Posted in General Business 30+ days ago.
Location: San Antonio, Texas
Tuvli, an Akima Company, is dedicated to providing our customers with superior, integrated technology and program support services and solutions. Our systems engineering, information technology, information assurance, program support and project management staff work closely with customers to ensure that our solutions are directly aligned with their business processes and desired program outcomes. Our personnel enjoy competitive benefits packages and challenging roles in work environments committed to innovation, diversity and opportunity for career growth. As an Alaska Native Corporation (ANC), 100% of our company’s profits go back to our more than 14,000 Iñupiat shareholders that have resided near and above the Arctic Circle for more than 10,000 years. Our business helps support their way of life and contributes to the survival of a culture that has thrived in a challenging environment..
We continually seek motivated people with professional skills and work experience in an extremely wide range of employment fields—from systems engineering and modernization, to IT and cyber security to support personnel for virtually every business operation for today’s military installations. We are a military friendly employer that strongly encourages veterans to bring their relevant experience and expertise on board. What unites us is a passion to deliver the very best value to every Tuvli customer every day we’re on the job.
As part of the USAMEDCOMs transition to the new electronic health record (EHR) and due to new requirements for Cybersecurity through the Risk Management Framework (RMF) it is necessary to certify not only applications and software for servers but also all medical devices and any item that connects not only to the Army MEDCOM network but to the Medical Community of Interest (Med-COI) network.
The candidate will increase the number of RMF packets being processed and approved for an Authority to Operate (ATO) in the DoD eMASS system, throughout the MEDCOM at all MTFs and Clinics globally, to improve the security posture of the MEDCOM networks. Reduce the amount of time it takes to process a package in the eMASS system from start of a package to the ATO through process standardization for Medical devices, Common IT, and Facility related Control Systems (FRCS) such as Air conditioners and power and generator systems that have embedded IT. Improve the Interaction with packet submitters and reviewers to validate the completeness of packets and to make recommendations on certifications based on reviews of the submitted packets and artifacts.
All tasks below will be performed by a Cybersecurity Specialist, with a level II being more expert such as a Subject Matter Expert (SME), and Level I providing basic input and analytical skills consistent with and in compliance with the appropriate certification based on DoD 8570.1-M guidance.
The candidate shall perform the necessary actions to properly scope the level of validation effort that will be required at each respective medical device/system. This includes any pre-coordination necessary to ensure that the size and complexity of the device/system is understood and to ensure that the workload is distributed amongst team members in order to meet the necessary timeframe needed to certify and accredit the device/system. The Contractor shall provide recommendations to the COR to ensure that validation activities are accomplished in the most economical, efficient, and timely manner.
The candidate shall develop all Risk Management Framework (RMF) documentation needed into meet DoD and Army validation requirements. Documentation must be delivered to the US Army-appointed SCA-V in a timely manner so that system/device meets the go live dates at the MTFs.
The candidate shall review RMF-related publications such as those within the DOD, those within the US Army, and shall provide input on those RMF or similar regulatory processes that are implemented through Army Best Business Practices. The contractor will provide recommendations on draft RMF and IA-related publications and will be tasked to provide input in both written and oral form.
The candidate shall aid in the RMF process by providing expert advice on the number of team members required to perform validation activities on each device/system, the amount of time it will take to validate the RMF IA controls on each device or system, and with validating the RMF or similar regulatory controls in accordance with Federal, DOD, and US Army RMF or similar regulatory requirements.
The candidate shall provide ongoing verbal/email assistance to the necessary personnel who are performing the RMF or similar regulatory validation activities or who are working to fix IA controls.
The candidate shall develop and maintain C&A security artifacts such as security plans, contingency plans, risk assessments, privacy impact assessments, incident response plans, configuration management plans, configurations checklists, and interconnection security agreements.
The candidate shall be in compliance with DoD 8570.1-M and all regional and local training requirements according to the latest policies and guidance.
The candidate shall provide the US Government-appointed COR a monthly activity report for each significant action that briefly states what was accomplished. Also, the contractor shall provide trip reports for any location visited for RMF or similar regulatory validation or for any conferences attended. The contractor must write trip reports or weekly activity reports in a format provided by the SCA-V or Contracting Officer’s Representative (COR).
The Contractor shall develop briefing slides that describe tasks completed, ongoing and outstanding tasks for the month, expected completion dates, issues, and concerns. Slide content and delivery schedule may be adjusted by the US Government-appointed SCA-V, the QAE, or the COR.
The candidate shall conduct threat and vulnerability assessments and submit effective measures to minimize such risk to the MEDCOM Cyber Security Program Office.
The candidate shall write and execute test procedures for C&A / A&A effort including STIGs, Nessus/ACAS, Flying Squirrel, Grass Marlin, Wire Shark, CSET, etc.
The contractor shall document residual risks by conducting a thorough review of all the vulnerabilities, architecture and defense in depth and provide the IA risk analysis and mitigation determination results for the Test Report.
The candidate shall travel to CONUS and OCONUS sites to conduct physical and cyber security assessments; conduct complete security baseline and inventory reports and packages.
The contractor shall conduct testing for the integration of proposed new technologies to be included in the enterprise design. The contractor shall research and analyze current DoD and Department of the Army (DA) policies and recommend mitigation strategies.
The candidate shall perform threat, security audits, vulnerability, and conduct risk assessments based on scans and other data pertaining to each system within the eMASS
The contractor shall assist in the maintenance of the current network and systems certification and accreditation statement (ATO), and when directed initiate continuing or re-accreditation processes and procedures when changes effecting the accreditation of the network or attached systems have occurred.
The candidate in accordance with all applicable DoD, Army and MEDCOM policies shall only use DoD/Army approved IA software products, for performing security scans furnished by the Government for use on DoD/Army computers and networks only.
The duties and responsibilities listed in this job description generally cover the nature and level of work being performed by individuals assigned to this position. This is not intended to be a complete list of all duties, responsibilities, and skills required. Subject to the terms of an applicable collective bargaining agreement, the company management reserves the right to modify, add, or remove duties and to assign other duties as may be necessary. We wish to thank all applicants for their interest and effort in applying for the position; however, only candidates selected for interviews will be contacted.
AN EQUAL OPPORTUNITY EMPLOYER
We are Equal Opportunity Employers. Prospective employees will receive consideration without discrimination because of race, color, religion, creed, gender, national origin, age, disability, marital status, protected veteran, sexual orientation, or any other legally protected status.
We are committed to Equal Employment Opportunity and providing reasonable accommodations to applicants with physical and/or mental disabilities. If you have a physical and/or mental disability and are interested in applying for employment and need special accommodations to use our website to apply for a position please contact, Recruiting Services at firstname.lastname@example.org or 571-353-7053. The dedicated email and telephonic options above are reserved only for individuals with disabilities needing accessibility assistance. Please do not use the dedicated phone number above to call on the status of your job application if you do not require accessibility assistance or an accommodation. Reasonable accommodation requests are considered on a case-by-case basis.
In order for our company to stay compliant with government regulations, please apply on line. Please DO NOT email resumes or call in lieu of applying online unless you have a physical and/or mental disability and need assistance with the online application.