Jamf Nation Community

As the Senior Information Security Specialist, the candidate will provide advanced

technical and senior engineering level support for the Macintosh Center of Excellence. Will work as

part of a collaborative team tasked with providing full-range IT support for the JSP’s Mac environment

and underlying Mac support systems. This includes Tier I through Tier IV support services covering

user support, operations, and engineering functions. Candidate will develop solutions, utilize the Risk

Management Framework, and implement security best practice using the DISA STIG, NIST, and

other government approved security guidance. Candidate will provide system, network, and security

engineering expertise and guidance for all aspects of information assurance, including those systems

required to meet DoD regulations and requirements for the specified system.

Highlights of Responsibilities:

• Perform system specific Risk Management Framework (RMF) related tasks throughout all

stages of a system’s lifecycle

• Manage system security packages in DOD Enterprise Mission Assurance Support System

(eMASS) throughout system authorization cycles, including, system registration, as well as

the uploading and maintenance of system security packages, Plans of Action & Milestones

(POA&M) entry and tracking, and system decommissioning

• Conduct technology assessments, reviews, and technical inspections to identify and mitigate

potential security weaknesses and to ensure all applicable security features and functionality

are implemented and function as intended and required.

• Collaborate with team members to perform self-assessment and hardening of workstations,

servers, network devices, and clinical devices including the application of Secure Technical

Implementation Guidelines (STIG) and running hardening and security artifact collection

scripts and Security Content Automation Protocol (SCAP) and Assured Compliance

Assessment Solution (ACAS) scans.

• Proactively maintain awareness and understanding of current and emerging threats and

vulnerabilities and their potential impact on organizational mission accomplishment, DoD

safety, and security of customer data.

• Apply security patches, IAVAs, STIGS, and updates for all assigned systems

• Implement and manage disaster recovery and COOP plans, systems, and operations.

• Ensures technical system documentation required for A&A packages is complete and clearly

supports validation and ATO in accordance with system security requirements.

• Performs comprehensive A&A tasks including package development, controls analysis, risk

assessment, contingency planning, security test & evaluation, risk mitigation analysis, and

technology assessments.

• Utilizes application NIST and FIPS standards and guidance documents to register and

complete accreditation packages in the DISA eMASS system.

• Maintains and supports current and ongoing A&A packages to ensure uninterrupted delivery

of information technology systems for the organization.

• Reports on assessment process status, participates in Independent Verification & Validation

(IV&V) activities, conducts/oversees IV&V testing as required, and assists system certifiers

during evaluations.

• Reviews regulatory security policies, as well as best practices, and develops the technical

solution required in order to implement those requirements on clients and servers

• Works with System and Network Administrators to monitor the security posture of all

networked systems and applications and take appropriate steps to quickly deal with any

vulnerabilities.

QUALIFICATIONS

• Clearance Required: US Department of Defense (DOD) Secret clearance

• Strong customer service orientation

• Proven analytical and problem-solving abilities

• Ability to effectively prioritize and execute tasks in a high-pressure environment

• Excellent written, oral, and interpersonal communication skills

• Ability to present ideas in business-friendly and user-friendly language

• Highly self-motivated and directed

• Keen attention to detail

• Team-oriented and skilled in working within a collaborative environment

• Above average written and oral communication skills

• Ability to document tasks and requirements

Required Education and Experience:

• Professional Experience: 10 Years of professional IT experience with at least 4 years in the

area of RMF and Server/Service STIG’ing

• Required Education: Bachelor’s degree or equivalent

• DODI 8570 IAT-II compliance

• CISSP, CSSLP, CISA, CISM, GCED, GCIH

• Active Directory, LDAP, Kerberos, Single Sign-On, OATH, SAML

• Proficiency with ACAS and HBSS/Trellix and mitigation strategies

• Possess and maintain a comprehensive understanding of federal security regulatory

requirements and security frameworks including DoD/DISA IT Security and IA policies, RMF,

NIST SP 800-series, FISMA, FIPS, FedRAMP, policies, directives, publications, etc.

• Assessment, mitigation, and closure of network vulnerabilities and vulnerability management

• Establishing, managing, and tracking of Plan of Action & Milestones (POA&M)

• Applying STIGs to servers, databases, applications, and other hardware

• Excellent understanding of the DoD RMF lifecycle and NIST 800-53 controls implementation

• Awareness of NIST Special Publication 800-219, Automated Secure Configuration Guidance

from the macOS Security Compliance Project (mSCP).

• Working knowledge of operational control systems and implementing a variety of security

assessment tools

• Familiarity with DoDIN CCRI/CCORI and CYBERCOM TASKORDS

Desired Bonus Experience:

• Knowledge of macOS, iOS, and iPadOS

• Knowledge of Apple device management using EMM (Jamf)

• Knowledge of Apple hardware; MacBook Pro, Mac Studio, Mac Mini, iPhone, iPad

• DoD Cloud Computing

Physical Requirements:

This position requires the ability to perform the below essential functions:

• Sitting for long periods

• Standing for long periods

• Stoop, kneel, crouch, or crawl as required

• Lift and carry weight up to 50 pounds

Interested? Please Contact David Lewis dflewis@empower.ai