Cyber Sec Analyst - ISSO

About The Position

Requirements

• Must possess an active Top Secret clearance
• A minimum of five (5) years of cybersecurity experience
• Must currently hold a DoD 8570-compliant IAT II certification (SSCP or Security+CE with appropriate CE/OS certificate), and IAM II certification (CAP or CASP CE) or be able to obtain within six months
• CE/OS certificate may include Windows or Linux
• Experience creating complete ATO packages using Risk Management Framework process
• Experience with eMASS, SSPs, POA&Ms, VRAM, ACAS/Nessus, XACTA, SCAP, SCC Tool, Benchmarks, and STIG Viewer
• Successfully complete a NCIS Polygraph within one year of employment
• Developed communication skills and the ability to express thoughts and ideas clearly and concisely
• Be a team player, dedicated to program support, capable of multitasking and working several complex and diverse tasks with simultaneous or near simultaneous deadlines
• Be a self-starter who is accountable and requires minimal direction and supervision
• Be open to new and innovative ideas
• Must be able to be appointed ISSO for NCS systems within six months of employment

Nice To Haves

• Bachelor's degree in information systems, computer science, or similar
• AWS Certified Cloud Practitioner
• Ability to create and modify authorization boundary and data flow diagrams using Microsoft Visio
• Knowledge of container security, ability to assess container hardening per NIST 800-190, experience assessing container hosting environments, and knowledge of container and code analysis tools such as JFrog Xray, Trivy, and SonarQube
• Knowledge of GovCloud, Navy Cloud policies and DISA Cloud Computing Security Requirements Guide
• Experience in a Linux environment is preferred
• Experience with WSUS, YUM

Responsibilities

• Performing monthly compliance assessments using tools, such as Assured Compliance Assessment Solution (ACAS), Collaborative Computing Security Services (CS2) audit files, Secure Content Automation Protocol (SCAP), and McAfee Virus Scan Enterprise, reviewing, documenting, and maintaining all results
• Verifying patches and virus definitions to the systems using existing automated tools
• Adhering to predefined configuration management and change management policies and procedures for authorizing software prior to its implementation on systems
• Ensuring that audit trails (system logs) are reviewed as required; audit records will be maintained for future reference
• Assessing NCS family of systems in accordance with NIST, NSA and NAVINTEL IA guidance
• Recommending authorization of systems to the Designated Authorizing Official (DAO) as a certified trusted agent
• Reporting security incidents in accordance with the command's incident response plan
• Ensuring systems are operated, used, maintained, and disposed of in accordance with all applicable security policies and practices

Benefits

• SRC offers a generous benefit package, including medical, dental, and vision plans, 401(k) with a company match, life insurance, vacation and sick paid time off accruals starting at 10 days of vacation and 5 days of sick leave annually, 11 paid holidays, tuition reimbursement, and a work environment that encourages excellence and more.