About This Position
Marine Corps Community Services (MCCS) is looking for the best and brightest to join our Team! MCCS is a comprehensive program that supports and enhances the quality of life for Marines, their families, and others in the Marine Corps Community. We offer a team oriented environment comprised of military personnel, civilian employees, contractors and volunteers who keep the organization functioning smoothly and effectively.
Qualifications
Bachelor's Degree in Information Technology or Business related field appropriate to the work of position AND four years of experience performing specific tasks within hands-on security assessment, quality assurance, PCI DSS experience, or cybersecurity (CY): OR an appropriate combination of education and experience that demonstrates possession of knowledge and skill equivalent to that gained in the above, OR appropriate experience that demonstrates that the applicant has acquired the knowledge, skills, and abilities equivalent to that gained in the above. Certification at the DoW 8140.01 Advanced level (i.e. Certified Information Systems Security Professional (CISSP) or other Advanced certification) is required or equivalent level education and appropriate experience with DoW system security and cybersecurity / information assurance (IA) policy and procedures.
As an authorized and privileged user of Department of War Information Systems, must fulfill the requirement to complete Cybersecurity Awareness training as a condition of access within six months of employment, and must be completed annually thereafter. Expertise in: -Enterprise vulnerability and risk management across cloud and containerized environments, including assessment oversight, remediation validation, and executive-level reporting. -Security control validation and compliance governance aligned with DISA STIGs, RMF, DoD Cloud SRG, FedRAMP, and NIST frameworks for IaaS, PaaS, and SaaS systems. Proficient in / Experience with: -RMF and cybersecurity authorization activities for cloud-hosted, virtualized, and traditional systems, including policy development, documentation, and coordination with DoD and FedRAMP-authorized services. -Cybersecurity program leadership spanning vulnerability assessment, incident response, compliance reporting, and project management within USMC/USN enterprise environments.
Broad Knowledge of: -Enterprise security architecture and operations, including coding, networking, system administration (Windows/Linux), container security, patch/configuration management, and incident response across on-prem and cloud native environments. -DoD / DON / USMC and industry cybersecurity frameworks, including DoDI 8500.01/8510.01, NIST SP 800-series, DevSecOps security guidance, container hardening PCI DSS, and RMF/authorization support tools.
Major Duties
Serves as the Information Systems Security Manager (ISSM) for the MCCS Cloud Enclave (MCE) and Operation StormBreaker, the USMC Software Factory supporting Department of War (DoW) and federal customers. Acts as the appointed ISSM for the Rapid Assess and Incorporate Software Engineering (RAISE) Platform of Choice (RPOC) environment and associated enterprise cloud systems. Provides authoritative cybersecurity leadership to enable secure, agile, and continuous delivery of applications and services in support of the warfighter, while ensuring compliance with the Risk Management Framework (RMF) and applicable DoW, USMC, and federal cybersecurity policies.
Leads security governance, assessment, authorization, and continuous monitoring activities for current and future systems, platforms, applications, and supporting infrastructure. Assesses cybersecurity requirements into Agile and DevSecOps pipelines, ensuring security is embedded throughout the system and software development lifecycle without degrading operational tempo. Directs and manages compliance with FISMA, PCI DSS, NIST SP 800-series publications, FIPS standards, DoD 8570/8140, NAFi, and USMC cybersecurity directives.
Oversees assessment and authorization (A&A) activities, including development and maintenance of System Security Plans (SSPs), risk assessments, security control documentation, and continuous monitoring artifacts for cloud-hosted, containerized, networked, and stand-alone systems. Provides enterprise cybersecurity oversight for MCE systems worldwide, including retail point-of-sale platforms, e-commerce applications, supporting business systems, and associated infrastructure. Coordinates cybersecurity audits, vulnerability assessments, and risk mitigation activities.
Ensures accurate and timely compliance reporting to PCI Security Standards Council-approved entities, including Reports on Compliance (ROC), Approved Scanning Vendor (ASV) reports, and Reports of Validation (ROV), as applicable. Acts as the principal security compliance authority and internal auditing function for RMF, FISMA, and PCI efforts. Develops enterprise validation protocols, administers security and vulnerability scanning tools, tracks remediation activities, and ensures sustained compliance across the system lifecycle.
Researches and resolves complex cybersecurity, risk, and compliance issues in collaboration with subject matter experts. Ensures information ownership responsibilities are established and enforced for all systems, including access approvals, accountability, and special handling requirements. Coordinates security testing, evaluation, verification, authorization, and periodic reviews in accordance with HQMC C4 policy and applicable classification guidance.
Reports directly to the Chief Technology Officer (CTO). Collaborates with system owners, developers, project managers, service providers, HQMC C4/CY staff, and other USMC and DoW organizations to implement cybersecurity requirements effectively. Develops and delivers cybersecurity, RMF, and compliance training to technical and non-technical personnel.
Maintains required professional certifications in accordance with DoW 8140.01 at the Advanced level. Provides senior-level briefings to leadership as required. Delivers world-class customer service, adheres to safety and Equal Employment Opportunity (EEO) principles, and performs other related duties as assigned.
Occasional travel may be required.
Conditions of Employment
EVALUATIONS:
How You Will Be Evaluated
Your application/resume and supporting documentation will be used to determine whether you meet the job qualifications listed on this announcement. This vacancy will be filled by the best qualified applicant as determined by the selecting official.
Additional Information
GENERAL INFORMATION: Applicants are assured of equal consideration regardless of race, age, color, religion, national origin, sex, GINA, political affiliation, membership or non-membership in an employee organization, marital status, physical handicap which has no bearing on the ability to perform the duties of the position. This agency provides reasonable accommodations to applicants with disabilities. If you need a reasonable accommodation for any part of the application and hiring process, please notify the agency.
The decision on granting reasonable accommodation will be on a case-by-case basis. It is Department of Navy (DON) policy to provide a workplace free of discrimination and retaliation. The DON No Fear Act policy link is provided for your review: https://www.secnav.navy.mil/donhr/Site/Pages/No-Fear-Act.aspx As part of the employment process, Human Resources Division may obtain a Criminal Record Check and/or an Investigative Consumer Report.
Employment is contingent upon the successful completion of a National Agency Check and Inquiries (NACI). For all positions requiring access to firearms or ammunition, the Federal Government is prohibited from employing individuals in these positions who have ever been convicted of a misdemeanor crime of domestic violence, or a felony crime of domestic violence adjudged on or after 27 November 2002. Selectees for such positions must submit a completed DD Form 2760, Qualification to Possess Firearms or Ammunition, before a final job offer can be made.
Direct Deposit of total NET pay is mandatory as a condition of employment for all appointments to positions within MCCS. Required Documents: *Education/certification certificate(s), if applicable. *If prior military, DD214 Member Copy This activity is a Drug-free workplace. The use of illegal drugs by NAF employees, whether on or off duty, cannot and will not be tolerated.
Federal employees have a right to a safe and secure workplace, and Marines, sailors, and their family members have a right to a reliable and productive Federal workforce. Involuntarily separated members of the armed forces and eligible family members applying through the Transition Assistance Program must submit a written request/statement (may be obtained from the MCCS Human Resources Office) and present ID card with "TA" stamped in red on front of card. INDIVIDUALS SELECTED FROM THIS ANNOUNCEMENT MAY BE CHANGED TO PART-TIME OR FULL-TIME AT MANAGEMENT'S DISCRETION WITHOUT FURTHER COMPETITION.
ALL ONLINE APPLICATIONS MUST BE RECEIVED BY 1159PM EASTERN TIME (ET) ON THE CLOSING DATE LISTED IN THE JOB POSTING.
How to Apply
All applications must be submitted online via the MCCS Careers website. Resumes/applications emailed or mailed will not be considered for this vacancy announcement. Resumes with personal photographs will not be considered for this vacancy announcement. To be considered for employment, the application or resume must be submitted online by 11:59 PM (ET) on the closing date of the announcement.
Note: To check the status of your application or return to a previous or incomplete application, log into your MCCS user account and review your application status.
Required Documents
Varies - Review "OTHER INFORMATION"