Information Assurance Analyst - DOD

About The Position

Requirements

• Must have 4, or more, years of general (full-time) work experience. May be reduced with completion of advanced education
• Must have 2, or more, years of cyber security experience.
• Must have a high level of understanding for computer systems, operating systems, and network architecture.
• Must have a firm understanding and experience with Microsoft Office Suite.
• Must have experience with Configuration Management processes and workflows.
• Must have a current DoD 8570 IAT Level II certification (Security+ CE).
• Must have an active DoD Secret Security Clearance

Nice To Haves

• Have experience with conducting system and log auditing.
• Have experience with endpoint security enforcement and validation.
• Have experience with vulnerability management.
• Have experience with eMASS.
• Be familiar with Security Controls Traceability Matrix (SCTM).

Responsibilities

• Develop and provide RMF Assessment and Authorization (A&A) documentation in accordance DoD, NIST, and other governing documents.
• Maintain the current, approved Authorization to Operate (ATO) for assigned system.
• Gather and/or develop any needed A&A artifacts.
• Update artifacts as required ensuring that they are current and document findings in the approved Risk Management Framework (RMF) or similar A&A documentation format provided.
• Assist with monitoring and the implementation of security controls.
• Perform work within incident management, response, and response coordination.
• Gathering artifacts/data to support cybersecurity metrics and reporting.
• Utilize cybersecurity tools (ACAS, STIG, Trellix ePO, Elasticsearch) to perform verification of operation in accordance with requirements.
• Perform accurate and verified risk assessments that cover all of the security controls and policies for key stakeholders.
• Track, monitor, and manage the information system’s Plan of Action and Milestones (POA&M) and provide technical assistance as required.
• Analyze, verify and update PPSMs as required for programs.
• Provide artifacts that support the maintenance of security packages.
• Evaluate NIST 800-53 controls for applicability, generate implementation statements, and get implementations approved.
• Prepare documents in support of Control Validation Tests (CVTs) to confirm compliance of ATOs submitted for RMF packages.
• Perform security audits and vulnerability assessments and develop documentation and reports.
• Develop policies, plans and procedures, including Incident Response, Disaster Recovery/Continuity of Operations and Cybersecurity Implementation Plans.

Benefits

• Medical/Dental/Vision insurance programs
• Life insurance
• Matching 401k contribution
• Educational/Training support