Individual will guide and advise on all matters involving the Risk Management Framework (RMF), Assessment and Authorizations (A&A) and day-to-day security.
Analyst will work closely with government and IA Team to support Authorization to Operate (ATO) accreditation conditions and requirements.
Conduct network security reviews that include validation of DISA's Security Technical Implementation Guide (STIG), network security policy, requirements and design.
Managing and documenting A&A projects using Enterprise Mission Assurance Support Service (eMASS) A&A workflow platform.
Advise, conduct and document risk assessments, development of System Security Plans (SSP), Plans of Action and Milestones (POA&M) and security policies and procedures
Provide guidance in the implementation of security controls, doctrine and policies.
Implement information assurance (IA) and security standards and procedures to identify, report and resolve security violations.
Establish and satisfy IA and security requirements based upon user, policy, regulatory, and resource demands.
Integrate and implement computer system security solutions. Analyze general IA related technical problems and support in solving these problems.
Perform various automated and manual testing, examination, scanning, interviewing, and discovery techniques to identify, validate, and assess system vulnerabilities.
Basic Qualifications
Active DoD Secret clearance
DoD 8570 IAT II
BS degree and 8-12 years of prior relevant experience. Additional experience may be considered in lieu of degree.
RH – Linux OS, or Windows OS, or Cisco experience
Must possess excellent writing and communication skills; have the ability to develop documentation and management level presentations.
Candidate is expected to have technical knowledge and skills in one of the following areas: System Administration, network engineering, applications, and security operations.
Demonstrate potential and willingness to learn and adapt to rapid changes in technology.
Preferred Qualifications
PMP Certification
Experience in performing risk assessment, IT audits, security planning, systems accreditation and policy development.
Experience complying with DoD regulations and preparing for responding to information security audits and questionnaires.
Understanding of related information technology (e.g. firewalls, VPN, virtualization, DLP, etc) and physical security assets.
Understanding of basic networking, routing and transport security technologies and architectures
Knowledge of domain structures, user authentication, data encryption, access audits and end-user security best practices.
Experience with UNIX/LINUX OS and any scripting language.