6-8 years of experience in the IT field or in a related area supporting internal and/or external networks with a focus on Information Assurance.
Establishes and satisfies complex system-wide information security requirements based upon the analysis of user, policy, regulatory, and resource demands. Supports customers in the development and implementation of doctrine and policies. Applies know-how to enterprise and special purpose systems requiring specialized security features and procedures. Assist in the development of guidance and procedures to identify vulnerabilities, and to assess potential security violations or problems. Install, test, monitor and document complex architectures and component configurations relating to Information Assurance and Security products and solutions. Specific tasks may include:
Maintain a current Department of Defense Information Assurance Certification and Accreditation Process (DIACAP) and repository of all documents required for CandA of client systems/networks.
Analyze and transform operational and security needs into solutions while remaining compliant with regulations, policies and procedures.
Perform monthly Secure Configuration Compliance Validation Initiative (SCCVI) and Retina Scans to assess the status of the networks.
Upload scan results into the Vulnerability Management System (VMS) and provide VMS reports.
Create Plan Of Action and Milestones (POAM) for new systems and input POAM data into VMS.
Perform routine Security Technical Implementation Guide (STIG) checks on assets to ensure compliance.
Perform Defense Information Systems Agency (DISA) Gold Disk on servers and workstations to identify and analyze compliancy level.
Assess compliancy and provide mitigation of the requirements of the DIACAP IA controls.
Create required security documentation.
Bachelors of Science Degree or its equivalent or 10 years of experience
Expertise in Network management, Server(physical/virtual) management, Storage (SAN/NAS) Management, IOS device management, MS Active Directory/Exchange Email management, or Operating Systems (VMware, Windows Server,Linux, Solaris, Mac OS X) Management.
Strong working knowledge of the DISA Gold Disk, VMS, Secure Configuration Compliance Validation Initiative (SCCVI), and Information Assurance Vulnerability Management (IAVM) alerts.
In-depth knowledge of a broad range of InfoSec disciplines to include e automation concepts, methodologies, systems, and technologies.
Knowledge of IA policies, procedures and regulations such as DOD IA Directives 8500.1 and 8500.2 as well as DoDI 5200.40 and DOD 8510.2.
Expertise in DoD policies, procedures, regulations, directives and requirements related to information security.
Security Clearance:Secret Security Clearance required, Top Secret desired
IAT Level II
Certification in one or more computing ornetwork system environments (e.g. MCP, CCNA, etc.
Security+ within the past 3 years (or ability to obtain within 30 days of hire) - minimum
Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), GIAC Information Security Fundamentals (GISF), or GIAC Security Leadership Certification (GSLC). - desired
- 3 years ago - save job