Cyber Security Analyst- ISSO

About The Position

Requirements

• Must possess an active Top Secret/SCI clearance
• 5-8 years of cybersecurity experience
• Must currently hold a DoD 8570-compliant IAT II certification (SSCP or Security+CE with appropriate CE/OS certificate), and IAM II certification (CAP or CASP CE) or be able to obtain within six months CE/OS certificate may include Windows or Linux
• Experience with System Security Plans (SSPs), POA-Ms, ACAS/Nessus, SCAP, and DISA STIGs
• Experience with Risk Management Framework (RMF) processes
• Have developed communication skills and the ability to express thoughts and ideas clearly and concisely
• Must be a team player, dedicated to program support, capable of multitasking and working several complex and diverse tasks with simultaneous, or near simultaneous, deadlines
• Be a self-starter who is accountable and requires minimal direction and supervision
• Be open to new and innovative ideas
• Must be able to be appointed ISSO for NCS systems within 6 months of employment
• SRC IS A CONTRACTOR FOR THE U.S. GOVERNMENT, THIS POSITION WILL REQUIRE U.S. CITIZENSHIP AS WELL AS, A U.S. GOVERNMENT SECURITY CLEARANCE AT THE TOP SECRET LEVEL

Nice To Haves

• Extensive training or experience with Windows and UNIX based information systems standards with a working knowledge of networking devices
• Knowledge of configuration of various SQL databases, including MS SQL, PostgreSQL, MongoDB, MariaDB, MySQL, and Elasticsearch
• Knowledge of web servers, including Apache Web Server, Apache Tomcat, Red Hat JBOSS, nginx, and MS IIS
• Knowledge of VMWare ESXi
• Knowledge of data flows and the ability to work up readable network topology and data flow diagrams
• Experience with NAVINTEL IA and NSA enterprise services: continuous monitoring
• Experience with the following systems/platforms/tools: XACTA, XACTA 360 (preferred), eMASS, HBSS, ACAS, Nessus, and SPLUNK

Responsibilities

• Developing and updating assessment and authorization documentation (Body of Evidence) for management and continuous monitoring of information systems
• Performing ongoing compliance assessments using tools, such as Assured Compliance Assessment Solution (ACAS), Secure Content Automation Protocol (SCAP), and McAfee Virus Scan Enterprise while reviewing, documenting, and maintaining all results
• Verifying patches and virus definitions to the systems using existing automated tools
• Adhering to pre-defined configuration management and change management policies and procedures for authorizing software prior to its implementation on systems
• Performing security audits using to track multiple events including any signs of inappropriate or unusual activity, intrusion events, data transfers, etc.
• Performing security assessments of NCS Family of Systems in accordance with NIST, Navy, NSA, and NAVINTEL IA guidance
• Working with system engineers to take corrective action to resolve identified problems
• Performing Site Based Security Assessments (SBSAs) of systems and recommending authorization to the Designated Authorizing Official (DAO) as a certified trusted agent
• Reporting security incidents in accordance with the Command Incident Response Plan (CIRP)
• Ensuring systems are operated, used, maintained, and disposed of in accordance with all applicable security policies and practices

Benefits

• SRC offers a generous benefit package, including medical, dental, and vision plans, 401(k) with a company match, life insurance, vacation and sick paid time off accruals starting at 10 days of vacation and 5 days of sick leave annually, 11 paid holidays, tuition reimbursement, and a work environment that encourages excellence and more.