Overview:
Quantum Research International, Inc. (Quantum) is a certified DoD Contractor providing services and products to US/Allied governments and industry in the following main areas: (1) Cybersecurity, High Performance Computing Systems, Cloud Services and Systems; (2) Space and Ground Support Systems; (3) Aviation Systems; (4) Missile Systems; (5) Artificial Intelligence/ Machine Learning Systems and Experimentation/Training; and (6) Audio Visual Systems and Services. Quantum's Corporate Office is in Huntsville, AL, but Quantum actively hires for positions nationwide and internationally. We pride ourselves on providing high quality support to the U.S. Government and our Nation's Warfighters. In addition to our corporate office, we have physical locations in Aberdeen; MD; Colorado Springs, CO; Orlando, FL; Crestview, FL; Madison, AL, and Tupelo, MS.

Mission:

As a member of the NGA DEFENDER Cybersecurity Software Assurance team, the contractor helps to determine the risk of using commercial, government, and open-source software within NGA and employs software code analysis techniques to mitigate risk during Software Development Life Cycles (SDLC). The Team analyzes the security of new or existing computer applications, software, or specialized utility programs on or preparing to deploy on NGA systems and provides actionable results. This position is available immediately and supports the National Geospatial-Intelligence Agency (NGA) onsite at NGA headquarters in Springfield, VA.

Responsibilities: The Authorizing Official/Designating Representative-Advanced filling the Authorizing Official/Designating Representative serves a Delegated Contractor support for a Senior official or executive with the authority to formally assume responsibility for operating an information system at an acceptable level of risk to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation (CNSSI 4009).

Specific responsibilities include:

• Manage and approve Accreditation Packages (e.g., ISO/IEC 15026-2).
• Establish acceptable limits for the software application, network, or system, and review authorization and assurance documents to confirm that the level of risk is within acceptable limits for each software application, system, and network.

Requirements:

• Bachelor's degree in Computer Science or Information Systems or other technically relevant degree. In lieu of degree, CCISO, CISM, CISSP-ISSEP, or CISSP-ISSMP may be accepted in conjunction with years of experience.
• Knowledge of risk management processes (e.g., methods for assessing and mitigating risk), cybersecurity and privacy principles, cyber threats and vulnerabilities, and the specific operational impacts of cybersecurity lapses.
• Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
• Understanding of cyber defense and vulnerability assessment tools and their capabilities, cryptography and cryptographic key management concepts.
• Knowledge of organization's enterprise information security architecture, and its evaluation and validation requirements, and the organization's core business/mission processes.
• Expertise with the Security Assessment and Authorization and Risk Management Framework (RMF) processes, and the cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data.
• Understands current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities.
• Knowledge of new and emerging information technology (IT) and cybersecurity technologies.
• Understands applicable laws, statutes (e.g., in Titles 10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures.
• Understands network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
• Knowledge of security architecture concepts and enterprise architecture reference models (e.g., Zachman, Federal Enterprise Architecture [FEA]), and of security models (e.g., Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model).
• TS/SCI eligible, subject to CI Polygraph.
• IAM Level 3

Desired/Preferred Skills

• Discern the protection needs (i.e., security controls) of information systems and networks, and to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
• Develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities.
• Coordinate cyber operations with other organization functions or support activities.
• Interpret and apply laws, regulations, policies, and guidance relevant to organization cyber objectives.
• Work across departments and business units to implement organization's privacy principles and programs and align privacy objectives with security objectives.
• Relate strategy, business, and technology in the context of organizational dynamics.
• Understands technology, management, and leadership issues related to organization processes and problem solving.
• Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.

Equal Opportunity Employer/Affirmative Action Employer M/F/D/V: All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability, veteran status, genetic information, sexual orientation, gender identity, or any other characteristic protected by law. *Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.