Smart Synergies
Information Assurance Analyst
Smart Synergies, Chantilly, Virginia, United States, 22021
Description
:
Responsibilities
•Design, build, configure, implement, and maintain IT network systems equipment and technologies.
•Provide Windows and Linux OS systems administration, cybersecurity (information assurance) support for various classified systems, including local regional office support.
•Configure and maintain information systems in compliance with security policies and standards.
•Initiate and follow through to completion, Risk Management Framework (RMF) packages for enterprise architectures in accordance with NISPOM/DAAPM, ICD 503/CNSSI 1253, JSIG, NIST 800-53 and NIST 800-171 requirements.
•Create and maintain Assessment and Authorization (A&A) packages, System Security Plans (SSPs), Risk Assessment Reports (RARs), Security Controls Traceability Matrices (SCTMs) and Plans of Action & Milestones (POA&Ms) for all classified systems.
•Conduct analysis and assessment of the security control assessment guidance, procedures, and templates to ensure correct and uniform implementation of the new RMF assessment processes.
•Identify, contain, investigate, and report data spills to the Government Security ISSM through preliminary written reports. Coordinate containment and device sanitization with staff at the affected locations. Work with the FSO/ISSO for assessment/mitigation strategy addressing the data spill in the approved response plan.
•Provide technical oversight for classified system compliance and conduct self-assessments.
•Interface directly with Defense Counterintelligence and Security Agency (DCSA) and other system sponsoring clients to conduct security inspections, tests, and system review.
•Review of commercial security patches, and reports of cyber-attacks, and analyze them for applicability along with CTO, Information Vulnerability Alerts (IAVA) and other cybersecurity directives within the time specified by the issuing authority (e.g., U.S. CYBER COMMAND) and analyze them for applicability to and effect on the systems supporting DoD contracts.
•Support cybersecurity testing of client-based systems under test lead supervision.
Key Qualifications
•Motivated self-starter who requires minimal supervision and oversight.
•Strong organizational, and time management skills, and the ability to meet tight deadlines.
•Proven ability to master new technologies and strong decision making skills.
•Must be a U.S. Citizen
•Active TOP SECRET clearance with SCI clearance eligibility
•Bachelor's degree (BS/BA) and/or 5 years of relevant experience as an IT systems administrator.
•Possess strong demonstrated knowledge of Windows Server and Microsoft operating systems installation and configuration required.
•Possess strong demonstrated strong knowledge of Linux systems administration and configuration.
•Experience with network systems administration, Active Directory, and GPO management is required.
•Experience with PowerShell, Python, Shell Scripting, and /or other scripting languages.
•Experience with switch, router, wireless access points, USB, and firewall configuration is required.
•Knowledge of ESXi virtualization and VMware required.
•DoDD 8140 (8570.1-M) IAT Level 3 certification or ability to complete certification within the first 6 months of employment. CASP+ CE, CCNP Security, CISA, CISSP, GCED, GCIH, and/or CCSP is considered a plus
•Ability to travel to local regional sites to provide support for on-premise networks/systems, and to attend meetings and training (less than 10 percent of time).
Preferred Qualifications
•Possess a background understanding of cyber security principles, including system patching, configuration and validation of information system compliance using DISA STIGs, SCAP Compliance Checker (SCC) and STIG Viewer.
•Military veteran with relevant IT and computer security experience will be considered a plus.
•Certified Information Systems Security Professional (CISSP) (or Associate) is considered a plus.
•Experience with IT Security Engineering in support of systems development, interface, and/or architecture requirements.
•Knowledge of NIST 800-53, DoD 8500.01, 8510.01 series and associated instructions governing Cybersecurity and Risk Management Framework (RMF) for DoD Information Technology (IT), to include implementing policies and procedures that are derived from those instructions.
•Experience with DISA Security Technical Implementation Guides (STIGs), implementation SCAP Compliance Checker (SCC) and STIG Viewer.
•Experience with Nessus, WebInspect, AppDetective, Wireshark, Nmap, and other vulnerability detection tools.
•Experience with eMASS for information system Security Authorization and Continuous Monitoring workflows and reports.
•Desire to continuously improve personal technical performance through industry memberships, conferences, training, and independent outside study.
:
Responsibilities
•Design, build, configure, implement, and maintain IT network systems equipment and technologies.
•Provide Windows and Linux OS systems administration, cybersecurity (information assurance) support for various classified systems, including local regional office support.
•Configure and maintain information systems in compliance with security policies and standards.
•Initiate and follow through to completion, Risk Management Framework (RMF) packages for enterprise architectures in accordance with NISPOM/DAAPM, ICD 503/CNSSI 1253, JSIG, NIST 800-53 and NIST 800-171 requirements.
•Create and maintain Assessment and Authorization (A&A) packages, System Security Plans (SSPs), Risk Assessment Reports (RARs), Security Controls Traceability Matrices (SCTMs) and Plans of Action & Milestones (POA&Ms) for all classified systems.
•Conduct analysis and assessment of the security control assessment guidance, procedures, and templates to ensure correct and uniform implementation of the new RMF assessment processes.
•Identify, contain, investigate, and report data spills to the Government Security ISSM through preliminary written reports. Coordinate containment and device sanitization with staff at the affected locations. Work with the FSO/ISSO for assessment/mitigation strategy addressing the data spill in the approved response plan.
•Provide technical oversight for classified system compliance and conduct self-assessments.
•Interface directly with Defense Counterintelligence and Security Agency (DCSA) and other system sponsoring clients to conduct security inspections, tests, and system review.
•Review of commercial security patches, and reports of cyber-attacks, and analyze them for applicability along with CTO, Information Vulnerability Alerts (IAVA) and other cybersecurity directives within the time specified by the issuing authority (e.g., U.S. CYBER COMMAND) and analyze them for applicability to and effect on the systems supporting DoD contracts.
•Support cybersecurity testing of client-based systems under test lead supervision.
Key Qualifications
•Motivated self-starter who requires minimal supervision and oversight.
•Strong organizational, and time management skills, and the ability to meet tight deadlines.
•Proven ability to master new technologies and strong decision making skills.
•Must be a U.S. Citizen
•Active TOP SECRET clearance with SCI clearance eligibility
•Bachelor's degree (BS/BA) and/or 5 years of relevant experience as an IT systems administrator.
•Possess strong demonstrated knowledge of Windows Server and Microsoft operating systems installation and configuration required.
•Possess strong demonstrated strong knowledge of Linux systems administration and configuration.
•Experience with network systems administration, Active Directory, and GPO management is required.
•Experience with PowerShell, Python, Shell Scripting, and /or other scripting languages.
•Experience with switch, router, wireless access points, USB, and firewall configuration is required.
•Knowledge of ESXi virtualization and VMware required.
•DoDD 8140 (8570.1-M) IAT Level 3 certification or ability to complete certification within the first 6 months of employment. CASP+ CE, CCNP Security, CISA, CISSP, GCED, GCIH, and/or CCSP is considered a plus
•Ability to travel to local regional sites to provide support for on-premise networks/systems, and to attend meetings and training (less than 10 percent of time).
Preferred Qualifications
•Possess a background understanding of cyber security principles, including system patching, configuration and validation of information system compliance using DISA STIGs, SCAP Compliance Checker (SCC) and STIG Viewer.
•Military veteran with relevant IT and computer security experience will be considered a plus.
•Certified Information Systems Security Professional (CISSP) (or Associate) is considered a plus.
•Experience with IT Security Engineering in support of systems development, interface, and/or architecture requirements.
•Knowledge of NIST 800-53, DoD 8500.01, 8510.01 series and associated instructions governing Cybersecurity and Risk Management Framework (RMF) for DoD Information Technology (IT), to include implementing policies and procedures that are derived from those instructions.
•Experience with DISA Security Technical Implementation Guides (STIGs), implementation SCAP Compliance Checker (SCC) and STIG Viewer.
•Experience with Nessus, WebInspect, AppDetective, Wireshark, Nmap, and other vulnerability detection tools.
•Experience with eMASS for information system Security Authorization and Continuous Monitoring workflows and reports.
•Desire to continuously improve personal technical performance through industry memberships, conferences, training, and independent outside study.