Cybersecurity Specialist

Systems Planning and Analysis, Inc. (SPA) delivers high-impact, technical solutions to complex national security issues. With over 50 years of business expertise and consistent growth, we are known for continuous innovation for our government customers, in both the US and abroad. Our exceptionally talented team is highly collaborative in spirit and practice, producing Results that Matter. Come work with the best! We offer opportunity, unique challenges, and clear-sighted commitment to the mission. SPA: Objective. Responsive. Trusted.  

The Joint, Office of the Secretary of Defense, Interagency Division (JOID) provides expert support services to a range of customers spanning across the Department of Defense, Federal, Civilian, and International markets. JOID provides a diverse portfolio of analytical and programmatic capabilities to help our customers make informed decisions on their most challenging issues.

SPA's NATO Allied Command Transformation (ACT) Group within JOID provides capability development, portfolio management, program management, quality management, cost estimation analysis, standardization, reporting, software solutions and information management, and capability management support. We also provide an improved capability requirements capture process, including the generation, documentation and tracing of user requirements, with appropriate technical scrutiny, over the entire lifecycle of the requirements from capability definition through capability realization and capability usage.

NATO HQ SACT's Innovation Lab (iHub), built on the concept of Open Innovation, provides a catalogue of innovative products and services to its operational customers. The iHub products, also known as Minimum Viable Products (MVPs), are developed following best industry, Agile DevSecOps methods with strong focus on rapid, iterative delivery that meets customers’ requirements.

SPA has an immediate need for a Cybersecurity Specialist to support HQ SACT's Innovation Hub onsite in Norfolk, VA.

The Cybersecurity Specialist will assess and enhance security for the Innovation Hub Laboratory Capability through implementing security-first policies in the Innovation Hub. The successful candidate will collaborate with relevant (NATO) organizations to achieve ACT cloud-based information system (Platform) and software products accreditation, and to obtain NATO specific Approval for Testing. Will create and maintain necessary security documentation for rapid NATO network deployment and provide security accreditation guidance to the Innovation Hub's platform, infrastructure, and MVP teams throughout product life cycles. Will conduct security risk assessment in support of products/services based on cloud computing architectures (public cloud); in particular, identify the level of threats and vulnerabilities for all the assets comprising products/services, derive the residual risks, and provide risk management recommendations.

Required:

• Active NATO or National Secret (or higher) security clearance
• Bachelor's or Master's degree in Information and Communication Technologies (ICT), Computer Science, or related discpline; OR 8 years of experience as a Cybersecurity Professional
• Proven knowledge of software development (Agile/DevSecOps) as, for example, Developer or Solution/Software Architect, and their relevancy to security
• Experience working as a Security professional within the NATO enterprise or at a national level, including knowledge of the NATO/National Security policies and supporting directives
• Able to identify, engineer, implement, and monitor security measures for the protection of computer systems, networks, and information, based on security risk assessment methodologies and tools
• Knowledgeable of (self-hosted) cloud native applications and associated production cycles
• Knowledgeable of industry standard security tools (SonarQube, Nessus, etc.) and able to create tailored configurations applicable to specific information systems
• Proven knowledge with modern software solutions, technologies, and concepts (anti-virus software, intrusion detection, firewall, content filtering, Cloud, Docker, IdAM, Proxy, CI/CD, technology stacks, and other relevant technical concepts) and their relevancy to security
• AWS (or similar) Security Specialties certification

Desired: 

• Knowledge of information security management frameworks ISO/IEC 27001 and/or ISO/IEC 27005 and/or an (active) CISSP certification
• Experience with Agile teams and Minimum Viable Products (MVPs)
• Experience with or knowledgeable about NATO's standards for security