Sentar Inc.

• Provide key services to a government client as RMF & ISSM Support Specialist • Complete RMF packages (Security Plans, Annual Security Reviews, Authorizations, POA&Ms, etc.) • Conduct continuous monitoring of assigned systems • Provide relevant cyber security expertise to ongoing programmatic lines of effort • Engineer IAM solutions including RBAC, ABAC, MFA, least-privilege, and PAM across cloud and application environments • Embed security into CI/CD pipelines per the DoD DevSecOps Reference Design, automating SAST, DAST, SCA, container image scanning, and STIG compliance validation • Implement data protection strategies including encryption at rest/in transit and cryptographic key management (AWS KMS, Azure Key Vault) • Review and validate authorization boundary diagrams, architecture/data flow diagrams, hardware/software inventories, IP/subnet assignments, and Med-COI Zone taxonomy artifacts • Serve as senior technical security advisor to program leadership, IPTs, and government stakeholders through engineering review boards and architecture working groups

• Provide overall leadership and management of a large, complex cybersecurity task order supporting enterprise vulnerability management operations. • Serve as the primary liaison to Government leadership, including the KO, COR, and DLA J6 program management staff. • Assist the Program Manager (PM) in coordinating contract activities with government stakeholders, including cybersecurity leadership, program offices, and system owners. • Ensure contract deliverables, schedules, and technical requirements are executed in accordance with performance objectives. • Develop and maintain the Task Order Management Plan outlining the technical approach, organizational resources, and management controls required to execute the Performance Work Statement (PWS). • Provide planning, direction, coordination, and control necessary to accomplish all contract tasks. • Manage the execution of project phases. • Verify and validate level of effort and deliverables across all assigned tasks. • Oversee activities supporting the Cybersecurity Web/Application Vulnerability Management branch responsible for identifying, analyzing, and mitigating vulnerabilities across DLA IT, Cloud, and OT environments. • Provide oversight of vulnerability assessment activities and cybersecurity engineering recommendations supporting enterprise risk reduction. • Oversee preparation and submission of required contract reports. • Monitor project performance, identify risks, and implement corrective actions when necessary. • Conduct Integrated Project Reviews (IPRs) with stakeholders to review project status, technical progress, and operational challenges. • Lead and supervise a multidisciplinary cybersecurity workforce supporting vulnerability assessment and cybersecurity engineering activities. • Maintain appropriate staffing levels and skillsets required to meet contract requirements. • Implement program management controls to ensure the quality and timeliness of all deliverables.

• Provide CS engineering support for the planning, design, development, testing, and integration of DLA information systems. • Analyze system architectures and infrastructure to identify CS risks and recommend improvements to system security design. • Integrate CS engineering principles into enterprise IT, cloud environments, and OT systems. • Support secure system architecture development and CS engineering documentation. • Conduct vulnerability assessment and risk analysis. • Conduct CS vulnerability assessments across DLA IT, Cloud, and OT environments. • Evaluate system configurations and architectures to identify potential vulnerabilities and security weaknesses. • Perform risk assessments to determine the likelihood and impact of identified CS threats. • Develop mitigation strategies and technical recommendations to reduce system risk and improve CS posture. • Provide information assurance engineering support. • Perform analysis of existing and emerging information systems to evaluate compliance with DoD and federal CS policies. • Conduct CS assessments and security test and evaluation activities to validate compliance with CS standards. • Support CS engineering reviews for both classified and unclassified information systems. • Provide technical analysis of proposed CS policies and assess their impact on system architectures and security operations. • Conduct CS compliance and security control validation. • Evaluate compliance of DLA systems with CS policies, standards, and regulatory requirements. • Identify areas of non-compliance and recommend remediation actions. • Support implementation of security controls aligned with enterprise CS architecture. • Assist with development and maintenance of CS standards, guides, and implementation documentation. • Provide CS documentation and reporting. • Develop CS engineering documentation including risk assessment reports, architecture assessments, and security engineering analyses. • Produce implementation documentation and technical reports supporting CS engineering efforts. • Document vulnerability findings and recommended mitigation strategies. • Provide status updates and technical reports supporting project activities and CS operations. • Evaluate CS risks associated with DLA OT environments including industrial control systems and facility-related control systems. • Assess OT system architecture, network configurations, and system interfaces for potential vulnerabilities. • Provide CS engineering recommendations for OT system protection and risk mitigation.

• Support the integration and administration of Trellix, ACAS, and Burp Suite tools • Ensure comprehensive vulnerability management and compliance monitoring in alignment with JFHQ-DODIN TASKORD 20-0020

• Assist in the post-construction cybersecurity hardening of ICS/OT systems, including PLCs, SCADA, Security Systems, Fire Alarms, Electrical Panels, HVAC, and other control system components. • Implement security controls and configurations in accordance with UFGS 25 05 11 requirements, including hardening operating systems to configure system boundary protection, access control, and audit logging. • Run Security Content Automation Protocol (SCAP) scans to assess system compliance and identify vulnerabilities in ICS/OT environments. • Apply DISA Security Technical Implementation Guides (STIGs) to harden operating systems, applications, and network devices within control system architectures. • Conduct vulnerability assessments and risk analyses on control systems using various automated and manual techniques to identify and mitigate potential security gaps. • Collaborate with architecture and engineering teams to ensure cybersecurity measures are integrated into system designs both pre and post-construction. • Support the development, documentation, and submission of System Security Plans (SSPs), Risk Management Framework (RMF) artifacts, and compliance reports aligned with UFGS standards to achieve and maintain Authorization to Operate (ATO). • Utilize eMASS to input, track, and manage cybersecurity controls, vulnerabilities, and ATO packages under senior engineer guidance. • Perform security testing (e.g., system scans, penetration testing, configuration reviews) to validate hardening measures and ensure ATO readiness. • Stay up-to-date on emerging threats, vulnerabilities, and industry standards affecting ICS/OT environments.