Information Assurance and Security Associate
About The Position
We are looking to add a Information Assurance and Security Associate to our team of talented professionals. In this role, you will: Assist in maintaining the existing System Security Plan (SSP), internal testing against the SSP, support for DeCA sponsored Security Testing & Accreditation (ST&E); development of the plan of Actions & Milestones (POAMs) and assistance with any submission to the DeCA accrediting official for issuance of the Authority To Operate (ATO). Assist with weekly reviews, documentation, and resolve all findings identified in vulnerability assessments and security compliance reviews, IAW DoDI 8531.01, DeCAM 35-31.01 and published USCYBERCOM directives for enterprise infrastructure Assist with ensuring audit logs meet the current audit requirements (Figure 1 of DeCAM 35-31.01). Assist in maintaining audit logs and record findings per DeCAM 31-31.01. Report anomalies identified during audit log reviews or alert notifications to the NCR IA Manager and/or DeCA's incident response team, as appropriate, and address identified anomalies and alert notifications per the guidance and reporting timelines defined by DeCAM 35-31.01 and DeCA Incident Response procedures. Assist with enforcement of security policies and safeguards on all personnel having access to the information system for which NCR is responsible. Recommend the suspension of network access for users not complying with security policies of the system to the SISO/CISO.. Assist with developing procedures for and conduct periodic security reviews to enforce service account and DB password strengths. Identify, analyze, and remediate applicable OS/DB STIG severity Category I, II or III finding (STIG Viewer) that occurs in systems or software IAW DeCAM 35-31.01. Document and update deviations from STIGs or other hardening guides as new vulnerability issues are identified. Assist with submitting evidence for security control and continuous monitoring compliance that impact ATO, vulnerability remediation activities, to include POA&Ms and security patching
Requirements
- 4 years with AS/AA; 2 years with BS/BA; 0 years with MS/MA or 6 years with High School diploma
- Must have an active CISSP certification.
- Must have a Secret Clearance.
- U.S. citizenship is required.
- Must have the ability to assist with Cybersecurity personnel reviews regarding DEBOSS responsibilities and accounts twice per year IAW DeCAM 35-31.0.
- Must have the abilty to assist with conducting periodic benchmark scans to test products for STIG compliance and apply new STIGs IAW timelines and guidance in DeCAM 35-31.01.
Responsibilities
- Assist in maintaining the existing System Security Plan (SSP)
- Assist with weekly reviews, documentation, and resolve all findings identified in vulnerability assessments and security compliance reviews
- Assist with ensuring audit logs meet the current audit requirements
- Assist in maintaining audit logs and record findings
- Report anomalies identified during audit log reviews or alert notifications to the NCR IA Manager and/or DeCA's incident response team
- Assist with enforcement of security policies and safeguards on all personnel having access to the information system
- Assist with developing procedures for and conduct periodic security reviews to enforce service account and DB password strengths
- Identify, analyze, and remediate applicable OS/DB STIG severity Category I, II or III finding (STIG Viewer) that occurs in systems or software
- Document and update deviations from STIGs or other hardening guides as new vulnerability issues are identified
- Assist with submitting evidence for security control and continuous monitoring compliance that impact ATO, vulnerability remediation activities, to include POA&Ms and security patching
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
High school or GED
Number of Employees
5,001-10,000 employees
