Job Description:

The Sr. IT Security Analyst is responsible for conducting routine IA Audits on all Information Systems (IS) to ensure the appropriate IA security controls have been applied and maintained; coordinating directly with cross functional teams and management to resolve all compliance issues. Duties will include.

• Evaluate IS for compliance in accordance with RMF 800-53 Controls and Special Directives. Record and/or prepare artifacts associated with the audit to ensure a repository for all system RMF documentation is kept current
• Provide C&A support in the development of security and contingency plans by conducting risk and vulnerability assessments.
• Use the 800 Series NIST Special Publications as reference for C&A, system security plans, risk assessment, and other security requirements.
• Perform security focused reviews and analysis of network topologies and devices configurations for use of restricted ports and protocols; implementation of sound security concepts and design; DISA Security Technical Implementation Guides (STIGs) compliant network configuration of Cisco, Brocade, Juniper, and Bluecoat devices.
• Use automated security scanning tools (SCAP, ACAS, BNA, etc.) to identify potential vulnerabilities. Analyze and report findings to technical teams and leadership for appropriate tracking and mitigation.
• Research RFIs from technical teams regarding DISA STIG checklists, regulations and/or BBPs. Explain requirements to systems administrators in detail to ensure proper understanding and clarity. Review proposed courses of action from technical teams and recommend the most secure option while balancing operations and/or mission requirements.
• Assist in the identification, tracking and remediation of security risks discovered on information systems. Prepare and deliver detailed written reports and oral presentations to the Security Manger, Information Assurance Manager and other senior leaders or staff within the 2RCC-WH.
• Coordinate with both internal and external entities to improve established processes and procedures; ensuring efficient execution of all analysis, tracking, mitigation and reporting requirements.
• Create, edit, and review organization and team level documentation for clarity and accuracy. Assist with development of security related TTPs, SOPs, processes, plans, or diagrams.
• Participate in 24x7 on-call support rotation with other team members.
• Support and/or lead special projects as required.
• Complete other duties as assigned by management.

 

Minimum Qualifications:

• HS +6 years similar experience, or AA/AS +4 or BS/BA +2
• Must meet DOD 8570.01 IAT-II level certification requirements immediately upon hire
• To include up to 2 years experience IA/ IT experience
• Possess exceptional communication and interpersonal skills
• Knowledge of eMASS
• Knowledge of network specific DISA Security Technical Implementation Guides and checklists
• Experience with Risk Management Framework (RMF)
• Experience performing IA audits within a DoD organization

 

Clearance:

• Position requires a Secret clearance.

Posted On: Friday, May 11, 2018