Information Assurance Security Administrator

About The Position

Requirements

• Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, Data Science, Engineering, Mathematics, or a closely related discipline or equivalent practical experience (as permitted by the contract).
• Minimum 4 years of relevant experience supporting enterprise IT environments, with demonstrated work aligned to Information Assurance.
• At least one: CGRC/CAP, CASP+, Cloud+, PenTest+, Security+, or GSEC.
• Alternate/equivalent certifications may be accepted with Government approval.
• Must be able to obtain and maintain Public Trust suitability and all required system access (e.g., CAC-enabled accounts) to perform duties.
• This position is aligned to applicable DoD Manual 8140.03 work role 805 (NIST: OV-PM-005); contractor personnel must meet DoD 8570.01-M baseline certification requirements and transition to DoD Manual 8140.03 work role requirements, including required training, knowledge, skills, abilities, and tasks, within Government-directed timelines.

Nice To Haves

• Preferred/Work-center dependent: Microsoft Certified: Azure Administrator Associate or Microsoft Certified: Windows Server Hybrid Administrator Associate.

Responsibilities

• Support the ISSO mission by ensuring DHA managed systems comply with DoD/DHA IA policy, vulnerability alerts, IAVAs, and USCYBERCOM (United States Cyber Command)/DHA advisories.
• Keep RMF (Risk Management Framework) status current in eMASS (Enterprise Mission Assurance Support Services).
• Track and report key RMF deliverables (risk assessments/acceptance, A&A (accreditation and authorization) actions, CCI (Control Correlation Identifier) completion, POA&Ms (Plans of Action and Milestones)); recommend corrective actions and process improvements.
• Perform vulnerability/compliance scans and validation using ACAS (Nessus/Security Center), DISA STIG Viewer, SCC, MECM, and manual checks; validate patches and remediation effectiveness.
• Maintain accurate asset inventories in ACAS and eMASS and sustain credentialed scan coverage by resolving non-credentialing, dead, or misconfigured assets.
• Create and manage POA&Ms through closure with mitigation actions and milestone dates.
• Coordinate remediation of missing patches and security gaps with DHA offices and technical teams.
• Maintain and review logs/audit records and audit authentication/password policy compliance; document security impacts of system changes and interfaces.
• Maintain RMF artifacts/evidence (test results, inventories, policies/procedures, diagrams, PPSM (Ports, Protocols, and Services Management) entries, inheritances, supporting documentation) and submit required eMASS updates/packages for accreditation decisions.
• Report security incidents/violations within required timelines.
• Develop/test IR procedures, COOP (Continuation of Operations), and ISCP (Information System Contingency Plan) plans.
• Upload plans and after-action products and support continuous monitoring and annual reviews.