The Information Security Analyst will work with the AFGSC Command Information Assurance Manager (IAM) as the Command Chief Information Security Officer (CISO) Agent. Duties include interpreting DoD IA policies and provide IA support for AFGSC/A2 systems following AFGSC, Air Force, DoD, FISMA, and NIST guidelines. Providing IA support for Certification and Accreditation on AFGSC systems including performing DIACAP (DoD 8510.01) activities. Reviews AIS security plans, identifies alternative functional IA security strategies to address organizational security concerns. Reviews security safeguards to determine that security concerns identified in approved policies, plans, and doctrine have been fully addressed. Develops and implements programs to ensure that systems, network, and data users are aware of, understand, and follow IA policies and procedures. This position may also perform Security Testing and Evaluation (ST&E) as well as directing remediation efforts, builds Residual Risk Reports and tracking POA&M. Receives assignments in the form of objectives and establishes goals to meet outlined objectives. Work is reviewed by management to measure meeting objectives and schedules. Works on problems of moderate scope where analysis of data requires an evaluation of various factors. Exercises independent judgment within broadly defined practices and policies in selecting methods, techniques and criteria for obtaining results. Ensures project schedules, and performance requirements are met.
The ideal candidate will be experienced in DoD and Air Force IA Certification and Accreditation procedures. This candidate will have practical experience with DIACAP (DoD 8510.01) activities and artifacts. They should be experienced building and maintaining DIACAP artifacts to include; System Security Plans, Incident Response Plans, Contingency Plans, Risk Management Plans and Vulnerability Management Plan. Knowledgeable in IA Best Practices related to the following technologies; Windows Server Operating Systems, Microsoft Database Management Systems, Microsoft Web Technologies, and Network Infrastructure, Hardware Virtualization, performing Security Test and Evaluation (ST&E), directing remediation efforts, building Residual Risk Reports and tracking POA&Ms.
CSSS.NET - 23 months ago