ECS is seeking a NAV Senior Cyber Security Specialist to work in our Silver Spring, MD office.
- Operational Technology (OT) subject matter expert for NOAA's Office of Marine and Aviation Operations with responsibility for ensuring that all cyber security and cyber safety requirements are met in ongoing and future ship construction efforts.
- The incumbent will work with multiple Federal Agencies in support of ship construction processes, and interact with technical staff from Government, contractors and subcontractors directly involved in ship construction and outfitting.
- Responsible for a wide range of assignments and projects relative to information systems and security matters.
- The incumbent ensures the confidentiality, integrity, and availability of systems, networks, and data through the planning, analysis, development, implementation, and maintenance phases of projects, and is called on to recommend improvements to OMAO information systems security programs, policies, procedures and toolsets.
- Initial work involves overseeing the implementation of cybersecurity requirements for control and communication systems aboard NOAA's new Auxiliary General Oceanographic Research (AGOR) Variant (NAV) ship including 1) all equipment or interconnected system or subsystem of equipment that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information and 2) hardware and software included in machinery control systems, bridge systems, navigation systems, dynamic positioning systems, and exterior communication systems.
- Responsible for NAV cyber security documentation. Guides system administrators in the removal of unnecessary services and programs; implementation of intrusion detection systems, intrusion protection systems and other technical security measures.
- Ensures that system administrators follow best practices and relevant configuration management requirements with respect to system and information integrity; changes to file system and operating system permissions; hardware configuration; installation of operating systems, applications, and third-party software updates; firewalls; identification and authentication; systems communications protection; configuration management; contingency planning; testing; and audit and accountability.
- The incumbent will also interface with other OMAO MACC personnel to ensure that NAV work meets existing DOC/NOAA/OMAO requirements and integrates with the existing OMAO system accreditation boundary.
- Incumbent may also be required to conduct analysis of legacy systems on existing OMAO ships to determine gaps in security controls or operational practices that must be avoided in the NAV project.
- Incumbent may also expect other taskings related to the work described above consistent with an expert-level cyber security practitioner.
- Travel to Government locations, shipyard and other commercial facilities will be required to support field work and/or meetings.
- Bachelor's Degree in science, engineering, or administration
- Expert-level knowledge of information technology (IT) and operational technology (OT) security with specific emphasis on securing systems including converged systems that involve both IT and OT, supervisory control and data acquisition systems (SCADA) and industrial control systems (ICS) that employ programmable logic circuits (PLCs) and discrete process control systems (DPCS).
- Expert-level knowledge in the application of the NIST Risk Management Framework and NIST Special Publications (in particular, experience applying the guidelines in NIST SP 800-82, Guide to Industrial Control Systems (ICS) Security.
- Ability to perform threat and vulnerability analysis; determine deviations from acceptable configurations, enterprise or local policy; assess the level of risk; and develop and/or recommend appropriate mitigation countermeasures in operational and nonoperational situations.
- Familiarity with Windows and Unix-based operating systems to include experience working with vendor-specific implementations of commercially available OSs.
- Skill in quickly identifying relevant threatened vulnerability information from vendors, open source information and industry consortiums and applying that information to target environments.
- Ability to communicate very complex technical information to a wide variety of audiences, both orally and in writing.
- Skill in dealing with controversial subjects to gain cooperation of resistant parties using diplomacy and tact.
- Cybersecurity experience with commercial or public ships or unmanned systems.
- Specific experience acting as a cyber subject matter expert on design reviews and security control assessments is preferred.
ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis of race, color, religion, gender, age, national origin, citizenship, disability, veteran status or any other classification protected by federal, state, or local law. ECS promotes affirmative action for minorities, women, disabled persons, and veterans.
ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3000+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.