ASRC Research and Technology Solutions is seeking an Information Assurance and Security Analyst with excellent collaboration skills to support our Unified Cyber Situational Awareness (UCSA) contract with the Defense Information Systems Agency (DISA) at our Pensacola, FL location. This position supports for all activities relating to information assurance procedures and systems. Confers with and advises other section leaders regarding administrative policies, internal controls, and security procedures, resolving technical problems, priorities, and methods. Prepares activity and progress reports relating to the information systems audit function. This is an on-site, full-time position.
Duties and Responsibilities
- Execute and maintenance of the UCSA Information Security Plan.
- Categorization and assignment of security controls in Enterprise Mission Assurance Support Service (eMass).
- Creation and maintenance of the A&A package in eMass.
- Coordination on inherited security controls within eMass.
- Management and update of DoD Information Technology Portfolio Repository entries.
- Ports, Protocols, & Services Management.
- Processes required to achieve and maintain all Authority to Operate (ATO) & Interim Authority to Test (IATT) approvals.
- Reporting on Federal Information Security Management Act (FISMA).
- Management and oversight for Security Technical Implementation Guide (STIG) / Information Assurance Vulnerability Alert (IAVA) compliance.
- Compliance and management of Security Incident Response Cyber Security Service Provider (CSSP).
- Scanning and compliance activities associated with Assured Compliance Assessment Solution (ACAS).
- Review and compliance activities associate with Continuous Monitoring and Risk Scoring / RMF.
- Support the Creation and Management of system profiles, plans and scorecards within eMass, as well as the creation and management of all artifacts tied to security controls within eMass.
- Bachelor's degree in related field or equivalent relevant experience.
- Active DoD 8570 IA baseline security certification for IAT Level II (e.g. Security+ CE, CISSP).
- Experience with DoD RMF, DIACAP or NIST Risk Management Framework (RMF).
- Experience with information assurance including accreditation and security testing as well as evaluation, implementation, and execution of security engineering practices in the Systems and Software Development Life Cycle (SDLC) process.
- Must be able to work on-site
- Experience with HBSS.
- Knowledge of technical DoD, IC, and national level system security initiatives supporting Local Area Network (LAN), Wide Area Network (WAN), Cross Domain Solutions (CDS), and Cloud technologies, providing subject matter expertise in overcoming technical obstacles and questions.
- Knowledge of several of the following areas is required: Understanding of business security practices and procedures; current security tools available; hardware/software security implementation; different communication protocols; encryption techniques/tools; familiarity with commercial products, and current lab infrastructure technology.
- Knowledge of Computer Network Defense (CND) policies, procedures, and regulations
- Knowledge of boundary protection and enclaving
- Knowledge of security tools and systems including ACAS, HBSS, Nessus, Splunk, etc.
- Ability to support Cybersecurity reviews, including generation of security artifacts, such as security plans, POA&M, and security CONOPS.
- Knowledge of ITIL processes desired.
Experience:
- 3-5 years Risk Management Framework (Required) and Information System Security Officer (ISSO) or Manager (ISSM)
- Previous role supporting RMF or FedRamp accreditation processes
Clearance Requirements:
- The selected candidate must have an active Secret clearance with the ability to obtain a Top Secret clearance.
- US Citizenship is Required.
ASRC Federal and its Subsidiaries are Equal Opportunity / Affirmative Action employers. All qualified applicants will receive consideration for employment without regard to race, gender, color, age, sexual orientation, gender identification, national origin, religion, marital status, ancestry, citizenship, disability, protected veteran status, or any other factor prohibited by applicable law.