AECOM Network Cybersecurity Manager in Yuma, Arizona
Business Line Government
Position Title Network Cybersecurity Manager
United States of America - Arizona
Manages range network Cyber Security (CS) operations and directs the work of all local range IA team members in accordance with contract requirements including:
Support A&A efforts
Support Compliance efforts
Network boundary protection
Oversee monitoring of information system activity and execute and review system audits to include system logs and records
Oversee the vulnerability scans using manual and automated tools in accordance with DoD regulations
Provide CS leadership as needed for technical staff to deploy new capabilities on schedule and operate them securely.
Oversee network Information Assurance Vulnerability Alerts (IAVA) compliance.
Review networks/systems for compliance with Government statutes, DoD 8500.2 IA Controls, DoD FISMA directives, DoD and DoN policies and regulations in accordance with contract requirements.
Coordinate, write, edit, review, and assess DIACAP packages including SIP (System Identification Profiles, DIPs (DIACAP Implementation Plans), Scorecards, POA&Ms, DIACAP Artifacts, and IA (Information Assurance) Controls.
Develop and subsequently update/maintain a Plan of Action and Milestone (POA&M) in order to track the resolution of vulnerabilities identified on systems.
Supports annual review of all Certification and Accreditation Documents, Local CS Procedures and Work Instructions to ensure enforceability and accountability of the current network environment.
Document, evaluate, and report all security risks and violations to Range and Program Office Management.
Assist with Commands Security Violation and Incident Reporting procedures.
Ensure IA requirements are identified and included in the design, acquisition, installation, operation, upgrade, or replacement of all Information Technology (IT) dependent systems.
Assist in the development of and implementation of configuration management procedures as a member of the Configuration Management Board
Assist the ISSM with the development of the IA Department and related Policies, Procedures, and Work Instructions.
Attend IA security training as required to maintain and gain knowledge and skills of current IA issues.
Position requires ability and commitment to provide coverage outside normal working hours or shifts in daily hours, as warranted, not to interfere with Range Operations.
Work Environment, Physical Demands, and Mental Demands:
Typical office environment with no unusual hazards, occasional lifting to 20 pounds, constant sitting while using the computer terminal, constant use of sight abilities while reviewing documents, constant use of speech/hearing abilities for communication, constant mental alertness, must possess planning/organizing skills, and must be able to work under deadlines. Routine travel to remote site facilities may be involved. May involve work in different environments (labs, outside locations, etc.) Work occasionally involves standing for long periods. May require work using and/or wearing protective equipment. Work is occasionally performed in a shop or other facility environment that is moderately lighted, heated and ventilated. While performing the duties of this job, the employee is regularly required to stand; use hands to finger, handle, or feel; and talk or hear. The employee frequently is required to walk; reach with hands and arms; and stoop, kneel, crouch. The employee is occasionally exposed to moving mechanical parts, extreme heat, and vibration. The employee is occasionally exposed to wet and/or humid conditions; and outside weather conditions. Routine travel to CTTR Ranges may be involved. Routine travel to remote sites and facilities may be involved in daily activities.
Requires Bachelor’s Degree in an Information Technology related discipline (engineering, computer science, information systems, etc) plus 6 years of IT/IA experience or at least 10 years of experience in lieu of degree in a combination of IA Training, IT Certification and progressive work experience in the areas of
DoD Certification and Accreditation
Information System Security
Vulnerability Assessment and Mitigation
Network Security Auditing
Minimum Experience Requirements
Hands on experience in the following areas:
Lifecycle support of the DoD Certification and Accreditation (C&A) Process (DIACAP or RMF)
Managing C&A using Enterprise Mission Assurance Support Service (eMASS)
Conducting Network Vulnerability Scanning, Assessment and Mitigation
Security Event Correlation and Security Monitoring
Security Test and Evaluation (ST&E) procedures, coordination of security measures including analysis, periodic testing, evaluation and verification, risk analysis reporting and determining appropriate mitigation measures.
Securing Networks and Operating Systems (Cisco, Windows, and Linux) to Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIG) standards.
Host Based Security System (HBSS) Administration
Assured Compliance Assessment Solution (ACAS) Administration
Installation and monitoring of network IDS and firewalls such as Cisco PIX or other similar technologies.
Minimum Position-Specific Training Required
Must maintain DoD 8570.1 certification requirements for IAT-III
Requires documented training in the following areas, network infrastructure (Cisco), Microsoft Server Administration
Host Based Security System (HBSS) Training Certification of Completion.
Assured Compliance Assessment Solution (ACAS) Training Certification of Completion
VMware training desirable
Must maintain DoD 8570.1 certification requirements for IAT-III
Must possess a valid state Driver’s License.
Must possess and maintain an active DoD Security clearance
BA/BS in Information Systems Management, Computer Science or related discipline plus 5 years of experience. In lieu of formal education, at least 10 years of related experience. Specific contract requirements regarding education and experience will prevail.
Five (5) years’ experience in the C&A functional area defining or evaluating computer security requirements for applications or networks. Experience developing policies and procedures to ensure information systems reliability and accessibility and to prevent and defend against
What We Offer
AECOM is a place where you can put your innovative thinking and business skills into high gear and work alongside other highly intelligent and motivated people. It's a place where you can apply your skills to some of the world's most challenging, interesting, and meaningful projects worldwide. It's a place that values the diversity of our areas of practice and our people. It's what makes AECOM a great place to work and grow. AECOM is an Equal Opportunity Employer.
At AECOM, employee's safety and security are our top Safeguarding core value. All employees are expected to set the highest level of safety expectation in their work, display the highest level of safe behavior, and actively participate in AECOM's Safety For Life Program. SH&E is a part of our company culture and participation is required for all employees.
NOTICE TO THIRD PARTY AGENCIES: Please note that AECOM does not accept unsolicited resumes from recruiters or employment agencies. In the absence of a signed Recruitment Fee Agreement, AECOM will not consider or agree to payment of any referral compensation or recruiter fee. In the event a recruiter or agency submits a resume or candidate without a previously signed agreement, AECOM explicitly reserves the right to pursue and hire those candidate(s) without any financial obligation to the recruiter or agency. Any unsolicited resumes, including those submitted to hiring managers, are deemed to be the property of AECOM.
Job Category Information Technology
Business Group Management Services Group (MS)
Country United States of America
Position Status Full-Time
Requisition/Vacancy No. 190377BR
Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status.