the contributions of each individual. This commitment along with our common Vision and Values of Integrity, Respect, and Responsibility, allows us to leverage differences, encourage innovation and expand our success in the global marketplace.
V2X is an Equal Opportunity / Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, national origin, protected veteran status or status as an individual with a disability.
EOE / Minority / Female / Disabled / Veteran.
Education / Certifications :
This position supports DCWF Work Role 722 (Advanced) and accordingly per DoD 8140.03 the candidate must be Certified in Governance, Risk, and Compliance (CGRC) (formerly Certified Authorization Professional (CAP) certification), OR one of the following DCWF requirements :
DCWF 722
OR DOD / Military Training
OR Certification
DoD / Military Training 4C-FA26A or M09CHN1 or A-531-0009 or A-531-0045 or ACQ 160 + ISA 220)
CISM or CISSO or FITSP-M or GCIA or GCSA or GCIH or GSLC or GICSP or CISSP-ISSMP or CISSP
- U.S. citizenship is required.
- Active DoD Secret with T5 Investigation Security Clearance.
- ITIL Foundations certification desired upon hire, required within three months of hiring date.
Experience / Skills :
- Five (5) years applicable experience. Strong verbal, written, and interpersonal communication skills.
- Ability to work independently as well as cooperatively in a team-oriented environment.
- Ability to communicate effectively, both orally and in writing with other IT professionals and end users and be able to present briefings to executive staff.
- Ability to work on multiple priorities and / or projects simultaneously, routinely multitasking and reassigning priorities.
- ACAS, eMASS, HBSS, WSUS.
Supervisory / Budget Responsibilities :
Acts in a technical based supervisory capacity.
We are committed to an inclusive and diverse workplace that values and supports the contributions of each individual. This commitment along with our common Vision and Values of Integrity, Respect, and Responsibility, allows us to leverage differences, encourage innovation and expand our success in the global marketplace.
V2X is an Equal Opportunity / Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, national origin, protected veteran status or status as an individual with a disability.
EOE / Minority / Female / Disabled / Veteran.
Major Job Activities :
SME in performing cyber security services to aid the Government in securing DODIN-A information systems and networks as dictated by AR 25-2, AR 380-5 and all other applicable DoD, Army and GCC security policies and procedures, Lead and prepare for various inspection efforts such as Cyber Operational Readiness Assessment (CORA).
Cybersecurity Service Provider (CSSP) Inspections, Security Assistance Visits (SAVs).
- Lead auditing of services, access, usage, etc., as outlined in existing policy and regulatory guidance.
- Lead and organize system authorization / Risk Management Framework (RMF) documentation and maintenance, and CSSP documentation and maintenance, as well as documenting and reviewing annually all established security processes.
- Establish and maintain a vulnerability management plan to formalize an approach in maintaining, enhancing, and verifying the security posture of the network.
- Oversees monthly vulnerability scans and guides coordination of any findings with system and / or network owners for corrective action.
- Create / Update / Track POA&M items associated with open STIG and Scan vulnerability results.
- Responsible for ensuring team members use IAVMs and other published guidance for vulnerability tracking and remediation.
- Shall also assist and report any IAVA impact statements, extensions requests, scorecards, and compliance reporting.
- Responsible for enforcing and reporting audits to monitor network controls, access, usage, unauthorized software, anti-virus definitions, etc.
to verify the security posture of the network.
- Responsible for reviewing and reporting any security breaches, to include virus reports, spillage, security leaks, or password compromise.
- Oversees the execution of management services for all accounts, credentials, badges, and network access for all GCC employees, ensuring accounts, credentials, and badges are solely issued on the identified employee function and verification of the certification / training necessary to provide required access.
- Lead and organize Whitelisting Registrar efforts for all ARMY JFHQ DoDIN commercial access points within the boundaries of GCC.
- Knowledge of computer networking concepts and protocols, and network security methodologies.
- Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
- Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.
- Knowledge of cybersecurity principles.
- Knowledge of cyber threats and vulnerabilities.
- Knowledge of specific operational impacts of cybersecurity lapses.
- Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).
- Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.
Material & Equipment Directly Used :
Basic Office Equipment.
Working Environment :
- Normal office environment.
- May require support during periods of non-traditional working hours including nights or weekends.
Physical Activities :
Must be able to lift / push / pull 40 lbs. unassisted.