Fort Detrick, MD, United States
Logistics Management InstituteWith a legacy of solving the government’s most complex challenges and an outcome-driven model to execute above expectation, LMI transforms missions with solutions that define the new speed of possible.
We are seeking Cybersecurity Specialists to support the US Army Medical Materiel Agency’s (USAMMA) mission to develop, manage and perform end to end life cycle logistics on medical equipment to protect and sustain the Warfighter’s and their families for the Nation. The Cybersecurity Specialist will work directly with DoD and vendors running tests and evaluations on their medical equipment operating systems that will be sitting on the DoD network validating that the systems meets the DoD Risk Management Framework (RMF) requirements ensure the system is not vulnerable to inside and outside threats.
LMI is a consultancy dedicated to powering a future-ready, high-performing government, drawing from expertise in digital and analytic solutions, logistics, and management advisory services. We deliver integrated capabilities that incorporate emerging technologies and are tailored to customers’ unique mission needs, backed by objective research and data analysis. Founded in 1961 to help the Department of Defense resolve complex logistics management challenges, LMI continues to enable growth and transformation, enhance operational readiness and resiliency, and ensure mission success for federal civilian and defense agencies.
- This position is responsible for working with the team supporting our DoD customer to ensure the appropriate administrative, physical and technical information security safeguards are implemented across a portfolio of deployed military medical devices.
- Under general guidance of the Team Lead and the client, the incumbent will conduct information security assessments and testing to ensure the proper implementation of security controls across the environment. This includes populating defined security/risk assessments, identifying gaps and compensating controls, identifying remediation plans, and publishing management reports of results. This position may also participate in incident response investigations, help identify opportunities for product improvement, maintain policies and procedures that are designed to be operationally effective and efficient, and monitor compliance to policies, laws and regulations. The security specialist works with the DoD client to select and deploy technical controls to meet specific security requirements, and defines processes and standards to ensure that security configurations are maintained.
- Conduct evaluations of technical and non-technical security safeguards to demonstrate and document compliance with the DoD's Risk Management Framework (RMF) requirements for security and interoperability.
- Perform information security risk assessments as part of the project lifecycle to ensure that new medical device technology conforms to security standards against internal and external threats.
- Perform Independent verification and validation (IV&V) testing, to include documentation of Plan of Action and Milestones (POAM) data within the DoD system.
- Perform risk assessments of information and technology systems by conducting accurate and thorough assessments of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of information and technology systems.
- Work with security leadership and stakeholders to identify remediation strategies and plans to enforce security requirements and address risks identified in the risk assessment process.
- Along with the Security Architect, advise during application development or acquisition projects to ensure that security controls are implemented as planned.
- Work with other security department members and stakeholders in scoping, planning and conducting third-party penetration testing, code reviews, or security assessments during the information security process.
- Perform risk assessments of third-party technology systems by conducting accurate and thorough assessments of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of DoD information and technology systems.
- Produce information security risk assessment reports that identify gaps with DoD Security Policies & Standards and propose remediation plans.
- Assist in conducting information system activity reviews and participate in Risk Management Framework (RMF) testing exercises and activities: Monitor and test application and network activity for assurance that systems of controls are in place and effective, and for compliance to DoD policies and federal regulations.
- Minimum of two (2) years relevant experience
- Bachelor's degree preferred.
- Public Trust Clearance (NACI)
- Must have an active CompTIA Security Plus certification
- Working knowledge internal controls & IT Risk Assessment and Mitigation procedures
- Technical experience in security-related technologies such as encryption, remote access, anti-virus systems, etc.
- A basic knowledge of the 8 domains of the Common Body of Knowledge for information security:
- Security & Risk Management
- Asset Security
- Security Engineering
- Communications and Network Security
- Identity and Access Management
- Security Assessment and Testing
- Security Operations
- Software Development Security
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Clearance Compliance CompTIA DoD Encryption IAM Incident response Network security Pentesting POA&M Risk assessment Risk Assessment Report Risk management RMF Security assessment Vulnerabilities
More jobs like this
New York City, United … New York City, United States Full TimeMid Mid-levelUSD 100K - 125K USD 100K+
Security Manager: Crisis Management, Threat & Risk MitigationIncident response KPIs Risk assessment SLAs Strategy Vulnerability management
Career development Flex hours Startup environment Team events
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Information Security Analyst jobs
- Open Senior Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Security Operations Engineer jobs
- Open Cyber Security Specialist jobs
- Open Cybersecurity Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Product Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open IT Security Analyst jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open Chief Information Security Officer jobs
- Open Senior Security Architect jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Ingénieur DevSecops H/F jobs
- Open Security Researcher jobs
- Open Information System Security Officer (ISSO) jobs
- Open C-related jobs
- Open Network security-related jobs
- Open Agile-related jobs
- Open ISO 27001-related jobs
- Open CISM-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Analytics-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open DevOps-related jobs
- Open SaaS-related jobs
- Open Threat intelligence-related jobs
- Open Security Clearance-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open CI/CD-related jobs
- Open Splunk-related jobs
- Open EDR-related jobs
- Open APIs-related jobs
- Open DevSecOps-related jobs