3128 Security Support Specialist

CIS Security Accreditation
- Vulnerability Testing
- Iterative approach using sprints.

**Required Security Clearance**:NATO SECRET

**SCOPE OF WORK**
CSU Northwood is looking to resource the Service Support Specialist function which is providing the PLT012 Maritime Command and Control Platform (MAR C2P) Service1 to the Allied Maritime Command users.

The resource will be part of the wider CSU Northwood support team and will provide the service using an agile and iterative approach during multiple sprints.

In support of MARCOM's mission, the Service Support Specialist is responsible for providing comprehensive cybersecurity support for PLT012 services, including the development and maintenance of Security Accreditation documentation in accordance with applicable standards and frameworks. This effort includes conducting technical testing to support risk assessments and security verification activities, ensuring accurate identification of vulnerabilities and validation of security controls. Additionally, the contractor will monitor, track, and coordinate the mitigation of identified vulnerabilities, both from audits and recurring assessment reports, to promote timely remediation and strengthen the overall security posture of deployable CIS assets.

Each sprint is planned for a duration of 1 calendar month, and each sprint will consist of 3 deliverables:

- Develop, update, and maintain comprehensive Security Accreditation documentation in support of PLT012 services, ensuring compliance with applicable security standards, policies, and accreditation frameworks.
- Conduct technical testing activities in support of Security Risk Assessments and Security Testing and Verification processes, ensuring identification of vulnerabilities, validation of security controls, and alignment with organizational security requirements.
- Monitor, track, and coordinate the mitigation of vulnerabilities identified during the most recent technical security audit of deployable CIS assets, as well as those reported in weekly Online Vulnerability Assessment Reports and Detailed Cyber Security Hygiene Indicator Reports, ensuring timely remediation and continuous improvement of the system's security posture.

The content and scope of each sprint will be agreed during the sprint-planning meeting, in writing, based on the activities mentioned above.

**SKILL, KNOWLEDGE & EXPERIENCE**
This work requires a resource the following qualifications and experience:

- Minimum 2 years of experience with vulnerability scanning tools (e.g. Tenable/Nessus, Qualys, OpenVAS).
- Strong understanding of security accreditation and certification processes (e.g. NIST RMF, ISO 27001, DoD RMF).
- At least one of the following industry level certifications or equivalents: CISSP, CISM, CRISC, CAP.
- ITIL v4 Foundation level or higher certification.
- Higher Secondary education and completed higher vocational training leading to a formal technical or professional certification with 3 years cyber security or information assurance experience, or a Secondary education and completed advanced vocational training leading to a professional qualification or professional accreditation with 5 years cyber security or information assurance experience.
- Ability to interpret and implement security policies, standards, and control frameworks.
- Ability to work independently and manage multiple tasks simultaneously.
- Demonstrated ability to work collaboratively in a team environment and interact positively with multiple departments.
- Excellent written and verbal communication skills, capable of conveying complex technical information in a user-friendly manner.
- Demonstrated ability to handle stressful situations with calmness, ensuring the user feels supported throughout their interaction. Empathetic and patient, understanding the frustrations users may feel and aiming to alleviate them. Positive attitude and a genuine desire to assist and educate users.
- Strong analytical skills, capable of quickly identifying issues and determining the most efficient resolution.
- Willingness and ability to periodically deploy aboard NATO vessels under variable and physically demanding conditions, including the capability to lift and carry equipment weighing up to 20 kilograms.

Desirable qualifications and experience
- Knowledge and experience of working with NCI Agency.
- Knowledge and experience of working within policy, procedures, and organization of NATO CIS.
- Knowledge and experience with agile implementation methodology.
- Familiarity with deployable CIS (Communications and Information Systems) environments.

Language Proficiency
- Level 3 English language skills according to NATO STANAG 6001: Listening (3); Speaking (2); Reading (3); and Writing (2) or according to Common European Framework of Reference for Language level B2-C1/Upper Intermediate-Advanced level).