Infrmation Systems Security Analyst

Infrmation Systems Security Analyst

Vacancy expired!

ASD is seeking a Information Systems Security Engineer to support its DoD Contract.
Responsible for ensuring the appropriate operational security posture is maintained within the Command Naval Installation Command (CNIC) Service Delivery Point (SDP). Responsible for all certification and accreditation activities required in Risk Management Framework to obtain and maintain Authority To Operate (ATO). Candidate must have TS clearance.

• Primary support for the SDP enterprise compliance and RMF package support to include (3) NIPR packages and (1) SIPR package.
• Primary support and performance of annual security reviews, annual testing of security controls, and annual testing of the contingency plan, in line with FISMA requirements.
• Primary support for ensuring guidelines (e.g., STIGs/SRGs)
• Primary support for maintaining Vulnerability Remediation Asset Manager (VRAM) compliance reporting for all assets within SDP accreditation boundary
• Primary on all documentation tasking.
• Primary support to verify all software is approved and in good standing in DON Application and Database Management System (DADMS). Will be required to submit Last Day Approved (LDA) extensions prior to software expiring
• Provide overall tracking and reporting of cybersecurity postures (accreditation status of infrastructure and systems, HBSS, and ACAS reports)
• Ensure proper configuration management procedures are followed prior to implementation and contingent upon necessary approval via CMB/CCB
• Ensure software/hardware are approved in DON Application and Database Management System (DADMS) prior to installation and contingent upon necessary approval via CMB/CCB
• Ensure IA and IA-enabled software, hardware, and firmware comply with appropriate security configuration guidelines.
• Initiate protective or corrective measures, upon discovery of a security incident or vulnerability
• Interface with and provide security guidance to system administrators to include providing cybersecurity briefs and/or training to an organization
• Assist the CISSM in executing their duties and responsibilities as needed.
• Work with CISSMs or designated personnel during Command Cyber Readiness Inspections (CCRI)

• Working knowledge of DoD and Navy security policies and procedures.
• Working Knowledge of industry standards including but not limited to: Defense Information System Agency (DISA) Security Technical Implementation Guide (STIGs), NIST 800 Series, NIST Cybersecurity Framework and CIS Benchmarks
• Working knowledge on Assured Compliance Assessment Solution (ACAS) /Security Center
• Must previous experience on Risk Management Framework (RMF)
• Must have previous experience with Navy eMass
• Must have TS clearance
• Working knowledge of STIG viewer
• Working knowledge vulnerator and/or eMaster
• Excellent written and verbal communication skills.
• Excellent organizational skills
• Attention to details
• Ability to work in fast pace environment with constant changes to environment
• Familiar with DISA STIGs and ability to assess compliance.
• Familiar with VRAM (Vulnerability Remediation Asset Manager)
• Ability to work as the enterprise focal point for all Cybersecurity matters.
• Ability to interface with system administrators across various site locations.
• Ability to assist the CISSM with the Monitoring, Reporting, ASR, CCRI.

• Bachelor's degree in Information Systems, Computer Science, or Mathematics, Engineering, related field
• 6+ years of experience
• 6 + years’ experience providing support for implementing, and enforcing information systems security policies, standards, and methodologies.
• Understanding of Risk Management Framework (RMF), NIST, ICD, and CNSS standards.
• Experience with DoD Risk Management Framework (RMF)
• Experience using Assured Compliance Assessment Solution (ACAS) Software suite
• Experience Navy Enterprise Mission Assurance Support Service (eMass)
• Experience with Vulnerability Remediation Asset Manager (VRAM)
• TS clearance required
• Must be DoD 8570 compliant at IA Technical (IAT)/IA Management (IAM) Level 2 by possessing one of the following certifications: CCNA Security, CySA+, GICSP, GSEC, Security+, CND, SSCP - CAP, CASP, CISM, CISSP, GSLC, CCISO, HCISPP