ACAS Administrator

CommIT Enterprises, Inc

3d•Onsite

About The Position

CommIT Enterprises, Inc. is seeking a ACAS Adminstrator to support the Customer in the design and implementation of Assured Compliance Assessment Solution (ACAS) solutions for all Client networks, support and train operators from other sites on how to operate the ACAS tools and operate and maintain the ACAS solution across all client networks. They will also support network and application scanning and configuration assessments that are conducted at the Client site. Established in 2001, CommIT is a Certified Veteran-Owned Small Business (CVOSB) providing innovative technical engineering and data science services. Our enterprise systems support includes the Department of Defense’s (DoD) GCSS-MC, CAC2S, TBMCS-MC, and the Department of Veteran’s Affairs’ (VA) telehealth communications. We offer acquisition management, systems engineering, Agile software development, cloud management, IT modernization, data analytics, cybersecurity, and training, including leading-edge DevSecOps, automated testing, and mobile application development.

Requirements

Knowledge and experience with ACAS SC, Nessus Vulnerability Scanners (NVS), and RHEL.
Possesses understanding and experience with common cybersecurity toolsets and processes to include STIGs, CAS, IAVA Management and Implementation, and Operation Order (OPORD)/Fragmentary Order (FRAGO) support.
DoD 8570 IAT III or IAM II (CISA, GSE, SCNA, or CISSP [or Associate], CAP, GSLC, CISM)
4+ years ACAS and/or Nessus experience
Experience with virtualized environments (vSphere, ESXI)
ACAS 5.4 or higher
ACAS Operating System experience
Active DoD – Secret

Nice To Haves

Red Hat Enterprise Linux (RHEL) experience
Scripting (Nessus Attack Scripting Language (NASL), Python, Bash)

Responsibilities

Build and configure all new Security Centers (SC) and Scanners.
Ensure each region is scanning 100% of the area of responsibility.
Ensure standardization from one SC to another i.e. repository naming and structure, scan configuration enforcement.
Assess current ACAS implementations for each of the Government networks and recommend changes.
Document the steps required to design the ACAS solution for each of the MCEN networks to include IP address, Fully Qualified Domain Name, and physical location of each component.
Create network diagrams of the designs with Microsoft Visio (including list of hardware and software requirements).
Create reporting dashboard designs and reports for each environment that are specific to the following audiences: Leadership & Executives; Cybersecurity Staff; and System Administrators.
Implement the Reporting Dashboard designs and use reporting tool to create reports.
Maintain both the operating system and the Tenable application by updating and patching in accordance with Client requirements.
Ensure STIGs applicable to each network environment for all ACAS implementations are implemented.
Ensure any-and-all scans conducted cover 100% of intended assets and are being run successfully, i.e. credentialed access.
Maintain the Nessus scanners, Agents and PVS's connectivity with the associated Security Center (SC).
Ensure SC is being updated either manually, via professional feed, or via a Government hosted feed.
Address unsuccessful updates of the SC and scanners, and identify the root cause of the unsuccessful update (corrected within four hours of discovery).
Ensure anomalous activity identified by the PVS on each subnet/VLAN is reviewed and tasked to the incident handler, as appropriate, within two hours of identification of the anomalous activity.
Develop and/or update the Standard Operating Procedures (SOP) to support each of the Client’s ACAS solutions.