Information Assurance and Security

Peraton•Herndon, VA

About The Position

Peraton has an exciting opportunity for a cleared Information Assurance Specialist to join a dynamic multi-disciplinary team, developing a next generation satellite terminal on a mission critical Space and Intelligence Program. The Information Assurance Specialist will be responsible for monitoring, analyzing, and detecting cyber events and incidents within information systems and networks. They will develop techniques and procedures for conducting IS and cyber security risk assessments and compliance audits, evaluating and testing hardware, firmware, and software for security impacts, and investigating and resolving security incidents. The role involves performing security reviews, identifying gaps in security architecture, and developing security risk management plans. Additionally, the specialist will plan and conduct security authorization reviews and assurance case development, review requests for security-relevant changes to mission infrastructures, and perform patch management and vulnerability remediation. They will ensure IS and cyber security plans align with IS standards and support the implementation of Zero Trust Architecture (ZTA) and Identity & Access Management (IAM) controls. The role also includes conducting security reviews for third-party applications and vendors, communicating with the customer IA team, assisting in securing cloud-based environments, and working with engineering and operations teams to update procedures for cybersecurity outcomes.

Requirements

Bachelor’s degree and eight years of experience.
Four (4+) years of experience with NIST 800-53 security controls and Risk Management Framework (RMF) process with a U.S. Government agency.
Two (2+) years of experience with vulnerability management for networks, operating systems, and software.
Familiarity with Cyber security tools such as Splunk, Nessus Security Center, etc.
Capable of designing user-focused dashboards and reports.
Current Security+ or similar DoD 8570 IAT certification.
Must possess an active, current Top Secret/Sensitive Compartmented Information (TS/SCI) and the ability to pass a polygraph.

Nice To Haves

Splunk reports and dashboards

Responsibilities

Monitors, analyzes, and detects cyber events and incidents within information systems and networks under general supervision.
Develop techniques and procedures for conducting IS and cyber security risk assessments and compliance audits, evaluation and testing of hardware, firmware, and software for possible impact on system security, and the investigation and resolution of security incidents such as intrusion, attacks, or leaks.
Performs security reviews, identify gaps in security architecture, and develop a security risk management plan.
Plan and conduct security authorization reviews and assurance case development for initial installation of systems and networks.
Reviews requests for security relevant changes to mission infrastructures, ensuring risk is adequately mitigated.
Perform patch management and vulnerability remediation for IT assets, ensuring compliance with security benchmarks (DISA STIGs, CIS Benchmarks, SCAP).
Ensures that IS and cyber security plans, controls, processes, standards, policies, and procedures are aligned with IS standards and overall IS and cyber security.
Support the implementation of Zero Trust Architecture (ZTA) and Identity & Access Management (IAM) controls.
Conduct security reviews for third-party applications and vendors to mitigate supply chain risks.
Communicates frequently with customer IA team regarding any asset changes, determine impact of any upcoming policy changes, and flow down information about other evolving IA requirements.
Assist in securing cloud-based environments (AWS, Azure, Google Cloud) through security controls like CASB, CSPM, and cloud encryption.
Work with engineering and operations teams to review and update procedures and SOPs to produce positive cybersecurity outcomes.