Information Assurance Analyst - DOD

INNOVIM•Vandenberg AFB, CA

7d•$120,000 - $130,000•Onsite

About The Position

INNOVIM is seeking an Information Assurance Analyst to support the Missile Defense Agency (MDA) on the Integrated Research and Development for Enterprise Solutions (IRES) contract. This role involves developing and maintaining RMF Assessment and Authorization (A&A) documentation in accordance with DoD, NIST, and other governing documents, ensuring systems have an approved Authorization to Operate (ATO). The analyst will gather and update A&A artifacts, monitor and implement security controls, and participate in incident management and response. Responsibilities also include supporting cybersecurity metrics and reporting, utilizing cybersecurity tools like ACAS, STIG, Trellix ePO, and Elasticsearch, and performing risk assessments. The role requires tracking and managing the information system’s Plan of Action and Milestones (POA&M), analyzing and updating PPSMs, and evaluating NIST 800-53 controls. Additionally, the analyst will prepare documents for Control Validation Tests (CVTs), perform security audits and vulnerability assessments, and develop policies and plans for incident response, disaster recovery, and cybersecurity implementation.

Requirements

Must have 4, or more, years of general (full-time) work experience. May be reduced with completion of advanced education
Must have 2, or more, years of cyber security experience.
Must have a high level of understanding for computer systems, operating systems, and network architecture.
Must have a firm understanding and experience with Microsoft Office Suite.
Must have experience with Configuration Management processes and workflows.
Must have a current DoD 8570 IAT Level II certification (Security+ CE).
Must have an active DoD Secret Security Clearance

Nice To Haves

Have experience with conducting system and log auditing.
Have experience with endpoint security enforcement and validation.
Have experience with vulnerability management.
Have experience with eMASS.
Be familiar with Security Controls Traceability Matrix (SCTM).

Responsibilities

Develop and provide RMF Assessment and Authorization (A&A) documentation in accordance DoD, NIST, and other governing documents.
Maintain the current, approved Authorization to Operate (ATO) for assigned system.
Gather and/or develop any needed A&A artifacts.
Update artifacts as required ensuring that they are current and document findings in the approved Risk Management Framework (RMF) or similar A&A documentation format provided.
Assist with monitoring and the implementation of security controls.
Perform work within incident management, response, and response coordination.
Gathering artifacts/data to support cybersecurity metrics and reporting.
Utilize cybersecurity tools (ACAS, STIG, Trellix ePO, Elasticsearch) to perform verification of operation in accordance with requirements.
Perform accurate and verified risk assessments that cover all of the security controls and policies for key stakeholders.
Track, monitor, and manage the information system’s Plan of Action and Milestones (POA&M) and provide technical assistance as required.
Analyze, verify and update PPSMs as required for programs.
Provide artifacts that support the maintenance of security packages.
Evaluate NIST 800-53 controls for applicability, generate implementation statements, and get implementations approved.
Prepare documents in support of Control Validation Tests (CVTs) to confirm compliance of ATOs submitted for RMF packages.
Perform security audits and vulnerability assessments and develop documentation and reports.
Develop policies, plans and procedures, including Incident Response, Disaster Recovery/Continuity of Operations and Cybersecurity Implementation Plans.