Cyber Security Analyst- ISSE

About The Position

Requirements

• Must possess an active Top Secret/SCI clearance w/CI Poly (or willing to sit for CI Poly)
• Must be able to be appointed ISSE for NCS systems within 6-months of employment
• Experience in validation of POA&Ms, ACAC/Nessus, Jfrog Xray, SCAP, DISA STIGs and general RMF artifacts
• Experience in applying STIG and security control hardening along with reverse engineering potential systematic operational functionality breaks with potential compensating risk management approaches
• 2-5 years of cybersecurity experience
• Experience with Risk Management Framework (RMF) processes
• Have developed communication skills and the ability to express thoughts and ideas clearly and concisely
• Must be a team player, dedicated to program support, capable of multitasking and working several complex and diverse tasks with simultaneous or near simultaneous deadlines
• Be a self-starter who is accountable and requires minimal direction and supervision
• Be open to new and innovative ideas

Nice To Haves

• Proficiency in a scripting language such as JavaScript, PHP, Python, Bash, Powershell, etc.
• Proven experience with container technologies (e.g., Docker, Podmon, Kubernettes)
• Familiarity with the CI/CD tools such as BitBucket, Jenkins, SonarQube, Artifactory, and JFrog Xray
• Experience developing custom automation scripts, specifically within a containerized CI/CD pipeline
• Experience with Amazon EKS or other container orchestration platforms
• Knowledge of data flows and the ability to work up readable network topology and data flow diagrams
• Experience with the following systems/platforms/tools: XACTA, XACTA 360 (preferred), eMASS, HBSS, ACAS, Nessus, SPLUNK
• Experience with NAVINTEL IA and NSA Enterprise Services, like Continuous Monitoring
• Knowledge of the following web servers: Apache Web Server, Apache Tomcat, Red Hat JBOSS, nginx, MS IIS
• Knowledge of VMWare ESXi
• Knowledge of configuration of the following SQL databases: MS SQL, PostgreSQL, MongoDB, MariaDB, MySQL, Elasticsearch
• Extensive training or experience with Windows and UNIX based Information Systems standards with a working knowledge of networking devices

Responsibilities

• Developing and updating assessment and authorization documentation (Body of Evidence) for management and continuous monitoring of information systems
• Performing ongoing compliance assessments using tools, such as Assured Compliance Assessment Solution (ACAS), Secure Content Automation Protocol (SCAP), and McAfee Virus Scan Enterprise, while reviewing, documenting, and maintaiining all results
• Verifying patches and virus definitions to the systems using existing automated tools
• Adhering to pre-defined configuration management and change management policies and procedures for authorizing software prior to its implementation on systems
• Performing security audits to track multiple events including any signs of inappropriate or unusual activity, intrusion events, data transfers, etc.
• Performing security assessments of NCS Family of Systems in accordance with NIST, Navy, NSA and NAVINTEL IA guidance
• Working with system engineers to take corrective action to resolve identified problems
• Performing Site Based Security Assessments (SBSAs) of systems and recommending authorization to the Designated Authorizing Official (DAO) as a certified trusted agent
• Reporting security incidents in accordance with the command incident response plan
• Ensuring systems are operated, used, maintained, and disposed of in accordance with all applicable security policies and practices

Benefits

• SRC offers a generous benefit package, including medical, dental, and vision plans, 401(k) with a company match, life insurance, vacation and sick paid time off accruals starting at 10 days of vacation and 5 days of sick leave annually, 11 paid holidays, tuition reimbursement, and a work environment that encourages excellence and more.