Candidate should have a sound understanding of the DoD Risk Management Framework (RMF) required activities for the US Navy and USMC. Additionally candidates should be able to work and have knowledge of the organizations for the US Navy and USMC security organizations and personnel. In addition, the applicant must have: • Ability to create, assist and manage updating/maintaining A&A packages and required documentation. Documentation may include, but is not limited to, the System Architectures, Hardware/Software Lists, Topologies, Ports, Protocols, and Services (PPS), Security Plans, and Plan of Actions and Milestones (POAM). • Validate cybersecurity controls against anywhere from 200 to 1,000 different types of criteria, assuring systems meet an acceptable level of protection. • Assist in the development/management of annual compliance exercises and requirements. • Assist in the development/management of the Continuous Monitoring Strategy. • Update/Maintain cybersecurity related plans and policy, such as the Incident Response Plan (IRP), Backup and Restoration Plan (BRP), Configuration Management Plan, Continuity of Operations Plan (COOP) and Interconnection Agreements. • Review of system audit logs and alerts. • Perform Information Assurance Vulnerability Management (IAVM) for systems. • Experience with DoD cybersecurity management systems such as EITDR or eMASS. • Responsible for managing the requirements program, to include the creation/update of Cyber Needs Request Forms, and leading the Cyber Needs Review Board. • Basic Qualifications: -5+ years of experience with IT -Experience with the DoD C&A process and standards and network environment -Experience with system and network vulnerability analysis, risk assessment and risk mitigation analysis, contingency planning, or firewall policy, ports, and protocols -Knowledge of IA or INFOSEC concepts and requirements -IAT Level II Certification, including Security+ or above or IAM Level II Certification, including CISM, CISSP, or CASP Required Qualifications • Active Secret security clearance with the ability to obtain a TS/SCI security clearance required. • CISSP required; or must be able to obtain CISSP within 6 months of hire date. • Experience with DoD/AF/CNSS/RMF Policies, such as DoDI 8510. 01, NIST SP 800-37 and 800-53, CNSSI 1253. • Experience with the selection and tailoring of RMF security controls. • Experience with assessment tools such Nessus, Nexpose, Nipper Studio, or similar applications Demonstrated experience in three or more of the following areas: IA requirements and IA controls analysis; C&A requirements and processes; Risk and vulnerability assessment and risk mitigation analysis; Contingency planning; DISA circuit connection approval process; Cross-domain solutions; FIPS encryption requirements; Platform Information Technology (PIT) analysis; Requirements for classified data network operations; Requirements for NATO information processing; Network architecture design; C&A processes and related analysis requirements; System analysis, design, integration, security test and evaluation; Application requirements analysis, integration and testing; Design and implementing information assurance solutions; Establishing information assurance standards for information systems procedures; Managing enterprise-level functional and cross-functional requirements on information systems; Firewall Policy; and Ports, Protocols, and Services. Personnel are required to have and maintain a minimum SECRET security clearance, with some positions requiring up to TS/SCI.
Information Assurance Specialist
Five (5) years experience, including four (4) years of related IA and INFOSEC technical experience. Provides technical analysis for IA support and integration efforts. Performs analysis of C&A documentation for DOD or Navy RDT&E or operational systems, networks and applications, and Commercial Off-The-Shelf (COTS) INFOSEC product evaluation and related documentation. Minimum four (4) years experience in IA / C&A analysis support in IA controls analysis, conducting risk assessments, risk mitigation analysis, developing contingency plans.
Demonstrated experience in IA / INFOSEC concepts and requirements; knowledge of the DOD C&A process and standards; System / network vulnerability analysis; Risk assessment and risk mitigation analysis; Security Test and Evaluation (ST&E); Contingency planning; Firewall Policy; and Ports & Protocols. Personnel are required to have and maintain a minimum SECRET security clearance, with some positions requiring up to TS/SCI.
Primary Work Location: Various