Risk Management Framework / Information Assurance Analyst Engineer

About The Position

Requirements

• BS degree with 4+ years' experience or 8+ years of IA experience without a degree.
• Current IAT Level II or higher Certification such as Security + or CISSP.
• Understanding of the Risk Management Framework (RMF), NIST, ICD, and CNSS standards.
• Familiarity with network technologies (LAN & WAN) and best practices within a classified environment to include crypto and key management.
• STIG compliance, SCC and STIG Viewer experience, and ACAS expertise.
• Expert with Microsoft Windows, Linux, and system virtualization in a secure network environment.
• Must be able to work in a constantly changing regulatory environment with short-, mid-, and long-term timelines for remediating any non-compliance.
• Must be able to work well within a team environment and able to adapt quickly to change.
• Good writing and verbal presentation skills.
• Active DoD Secret Clearance with eligibility to obtain an TS/SCI.

Nice To Haves

• Past or current ISSM/ISSO experience.
• Security+ or CISSP.
• GCIH a plus.
• DoD IS knowledge and experience.
• Background or understanding of System Security Plans (SSP).
• Security hardening scripting/automation experience.
• Microsoft OS Certification (MCSE Win 7 or other).
• Linux certification (RHCSA, CompTIA Linux, LCFS/LCFE, etc.).

Responsibilities

• Continuous upkeep, monitoring, analysis, and response to Information System, network and security events.
• Maintaining the NIPR and SIPR RMF packages for all enclaves within scope of the contract.
• Documents compliance actions within the approved automated compliance tracking system.
• Ensures systems are operated, maintained, and disposed of in accordance with internal security policies and practices outlined in the System Security Plan (SSP), Standard Operating Procedures (SOP), and customer directives.
• Ensures records are maintained for workstations, servers, software, routers, firewalls, network switches, crypto, and other relevant hardware/equipment throughout the information system's life cycle.
• Evaluates proposed changes or additions to the information system and advises senior site leadership of the security relevance.
• Participates in internal/external security audits/inspections; performs risk assessments and Continuous Monitoring.
• Ensure proper protection and/or corrective measures have been taken when an incident or vulnerability has been discovered.
• Working with the Facility Security Officer (FSO) to develop, implement and manage a formal Information Security / Information Systems Security Program.
• Develop, implement and enforce Information Security Policies and Procedures.
• Review and update IS Authorization documentation (Body of Evidence) to support IS Assessment and Authorization (Certification/Accreditation) activities.