Cyber Security Specialist

Are you a cyber security professional skilled at securing information systems? Are you confident in leading a CSP through FedRAMP ATO processes? Are you confident in your ability to advise and recommend security solutions and policies to leaders?

If this sounds like you, we've got the perfect job!

At JJR we build partnerships with clients to elevate their organization's performance. Whether it's enhancing the technical capability of our nation's defense systems or advancing research and development for Veteran healthcare, our collaborations have a resounding impact on our communities and nation.

Customer Mission Success is JJR's world-class service delivery organization. Through laser focus on the client, we ensure flawless execution. We act as customer partner, trusted advisor, capability builder, innovation leader, and results driver.

Currently, we are seeking a proven cyber security professional who will work with the development team to establish a robust security foundation, manage risk, and implement proactive measures to protect new technology solutions to optimize health outcomes for Veterans.

Sound interesting? Keep reading!?

Why you should work with us.

First and foremost, we care deeply about every member of our JJR family and as a company, we are inspired by something greater than ourselves. Second you will play a vital role in building lasting partnerships with clients to advance their performance and create high-impact, meaningful value. Finally, culture is kind of our thing; we are committed to the well-being of each employee.

Need proof? It's in the pudding. Here is what people are saying!

• "JJR is one of the best companies I have worked with (for) in the past 20 years." - Anonymous employee feedback from internal engagement surveys
• "I feel JJR does a very good job of hiring people who will work well in the group dynamic - people who share the same work ethic and values, which makes for working together to be much easier and more enjoyable." - Anonymous employee feedback from internal engagement surveys

We value feedback, but we think you should come see for yourself!

You in? Here are the details.

Title: Cyber Security Specialist

Location: Dayton, Remote position

Classification: Salary, Exempt

Travel: <15%

Security Requirement: Must be able to provide a favorable background check and National Agency Check with Inquiries (NACI)

Supervisory Role: No

Position Expectations:

• Perform all required responsibilities and duties in accordance with JJR's Handbook and job description
• Actively engage in your role, make informed decisions, be accountable for all outcomes, and be a positive influence for JJR
• Deliver exceptional service to internal and external clients, partners, teammates
• Comfortable gaining and maintaining an ATO as a sole responsibility

Duties:

• Provides overall management, guidance, and coordination of Authority to Operate (ATO) package following FedRAMP and Risk Management Framework (RMF) processes to secure multi-tenant, cloud-hosted products (e.g., Software as a Service (SaaS), etc.) for federal agency customers
• Responsible for the development of the System Security Plan (SSP) and attachments using FedRAMP Moderate templates/guidance and RMF
• Create and manage System Diagrams such as Authorization Boundary, Data Flows, Network and Security Logs in association with NIST SP 800-37 and OMB A-130
• Use current NIST 800-53 framework and methodologies to verify security controls are implemented, meet stated control objectives, and ability to document findings in SSP and policies/procedures
• Collaborates with corporate IT support and executives overseeing corporate security to integrate security and incident response policies and procedures across both cloud products and corporate IT infrastructure
• Tracks documents through coordination providing briefings to leadership and technical clarification as needed
• Determines system vulnerabilities and residual risk based on analysis of technical artifacts, interviews with development team, and evaluation of current system state
• Evaluates effectiveness of proposed mitigations and recommends technical/policy changes to mitigate cyber risk
• Creates and maintains the information system's Plan of Action and Milestones (POA&M) documenting compliance gaps and remediation plans
• Evaluates and tracks results of vulnerability scanning, DISA Security Technical Implementation Guides (STIGs), ACAS/Nessus, as necessary to identify and document compliance
• Works with accredited Third-Party Assessment Organization (3PAO) as necessary to support thorough assessment of the information system
• Reviews Security Assessment Report (SAR), develops corrective action plans, receives approval, and tracks implementation of corrective actions
• Ownership of continuous monitoring, including providing periodic security deliverables (vulnerability scans, updated POA&M, annual security assessments, incident reports, significant change requests, etc.)
• * Prepares documentation as requested by Authorizing Officials or outside vendors
• Works with Configuration Management Lead to ensure any/all changes are coordinated through the assessments and authorization approval process to maintain system certification
• Additional duties as assigned

Required Education, Experience, & Skills:

• Thorough understanding of RMF and ATO processes
• 7 years' experience in cyber risk assessment
• Security or equivalent DoD 8570 IAT Level II certification
• Experience with AWS and assessing AWS-hosted systems
• Ability to create System Diagrams using Visio, Draw.io, or other diagramming software
• BS in Cybersecurity, Computer Science, Information Technology, Information Systems, or related field
• JJR may choose to substitute education with relevant experience

Preferred Education, Experience, & Skills:

• Proven success developing a System Security Plan (SSP) and attachments using FedRAMP templates and requirements
• Full understanding of Authorization Boundary Diagrams and Data Flows
• Experience implementing security controls in a FedRAMP Cloud environment
• Experience architecting and securing multi-account Azure environments with consolidated monitoring and scanning
• Cloud security certifications such as Certified Cloud Security Provider (CCSO), CompTIA Security or equivalent relative experience
• CISSP or equivalent DoD 8570 IAT Level III certification
• MS in Cybersecurity, Computer Science, Information Technology, Information Systems, or related field
• Experience working with the VA Office of Information and Technology (OIT)
• Experience obtaining an ATO in the Department of Veterans Affairs, SaaS preferred
• Familiarity with Agile Methodologies and collaboration tools such as JIRA
  

TOTAL COMPENSATION PACKAGE

Salary: In accordance with various state and federal pay transparency regulations, as well as best industry practices, our job descriptions include the salary range we reasonably expect to pay those joining our team, contingent upon little to no training being required. A final salary is subject to a number of factors, including but not limited to the following: years of experience, education, certification(s), training, specialized skills, responsibilities, etc.

The range of pay for this position is $105,000-$149,000.

Core Benefits: Medical, Dental, Vision, 401K, Monthly $200 HSA Match, Complimentary $50k Basic Life and AD&D (eligible employees), STD, Complimentary LTD, AFLAC Coverage, etc.

PTO, Flexible Schedule, and Holidays: Employees receive a robust amount of PTO along with flexible/hybrid working schedules and additional support for new parents. JJR also observes a total of 11 paid federal holidays annually, including: New Year's Day, President's Day, 4th of July, Veteran's Day, Christmas, Martin Luther King Jr. Day, Memorial Day, Juneteenth, Labor Day, Thanksgiving, and Columbus Day.

Professional Development Continued Education Support: We believe employees at all levels benefit from continued growth and learning. As such, JJR is committed to paying the entirety of the cost for job-related certifications and/or training programs as well as contributing towards job-related higher-level education.

EEO Statement

We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, national origin, disability status, protected veteran status or any other characteristic protected by law.

Disclaimer

This description in no way implies that the duties listed here are the only ones the employee can be required to perform. The employee is expected to perform other tasks as dictated by their supervisor or JJR leadership.