StraCon Services Group, LLC is seeking an Information Security Management Analyst, Journeyman
to support NAWCTSD and their respective portfolios of platforms, programs, schools, and training systems. The Information Security Analyst will be responsible for planning, implementing, upgrading, and monitoring security measure for the protection of computer networks and information. The candidate will assess system vulnerabilities for security risks and propose and implement risk mitigation strategies. Candidate will ensure that appropriate security controls are in place that will safeguard digital files and vital electronic infrastructure and respond to computer security breaches and viruses.
Essential Job Duties:
- Oversees the cybersecurity program of an information system or network; including managing information security implications within the organization, specific program, or other area of responsibility, to include: Strategy, personnel, infrastructure, requirements, policy enforcement, emergency planning, security awareness, and other resources.
- Serving as a POC for customer relations, acting as a Subject Matter Expert in department-level working groups.
- Ensuring adequate program controls are applied to each task area, including scheduling, resource allocation, direction, cost quality control, report preparation, establishing and maintaining records, and resolution of customer complaints.
- Resolving quality, timeliness, and accuracy issues.
- Ensuring CDRL quality prior to submission to the Government.
- Performing project management and business process development functions.
- Cybersecurity metrics, data collection, and reporting.
- Reviewing network topology diagrams, hardware lists, software lists.
- Assisting new hires with cybersecurity account requests and program familiarization.
- Proficient in Microsoft Word, Excel, Powerpoint, Visio, Project, Sharepoint.
- Experience with Risk Management Framework, eMASS, VRAM, DITPR-DON/DADMS.
- Responsible for the analysis and development of the integration, testing, operations, and maintenance of systems security.
- Ensure all systems security operations and maintenance activities are properly documented and updated as necessary.
- Mitigate/correct security deficiencies identified during security/certification testing and/or recommend risk acceptance for the appropriate senior leader or authorized representative.
- Conducts the integration/testing, operations, and maintenance of systems security.
- Assess and monitor cybersecurity related to system implementation and testing practices.
- Verify minimum security requirements are in place for all applications.
- Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures and maintenance training materials).
- Verify and update security documentation reflecting the application/system security de-sign features.
- Collect and maintain data needed to meet system cybersecurity reporting.
- Ensure that cybersecurity inspections, tests, and reviews are coordinated for the network environment.
- Participate in an information security risk assessment during the Security Assessment and Authorization process.
- Participate in the development or modification of the computer environment cybersecurity program plans and requirements.
- Assist in providing system related input on cybersecurity requirements to be included in statements of work and other appropriate procurement documents.
- Identify security requirements specific to an information technology (IT) system in all phases of the System Life Cycle.
- Ensure plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
- Participate in the acquisition process as necessary, following appropriate supply chain risk management practices.
- Provide leadership and direction to information technology (IT) personnel by ensuring that cybersecurity awareness, basics, literacy, and training are provided to operations personnel commensurate with their responsibilities.
- Track audit findings and recommendations to ensure appropriate mitigation actions are taken.
- Oversee policy standards and implementation strategies to ensure procedures and guidelines comply with cybersecurity policies.
- Develop and maintain RMF Assess and Authorize documentation required to achieve an Authority to Operate (ATO). Prepare and maintain information systems ATO record on the Navy’s Enterprise Mission Assurance Support Service (eMASS).
- Run vulnerability assessment tools; ACAS vulnerability scanner, Security Content Automation Protocol (SCAP), STIG Viewer.
- Manage system/network vulnerabilities using the Vulnerability Remediation and Assets Manager (VRAM).
- Host Based Security System (HBSS) Experience
- Candidate must have approximately 3 or more years of cyber security experience in secure network and system design, analysis, procedure/test generation, test execution and implementation of computer/network security mechanisms.
Be proficient and experienced in:
- System Categorization
- Assess and Authorize Artifacts
- Platform Information Technology (PIT) Checklists
- Security Assessment Plans
- Security Assessment Procedures
- Test Reports
- System Admin Guides
- Privacy Impact Assessment (PIA)
- Support & Sustainability Plans
- Plan of Action and Milestones (POA&M)
- Risk Assessment Reports
- Security Risk Assessment Report Executive Summary
- IATT Submission Forms
- Memorandum for Record (MFR)
- Memorandum of Agreement (MOA)
- BS or BA Degree in in Computer Science, Computer Engineering, or Information Systems.
- One or more of the following certifications or Prior military Cyber experience. (i.e. CompTIA Advanced Security Practitioner (CASP) or Certified Authorization Professional (CAP) or Security+(CE) or Systems Security Certified Practitioner (SSCP) or Committee on National Security Systems Instruction (CNSSI) 4012-4016 Certificate or National Defense University (NDU) Chief Information Security Office (CISO) certificate, or prior Navy military with NEC 2780 or 2779 or 2781
- U.S. Citizenship required
- Minimum Secret clearance required OR must be eligible to apply and be granted interim DoD interim clearance prior to employment.
StraCon is dedicated to supporting our government clients and warfighters by “Enhancing their Operational Capability”. With a proven track record, and an employee focused philosophy, we have developed a culture that believes in the talent of the individual. StraCon employees are empowered to “Make It Happen”. Since 2008, we have provided Program Management, Training Systems Products, Financial Management, Instructional System Design, Data Management, Courseware Development, Engineering, Logistics, Foreign Military Sales Support, and a variety other technical services for the Department of Defense