Information Assurance Analyst

About The Position

Requirements

• Bachelor’s degree and two to four (2-4) years of experience is required.
• In lieu of degree, four (4) years of DoD experience or a DoD 8570/5239 IAT Level 2 Certification (Security + CE, AP, CCNA or ENSA) is acceptable in lieu of a degree.
• Experience with vulnerability analysis and tools such as Nessus/ACAS is required.
• Knowledge of RMF and/or ATO process is required.
• Experienced with STIG review and mitigation creation.
• An active DoD Secret clearance is required to start. A Top Secret Clearance will be required. Applicant selected may be subject to a security investigation and must meet eligibility requirements for access to classified information.

Nice To Haves

• Experience with threat hunting activities.
• Experience with log analysis.
• Knowledge of PowerShell scripting.

Responsibilities

• Support IA related vulnerability analysis of Windows 11, Windows 10, Windows Server 2012 – 2022. Redhat Enterprise Linux (RHEL), Ubuntu, Firewalls, Routers, Switches, and other operating systems, devices, and specialized equipment such as 3D printers.
• Create reports to track vulnerability metrics and level of risk to the network.
• Track, and analyze applicable Security Technical Implementation Guides (STIGs) across the enclave.
• Supporting centralized antivirus, system patching, configuration management, vulnerability scanning STIG and mitigation review to meet security compliance requirements to include ACAS, VRAM tracking and STIG quarterly checks and annual full STIG review with applicable System Administrators.
• Provide regular reporting on system(s) health to stakeholders and other teams regarding applicable assets.
• Experience supporting Information Assurance taskings related to ATO package build and submission and/or Risk Management Framework (RMF) documentation not limited to ACAS report creation, system STIG review to include open/close status and mitigation review, hardware lists and vulnerability status updates for package POAMs.
• Conduct security reviews on standalone and PIT systems in accordance with organization standards.
• Conduct incident analysis, tracking and reporting using various tools not limited to Splunk, WIDS, HBSS, ACAS, MDE and other procedures in accordance with organizations standard operating procedures.
• Perform regular review of enclave logs for intrusion breadcrumbs or questionable conduct using various logging tools such as Splunk.
• Performing server/workstation installations and technology refreshes as they relate to IA requirements.

Benefits

• RMC differentiates itself from other firms through its investment in our employees. We invest our resources to train, certify, educate, and build our employees.
• RMC can offer you a great place to work with a small company feel and give you the experience, tuition assistance, and certifications that will take your career to the next level.
• This also includes a competitive paid vacation package with 11 paid federal holidays.
• Additionally, we also offer high-quality, low-deductible healthcare plans, pet insurance, and a competitive 401K package.