Report this job

---

What is the problem? *

Incorrect company
Incorrect location
Job is expired
Job may be a scam
Other

DUTIES:

• Work with system owners, create and maintain Assessment and Authorization (A&A) documentation, including system security plan, privacy plan, security control assessment, privacy control assessment, and any relevant plans of action and milestones to support Authorization to Operate (ATO) decisions.

• Utilize the (RMF) Enterprise Mission Assurance Support Service (eMASS) to upload artifacts and select security controls.

• Research, develop, implement, test, and review an organization's information security to protect information and prevent unauthorized access.

• Apply knowledge of DoD or DoN network architectures and policy towards the assessment and identification of vulnerabilities as a means of improving the operational security posture.

• Execute and conduct analysis of network and system Assured Compliance Assessment Solution (ACAS) vulnerability scans, Security Content Automation Protocol (SCAP) scans, and Security Technical Implementation Guide (STIG) checklists to validate the appropriate implementation of security controls in accordance with National Institute of Standards and Technology (NIST), DoD, and DON publications.

• Provide guidance to Navy programs regarding vulnerability remediation and determination of risk posture.

• Capture and refine information security requirements for new systems or for enhanced functionality on existing system and ensure that the requirements are effectively integrated into information systems throughout the System Development Life Cycle (SDLC).

• Implement information security standards and procedures.

• Provide support for proposing, coordinating, implementing, and enforcing information systems security policies, standards, and methodologies.

• Perform systems cybersecurity tasks, including user network monitoring, information assurance, technical cybersecurity, and vulnerability assessments.

• Keep cybersecurity tools tuned and coordinated with the necessary cybersecurity posturing.

• Handle critical day-to-day change request management and incident handling.

• Monitor and analyze threats, using state-of-the-art tools like Splunk, ElK Stack, Cisco FirePower, FireEye, including NX, EX, or AX, McAfee ePolicy Orchestrator, Tanium, and Cylance.

• Use cybersecurity skills to provide security monitoring and incident response services in alignment with the mission to protect network assets, including industrial control systems.

• Understand, mitigate, and respond to threats quickly, restoring operations and limiting the impact.

• Analyze incidents to figure out just how many systems are affected and assist recovery efforts.

• Combine threat intelligence, event data, and assessments from recent events, and identify patterns to understand attackers' goals to stop them from succeeding.

• Subject matter expert with Risk Management Framework (RMF) and Enterprise Mission Assurance Support Service (eMASS) experience in establishing security baselines programs.

• Provide Cybersecurity technical & engineering support for network management configurations.

• Identify, assign, and review applicable Security Technical Implementation Guides (STIG's), track STIGS, communicate requirements to, and request results from, STIG owners.

• Create/Update/Track POA&M items associated with open STIG and Scan vulnerability results.

• Assist with Cybersecurity designs. Develop & document process flows as required. Lead creation and maintenance of related artifacts and documentation to include leading technical staff in creation of CM, CP, IR, and other system plans/documents/artifacts. Skills in technical writing to create/edit RMF documentation.