What You'll Get to Do: You will provide support in security control assessment and continuous monitoring of the organization's information systems following ICD 503 standards and best practices. You will provide various levels of Information assurance by developing test plans and assessing or auditing information system security controls by applying best practices of NIST 800-37, 800-53, 800-53A, and CNSS 1253 guidance. You will conduct vulnerability scanning of information systems using government accepted scanning tools to ensure compliance and to identify security weaknesses and vulnerabilities. You will review and analyze scanning results and provide recommendations concerning vulnerability mitigation efforts.
More About the Role:
Provide technical services for installation, operation, maintenance and authorization of hardware and software required for vulnerability scanning capabilities.
Review system security body of evidence documentation for accuracy and completeness.
Support development of Plan of Action and Milestones (POA&M) containing corrective actions required for unacceptable system and enterprise level risks.
Provide support to configuration management and control processes to integrate security and risk management.
Scan for network security compliance in accordance with DISA STIGs.
Conduct security impact analyses of security controls based on proposed system changes.
Support the preparation of security test plans, execute and assess the security control effectiveness using security control test procedures, and create Security Assessment Reports (SAR) based on assessment findings.
Support vulnerability scanning activities for external audits (i.e. FISMA and CCRI).
Develop tools and methodologies for tracking and reporting on identified information system vulnerabilities.
You'll Bring These Qualifications:
Must have an active TS/SCI clearance
Must have a current certification compliant with DoD 8570 IAM or IAT level 3 OR must provide become DoD 8570 compliant within 6 months of hire and maintain certification throughout employment.
Typically has a University Degree (BA/BS) or equivalent experience and minimum 10 years of related work experience.
Experience with ICD 503 and working knowledge of Risk Management Frame work as outlined in NIST SP 800-37.
Working knowledge of information system security controls and how to assess their effectiveness per NIST SP 800-53 and NIST SP 800-53A.
Knowledgeable in continuous monitoring processes as outlined in NIST SP 800-137 appropriate for systems, leveraging existing tools, efforts, and incorporating new automation techniques.
Knowledgeable in information system vulnerability analysis and management.
Knowledge of IT including but not limited to network sub netting.
Experienced in system testing methodologies that include: Penetration testing, Configuration analysis, Security best practices validation
Experienced in security testing and penetration tools that include:
Assured Compliance Assessment Solution (ACAS)
HP Fortify Web Inspect
Network Discovery & Visual Analytics experience (i.e., IP Sonar, etc.).
Red / Blue team assessment experience.
Knowledgeable in cyber Incident handling.
Experienced in using the XACTA application.
Proficient in the use of Microsoft Application tools (i.e. Excel and Powerpoint).