2025-0266 Service Support Specialist

In support of MARCOM’s mission, the Service
Support Specialist is responsible for providing comprehensive cybersecurity
support for PLT012 services, including the development and maintenance of
Security Accreditation documentation in accordance with applicable standards
and frameworks. This effort includes conducting technical testing to support
risk assessments and security verification activities, ensuring accurate
identification of vulnerabilities and validation of security controls.
Additionally, the contractor will monitor, track, and coordinate the mitigation
of identified vulnerabilities, both from audits and recurring assessment
reports, to promote timely remediation and strengthen the overall security
posture of deployable CIS assets. 

Each sprint is planned for a duration of 1
calendar month and each sprint will consist of 3 deliverables: 

• Develop, update, and maintain comprehensive
  Security Accreditation documentation in support of PLT012 services, ensuring
  compliance with applicable security standards, policies, and accreditation
  frameworks.
  
• Conduct technical testing activities in
  support of Security Risk Assessments and Security Testing and Verification
  processes, ensuring identification of vulnerabilities, validation of security
  controls, and alignment with organizational security requirements.
  
• Monitor, track, and coordinate the
  mitigation of vulnerabilities identified during the most recent technical
  security audit of deployable CIS assets, as well as those reported in weekly
  Online Vulnerability Assessment Reports and Detailed Cyber Security Hygiene
  Indicator Reports, ensuring timely remediation and continuous improvement of
  the system’s security posture.
  

The content and scope of each sprint will be
agreed during the sprint-planning meeting, in writing, based on the activities
mentioned above.

Requirements

This work requires a resource the following
qualifications and experience:

• The candidate has a security clearance,
  provided by the national security organization valid at the time of submission
  of the bid and covering the period of the contract.
  
• Minimum 2 years of experience with
  vulnerability scanning tools (e.g. Tenable/Nessus, Qualys, OpenVAS).
  
• Strong understanding of security
  accreditation and certification processes (e.g. NIST RMF, ISO 27001, DoD RMF).
  
• At least one of the following industry level
  certifications or equivalents: CISSP, CISM, CRISC, CAP.
  
• ITIL v4 Foundation level or higher
  certification. 
  
• Higher Secondary education and completed
  higher vocational training leading to a formal technical or professional
  certification with 3 years cyber security or information assurance experience,
  or a Secondary education and completed advanced vocational training leading to
  a professional qualification or professional accreditation with 5 years cyber
  security or information assurance experience.
  
• Ability to interpret and implement security
  policies, standards, and control frameworks. 
  
• Ability to work independently and manage
  multiple tasks simultaneously.
  
• Demonstrated ability to work collaboratively
  in a team environment and interact positively with multiple departments
  
• Excellent written and verbal communication
  skills, capable of conveying complex technical information in a user-friendly
  manner
  
• Demonstrated ability to handle stressful
  situations with calmness, ensuring the user feels supported throughout their
  interaction. Empathetic and patient, understanding the frustrations users may
  feel and aiming to alleviate them. Positive attitude and a genuine desire to
  assist and educate users.
  
• Strong analytical skills, capable of quickly
  identifying issues and determining the most efficient resolution.
  
• Willingness and ability to periodically
  deploy aboard NATO vessels under variable and physically demanding conditions,
  including the capability to lift and carry equipment weighing up to 20
  kilograms. 
  
• Desirable qualifications and experience
  
• Knowledge and experience of working with NCI
  Agency.
  
• Knowledge and experience of working within
  policy, procedures, and organization of NATO CIS.
  
• Knowledge and experience with agile
  implementation methodology.
  
• Familiarity with deployable CIS
  (Communications and Information Systems) environments