Delaware Nation Industries
Security Analyst - Tinker AFB
Delaware Nation Industries, Oklahoma City, Oklahoma, United States, 73116
Overview
Security Analyst
Delaware Nation Investments/Emerging Technologies is seeking a highly qualified and motivated Security Analyst to join our team. We work with the Air Force Sustainment Center (AFSC) located at Tinker AFB, Hill AFB, Robins AFB, and Wright Patterson AFB Advisory & Assistance for cybersecurity, network operations, and system administration for specified informational technology (IT) and operational technology (OT) within the Industrial Depot Maintenance (IDM) and Depot Support Services (DSS) authorizing official (AO) boundary. Network Operations support will include design, implement, and maintain OT networks and connected devices at Tinker, Hill and Robins Air Force bases. Cybersecurity effort will utilize the Risk Management Framework (RMF) per DoDI 8510.01, RMF for DoD Information, AFI 17-101, and RMF for Air Force Information Technology (IT), support AFSC in maintaining RMF compliance under AO guidance and acceptance of risk.
Ability to obtain a security clearance is REQUIRED.
An IAM Level II certification is REQUIRED (ex. CISSP)
This position is 100% onsite.
This is a full time/permanent position with excellent benefits, and outstanding compensation including full medical, dental, 401K vacation and holiday pay.
Responsibilities
Responsibilities:Own and maintain System Security Plans (SSP) for the network infrastructure to comply with NIST 800-53.Document process flow/secure configuration baselines for network engineers to follow while managing and configuring network infrastructure devices (configuration items or CI's)Support/Perform internal compliance audits against controls documented in the SSP's.Manage Plan of Action & Milestones (POAM's) and develop risk mitigations and recommendations for identified security assessment findings.Create and maintain Information Security Contingency Plan (ISCP) for the network infrastructure.Produce complete, accurate, and timely findings reports using client defined templates.Review FedRAMP compliance guidance and apply to the network infrastructure environment.Support the agency with FISMA metrics, reporting and work with network engineers to improve compliance levels.Support the agency with HWAM CDM reporting and work with network engineers to improve compliance levels.Review and analyze needed updates to existing set of security documents (e.g., system boundaries, privacy impact assessments [PIAs], system security plans [SSPs], risk assessments [RAs], memoranda of understanding, interconnection security agreements, contingency plans [CPs], etc.)Review vulnerabilities reported on network infrastructure devices and collaborate with network security engineers to review vulnerability scan results.Review ongoing updates to Federal security requirements agency templates, federal cybersecurity policy, e.g., Office of Management and Budget (OMB) Memorandum, NIST Special Publications, and FedRAMP.Review Federal security requirements/mandates and review new network designs for compliance.Participate in and lead customer briefings with regards to findings of assessments.Participate in the assessments of low, moderate, and high impact information systems to include Cloud services.Establish and maintain professional relationships with clients, customers, and team members and escalate issues when necessary.Qualifications
Required Qualifications:
BS degree in Computer Science or Information Technology and 5 years' experience in a related fieldExperience performing Certification & Accreditation (C&A), Security Assessment & Authorization (SA&A) as part of NIST SP 800-37 Risk Management Framework (RMF) system and application accreditation.Must be able to support the continuous maintenance of the System Security Plan (SSP) which is due annually.Experience performing Independent Security Assessment and Reporting (SAR).Experience performing Security control assessments as part of Continuous Monitoring NIST SP 800-53 compliance sustainment for application, infrastructure, and network.Experience drafting SOPs and technical work instructions including using Microsoft Visio or other topology-related applications.Additional Attributes for Success:
Strong written and verbal communication skills.The successful candidate will be able to communicate technical subjects effectively in both verbal and written mediums to both technical and non-technical audiences.Resourcefulness and problem-solving aptitude.Desire to work in a team environment and strong work ethic
AAP/EEO Statement:DNI complies with all federal, state and local laws designed to protect employees and job applicants from discrimination based on race, religion, color, sex, parental status, national origin, age, disability, genetic information, military service, or other non-merit-based factors.
Other Duties:Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.
Security Analyst
Delaware Nation Investments/Emerging Technologies is seeking a highly qualified and motivated Security Analyst to join our team. We work with the Air Force Sustainment Center (AFSC) located at Tinker AFB, Hill AFB, Robins AFB, and Wright Patterson AFB Advisory & Assistance for cybersecurity, network operations, and system administration for specified informational technology (IT) and operational technology (OT) within the Industrial Depot Maintenance (IDM) and Depot Support Services (DSS) authorizing official (AO) boundary. Network Operations support will include design, implement, and maintain OT networks and connected devices at Tinker, Hill and Robins Air Force bases. Cybersecurity effort will utilize the Risk Management Framework (RMF) per DoDI 8510.01, RMF for DoD Information, AFI 17-101, and RMF for Air Force Information Technology (IT), support AFSC in maintaining RMF compliance under AO guidance and acceptance of risk.
Ability to obtain a security clearance is REQUIRED.
An IAM Level II certification is REQUIRED (ex. CISSP)
This position is 100% onsite.
This is a full time/permanent position with excellent benefits, and outstanding compensation including full medical, dental, 401K vacation and holiday pay.
Responsibilities
Responsibilities:Own and maintain System Security Plans (SSP) for the network infrastructure to comply with NIST 800-53.Document process flow/secure configuration baselines for network engineers to follow while managing and configuring network infrastructure devices (configuration items or CI's)Support/Perform internal compliance audits against controls documented in the SSP's.Manage Plan of Action & Milestones (POAM's) and develop risk mitigations and recommendations for identified security assessment findings.Create and maintain Information Security Contingency Plan (ISCP) for the network infrastructure.Produce complete, accurate, and timely findings reports using client defined templates.Review FedRAMP compliance guidance and apply to the network infrastructure environment.Support the agency with FISMA metrics, reporting and work with network engineers to improve compliance levels.Support the agency with HWAM CDM reporting and work with network engineers to improve compliance levels.Review and analyze needed updates to existing set of security documents (e.g., system boundaries, privacy impact assessments [PIAs], system security plans [SSPs], risk assessments [RAs], memoranda of understanding, interconnection security agreements, contingency plans [CPs], etc.)Review vulnerabilities reported on network infrastructure devices and collaborate with network security engineers to review vulnerability scan results.Review ongoing updates to Federal security requirements agency templates, federal cybersecurity policy, e.g., Office of Management and Budget (OMB) Memorandum, NIST Special Publications, and FedRAMP.Review Federal security requirements/mandates and review new network designs for compliance.Participate in and lead customer briefings with regards to findings of assessments.Participate in the assessments of low, moderate, and high impact information systems to include Cloud services.Establish and maintain professional relationships with clients, customers, and team members and escalate issues when necessary.Qualifications
Required Qualifications:
BS degree in Computer Science or Information Technology and 5 years' experience in a related fieldExperience performing Certification & Accreditation (C&A), Security Assessment & Authorization (SA&A) as part of NIST SP 800-37 Risk Management Framework (RMF) system and application accreditation.Must be able to support the continuous maintenance of the System Security Plan (SSP) which is due annually.Experience performing Independent Security Assessment and Reporting (SAR).Experience performing Security control assessments as part of Continuous Monitoring NIST SP 800-53 compliance sustainment for application, infrastructure, and network.Experience drafting SOPs and technical work instructions including using Microsoft Visio or other topology-related applications.Additional Attributes for Success:
Strong written and verbal communication skills.The successful candidate will be able to communicate technical subjects effectively in both verbal and written mediums to both technical and non-technical audiences.Resourcefulness and problem-solving aptitude.Desire to work in a team environment and strong work ethic
AAP/EEO Statement:DNI complies with all federal, state and local laws designed to protect employees and job applicants from discrimination based on race, religion, color, sex, parental status, national origin, age, disability, genetic information, military service, or other non-merit-based factors.
Other Duties:Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.