Must have minimum of 4 years of experience
Required:Minimum of DOD 8570 IAM Level II Certification: CAP, GSLC, CISM, CASP CE, CISSP (or Associate), or IAT II : GSEC, Security + CE, SSCP, CCNA-Security
Cybersecurity professionals to perform as Operational Assessment team members with strong operational Information Assurance experience. The teams will be responsible for assisting C4 CY in the system security engineering review processes, to include cyber security assessments, security test and evaluation (ST&E) review, establishing and updating system security test methodologies and reporting, oversight and direction of internal staff assistance ST&E. The contractor shall also assist the government in the oversight and direction of operating forces internal ST&E.
Inspections and AssessmentsProvide capability to conduct cyber security assessments to ensure compliance with the Command Cyber Readiness Inspection (CCRI) Program (https://disa.deps.mil/ext/cop/FS-CCRI/inspections/SitePages/Command_Cyber_Readiness_Inspection_ (CCRI) _Program.aspx) and to USCYBERCOM, DISA and USMC standards. This includes vulnerability scanning, infrastructure reviews, documentation reviews, traditional security assessments, compliance checking of databases, SharePoint, evidence of past intrusions, and application hosting environments.
Provide capability to conduct Wireless, Windows, Unix, Linux, Database, and Application, infrastructure security assessments in accordance with the DISA STIGs, and DoD and USMC guidance.
Provide capability to locate and assess ICS/SCADA systems on the MCEN.
Provide daily update brief in writing during on-site assessment.
Provide final day written and oral out brief to command and HQMC C4 CY for each assessment.
Provide input to command mitigation plan within 10 business days of assessment.
Regional and Programmatic Support
Provide capability to conduct automated source code review for systems and application on MCENProvide full evaluation of the security and mission assurance status of the MCEN, to include security configuration and patching, contingency and disaster recovery planning, security objective validation, and end-user IA awareness.
Provide periodic, recurring vulnerability testing and remediation efforts for all organizations within the Regional Area of Responsibility (AOR) and provide remediation recommendations. AOR includes support for deploying forces as an integrated element of pre-deployment work-ups and exercises.
Provide support to the government in updating and promulgating of the integrated Marine Corps CY Assessment Team Concept of Operations (ConOps) to leverage available assessment resources. The support shall incorporate unit or command ISSMs and IA Technicians, Marine Corps Operational Testing & Evaluation Activity (MCOTEA), and MCNOSC resources to provide a repeatable process for assessment of the MCEN.
Provide support to the government in developing and promulgating an integrated assessment teams testing schedule. The testing schedule shall optimize available resources to best meet the testing and mitigation priorities of the Marine Corps.
Implement a periodic vulnerability scanning process that uses the Marine Corps IA workforce to ensure that all systems are maintained in compliance with required patch levels and secure configuration policies (protection against security degradation).
Desired Experience and Education3 years conducting DoD network assessments
5 years of experience conducting code reviews
4 years’ experience conducting ICS/SCADA inspections
Combination of team members certified in each technology area of CCRI to field a full inspection team
2 years’ experience in conduction training