Cybersecurity III with Security Clearance

Overview MCR, an SPA company, is a fast-growing global company headquartered in Northern Virginia that supports defense and civilian agencies, NATO, and European ministries that face some of the most complex mission challenges in the world. If you are the best at what you do, we are looking for you. At MCR/SPA, you will contribute to programs and projects that matter-to your career, to your fellow citizens, and to your nation. You will use the latest technologies, techniques, and tools. You will be trusted to work independently and make decisions. You''ll be rewarded with top-tier compensation and benefits. Do you have previous Cybersecurity experience? Are you looking to play a meaningful role in a creative environment? If so, we are searching for someone like you to join our team of experts in supporting military and DoD operations. Responsibilities As a Cybersecurity III, you will be joining our team supporting the US Air Force HI EPASS Contract. The activities involve ensuring the confidentiality, integrity, and availability of systems, networks, and data through the planning, analysis, development, implementation, maintenance, and enhancement of information systems security programs, policies, procedures, and tools. Y ou shall be part of AFLCMC/HI Business and Enterprise Systems, The JOCAS II Program provides cost accounting for AF major range and test facility bases, research labs and space launch facilities so they can produce reliable and timely management reports, journal vouchers and SF-1080 bills. JOCAS II also tracks time and attendance for all nine JOCAS II sites. The AFLCMC/HIZ Security Control Assessor Representative (SCAR) is responsible for assessing application and software cybersecurity (confidentiality, integrity, and availability) readiness by performing individual internal assessments as part of the Risk Management Framework. The SCAR candidate must have specific knowledge of application, system, and network security, technologies, processes, and practices designed for prevention of damage to, protection of, and restoration of computers, electronic communications systems, electronic communication services, wire communication, and electronic communication, including information contained therein, to ensure its availability, integrity, authentication, confidentiality, and non-repudiation. The successful candidate will perform work that applies a broad theoretical and practical knowledge of Cybersecurity. Your duties may include but are not limited to: * Evaluates IT infrastructure in terms of risk to the organization and establishes controls to mitigate loss. * Documents business processes within process narratives or flowcharts, identifying risks and mitigating controls. * Develops risk and control matrices and test plans for key controls. * Identifies control gaps and tests the design of existing controls. * Formulates clear and concise conclusions on internal controls and business process and efficiencies. * Supporting the system/application authorization and accreditation (A&A) effort, to include assessing and guiding the quality and completeness of A&A activities, tasks and resulting artifacts mandated by governing DoD and AF policies (i.e., Risk Management Framework (RMF) * Recommending policies and procedures to ensure information systems reliability and accessibility and to prevent and defend against unauthorized access to systems, networks, and data * Conducting risk and vulnerability assessments of planned and installed information systems to identify vulnerabilities, risks, and protection needs * Promoting awareness of security issues among management and ensuring sound security principles are reflected in organizations'' visions and goals * Recommending systems security contingency plans and disaster recovery procedures * Recommending and implementing programs to ensure that systems, network, and data users are aware of, understand, and adhere to systems security policies and procedures * Participating in network and systems design to ensure implementation of appropriate systems security policies * Facilitating the gathering, analysis, and preservation of evidence used in the prosecution of computer crimes * Assessing security events to determine impact and implementing corrective actions * Ensuring the rigorous application of information security/cybersecurity policies, principles, and practices in the delivery of all IT services. Qualifications Required Qualifications: * Advanced Degree (MA/MS) in Computer Science, Information Technology or other Engineering Discipline and 12 years of experience, 5 of which must be in the DoD, or BA/BS Degree in Computer Science, Information Technology or other Engineering Discipline and 15 years of experience in the respective technical/professional discipline being performed, 5 of which must be in the DoD, or, 20 years of directly related experience with proper certifications, 8 of which must be in the DoD * Minimum 5 - 10 years information Technology experience implementing/configuring cybersecurity mechanisms /technologies * Expertise and support in implementing cybersecurity technologies (formally Information Assurance (IA)) * Experience within Federal Government in support of cybersecurity practices for Business Enterprise System * Knowledge and experience working with eMASS * Experience with implementing Risk Management Framework (RMF) * Must have experience with NIST SP 800-53 security controls and the understanding of control implementations * Must be willing to learn and use cybersecurity testing tools * Possess the advanced knowledge, experience, and recognized ability to be considered an expert in your technical/professional field, possess the ability to perform tasks and oversee the efforts of junior and mid-level personnel within the technical/professional discipline * Demonstrate advanced knowledge of their technical/professional discipline as well as possess a comprehensive understanding and ability to apply associated standards, procedures and practices in their area of expertise. (Program Office, Enterprise and Staff Level Support interface) * Active Secret clearance is required Desired Qualifications: * Working knowledge of the Agile Development methodology * Experience using any, or all, of the following tools (Desired): * CheckMarx, SonarQube, Jira, Confluence, Fortify, Burpsuite Professional, HCL AppScan, Trustwave AppDetectivePro

Created: 2025-10-04