IA Security Specialist

CommIT Enterprises, Inc

About The Position

CommIT Enterprises, Inc. is seeking a IA Security Specialist to provide Information Systems Security support for enterprise network assets. A strong understanding of DoD STIG/ IAVA and compliance processes are necessary in order to be successful in this position. Assured Compliance Assessment Solution (ACAS) is the primary tool used to facilitate a compliant and secure network. The auditing environment consists of Cisco Identity Service Engine (ISE), SolarWinds, Marine Corps Database (MCD), Operational Directive Reporting System (OPDRS), RedSeal, DISA STIG Viewer, Marine Corps Compliance and Authorization Support Tool (MCCAST) and vulnerability scanning tools such as ACAS. Auditing compliance aligns with Defense Information Systems Agency (DISA) Secure Technical Implementations Guides (STIGs). Established in 2001, CommIT is a Certified Veteran-Owned Small Business (CVOSB) providing innovative technical engineering and data science services. Our enterprise systems support includes the Department of Defense’s (DoD) GCSS-MC, CAC2S, TBMCS-MC, and the Department of Veteran’s Affairs’ (VA) telehealth communications. We offer acquisition management, systems engineering, Agile software development, cloud management, IT modernization, data analytics, cybersecurity, and training, including leading-edge DevSecOps, automated testing, and mobile application development.

Requirements

DoD 8570 IAT II Level Certification Required (CCNA-Security, CySA, GICSP, GSEC, Security+CE, SSCP)
High-level familiarity with Vulnerability Management tools such as ACAS and SCAP.
A Cyber Security Team team-player contributing to policy development, RMF package accreditation requirements

Nice To Haves

Background as an Information Systems Security Officer
Strong systems security mindset
Very detailed oriented with strong written and oral communication skills.

Responsibilities

Conduct vulnerability scans on a regularly scheduled basis, and ad hoc, as directed.
Provide a regularly updated list of systems scanned and individual scan results.
Coordinate scans with respective system owners.
Provide scan results to system engineers for mitigation efforts.
As required, work directly with system engineers to clearly identify changes.
Maintaining configuration items and executing functions on vulnerability management platform, to include ACAS, Nessus, STIG Validation Scans and Manual Checks.
Creating essential documentation (procedures, scanning reports, remediation reports, etc.), providing analysis and metrics on vulnerabilities, and driving remediation of vulnerabilities throughout the organization.
Serve as a subject matter expert for vulnerability scanning and STIG Compliance procedures, ACAS 5.4 or higher execution/operation.
Assist with STIG viewer answers.
Assist with the development of Risk Management Framework (RMF) plans.
Assist with Security Content Automation Protocol (SCAP) scans to validate compliancy.
Be able to assist with DODI 8500.2 IA Controls and reciprocity.
Attend meetings and provide recommendations concerning Risk Management and mitigation efforts for organizational assets.
Ability to develop and maintain metrics and reports on vulnerability findings and remediation compliance.
Facilitate proactive remediation of new vulnerabilities by collecting information from threat and vulnerability feeds, analyzing the impact/applicability to our environment and communicating applicable vulnerabilities and recommended remediation actions to the impacted teams.
Provide technical support to system and technology owners to propose mitigation and remediation solutions.
Document config deviations; validate against tickets and RFMs.
Provide assistance with Marine Corps Compliance and Authorization Support Tool (MCCAST) package preparation and review.