MartinFederal seeks a senior level IT Security Professional in support NSWC. The successful candidate will provide SENIOR LEVEL Information Assurance Support, and Navy Validator services. This is a specialized field in risk management & IT security, so on the job training will be provided.
Typical duties:
-Create, Modify, and Execute DIACAP packages through the Certification and Accreditation cycle.
-Completed Checklists, Retina Scans, SCAP Scans, Risk Assessment Reports (RARs)
-Candidate will be knowledgeable of DIARMF, DIACAP, and DITSCAP processes
-Provide Information Security Systems Engineering (ISSE) services
-Create Program level documentation
Information Assurance Program Docs, Decisional Briefs, & Technical Diagrams
Program Protection Plans (PPPs), Acquisition Information Assurance Strategy (AIAS)
Memorandums for the Record (MFRs), FISMA compliance Docs
Privacy Impact Assessments (PIA), Naval Nuclear Propulsion Info (NNPI) checklists,
Business Case Analysis (BCA) and Business Impact Analysis (BIA)
Analysis of Alternatives (AoA) and Spiral Acquisition Development Briefs
-Negotiate issues with the Navy Enterprise Data Center (NEDC)
-Facilitate technical and administrative efforts
-Coordinate IA and technical activities between groups
-Perform ISSE and Navy Validation for SPAWAR packages
Negotiate with the Navy CA and ODAA on technical & administrative issues.
Serve as a technical liaison between Program Managers & Engineering to facilitate:
-adoption of DoD and Navy policy for STIG implementation,
-regular automated scanning,
-FISMA compliance & reporting,
-DADMS registration,
-DITPR-DON registration & reporting,
-JITC Waivers,
-DON-CIO Escalations,
-POA&M maintenance & milestone tracking,
-interfacing with the configuration management system to institute Engineering Change Requests (ECRs),
-Research and implementation of Navy and DoD policy for the proper implementation of information security policies, technologies, and operations.
• Knowledge of implementation of DISA STIGs (Security Technical Implementation Guides) and SRGs (Security Requirements Guides)
• Utilize IA assessment tools like Retina, ACAS, DISA SCAP, NMAP to identify vulnerabilities, as well as performing manual checks on software using such resources as DISA STIGs (Security Technical Implementation Guides), SRGs (Security Requirements Guides), and NIST (National Institute of Standards and Technology) Guides as well using industry best practices.
• Evaluation of Red Hat Enterprise Linux, Unix, and Windows systems.
• Ability to contribute to the system architecture design process to ensure secure design practices are met.
• Creating reports of identified software vulnerabilities and providing mitigations/ recommendations for reducing risk.
• Evaluate, and analyze risks identified in POAM and assist software development team by providing solutions to remediate items or in mitigating the vulnerabilities in the efforts to reduce the risk.
• Experience with PKI solutions
• Knowledge of Navy software accreditation processes and DIACAP process.
• Ability to obtain a Secret clearance.
• Security+ certification, CISSP certification, Navy or Marine Corps Certified Validator
The requirements above are specialized, and the candidate may or may not have experience in several areas. The successful candidate is an individual who knows about information security, understands how it works, understands risk and mitigating risk, and understands how to create or comment on documentation. Documentation can be high level strategy all the way down to very articulate technical detailed documentation.
Typical duties:
-Create, Modify, and Execute DIACAP packages through the Certification and Accreditation cycle.
-Completed Checklists, Retina Scans, SCAP Scans, Risk Assessment Reports (RARs)
-Candidate will be knowledgeable of DIARMF, DIACAP, and DITSCAP processes
-Provide Information Security Systems Engineering (ISSE) services
-Create Program level documentation
Information Assurance Program Docs, Decisional Briefs, & Technical Diagrams
Program Protection Plans (PPPs), Acquisition Information Assurance Strategy (AIAS)
Memorandums for the Record (MFRs), FISMA compliance Docs
Privacy Impact Assessments (PIA), Naval Nuclear Propulsion Info (NNPI) checklists,
Business Case Analysis (BCA) and Business Impact Analysis (BIA)
Analysis of Alternatives (AoA) and Spiral Acquisition Development Briefs
-Negotiate issues with the Navy Enterprise Data Center (NEDC)
-Facilitate technical and administrative efforts
-Coordinate IA and technical activities between groups
-Perform ISSE and Navy Validation for SPAWAR packages
Negotiate with the Navy CA and ODAA on technical & administrative issues.
Serve as a technical liaison between Program Managers & Engineering to facilitate:
-adoption of DoD and Navy policy for STIG implementation,
-regular automated scanning,
-FISMA compliance & reporting,
-DADMS registration,
-DITPR-DON registration & reporting,
-JITC Waivers,
-DON-CIO Escalations,
-POA&M maintenance & milestone tracking,
-interfacing with the configuration management system to institute Engineering Change Requests (ECRs),
-Research and implementation of Navy and DoD policy for the proper implementation of information security policies, technologies, and operations.
• Knowledge of implementation of DISA STIGs (Security Technical Implementation Guides) and SRGs (Security Requirements Guides)
• Utilize IA assessment tools like Retina, ACAS, DISA SCAP, NMAP to identify vulnerabilities, as well as performing manual checks on software using such resources as DISA STIGs (Security Technical Implementation Guides), SRGs (Security Requirements Guides), and NIST (National Institute of Standards and Technology) Guides as well using industry best practices.
• Evaluation of Red Hat Enterprise Linux, Unix, and Windows systems.
• Ability to contribute to the system architecture design process to ensure secure design practices are met.
• Creating reports of identified software vulnerabilities and providing mitigations/ recommendations for reducing risk.
• Evaluate, and analyze risks identified in POAM and assist software development team by providing solutions to remediate items or in mitigating the vulnerabilities in the efforts to reduce the risk.
• Experience with PKI solutions
• Knowledge of Navy software accreditation processes and DIACAP process.
• Ability to obtain a Secret clearance.
• Security+ certification, CISSP certification, Navy or Marine Corps Certified Validator
The requirements above are specialized, and the candidate may or may not have experience in several areas. The successful candidate is an individual who knows about information security, understands how it works, understands risk and mitigating risk, and understands how to create or comment on documentation. Documentation can be high level strategy all the way down to very articulate technical detailed documentation.