ASTRION, INC.
Information Assurance Support Analyst
ASTRION, INC., Rockville, Maryland, us, 20849
Information Assurance Support Analyst
Job Locations
US-MD-Rockville
Requisition Number
2024-18525
# of Openings
1
Category
Information Technology
Overview
Information Assurance Support AnalystBe the Difference
Astrion offers comprehensive services that boost preparedness, optimize performance, and ensure success across various domains, from Cyber to Digital, Mission and Systems, servicing our nation's Civilian, Defense and Space communities. We support customers with Centers of Excellence in Washington DC, Huntsville, AL and Burlington, MA with an additional 36 locations across the U.S.Astrion has an exciting opportunity for a
Information Assurance Support Analyst for the NRC-CPSS Contract,
supporting the
Civilian Division.JOB DETAILSLOCATION:
50% on-site. Must live in the DMV area for occasional customer meetings in Rockville, MD. These meetings could be last minute requests.JOB STATUS:
FTTRAVEL:
10% Occasional Domestic TravelLOCATION:
Rockville, MDJOB STATUS:
Hybrid: 50% on-siteTRAVEL:
10%; Occasional Domestic Travel
REQUIRED QUALIFICATIONS / SKILLSBA/BS or 5 years additional equivalent experience
6 years IT experience, with 4 years specialized in Information AssuranceSecret Clearance; the ability to obtain an NRC Security Clearance; US citizenship requiredMust hold at least one of the following certifications: CompTIA Security+, CISSP, ISACA CISA, GIAC GSEC, GIAC GSNA, GIAC GPEN, CEH, CAP, CASP+, CRISC, or CCSKDESIRED QUALIFICATIONS / SKILLSA strong understanding of FISMA and NIST Special Publications, especially NIST SP 800-37 and NIST SP 800-53Excellent written and oral communication skills; attention to detail is a mustExperience with vulnerability scanning tools, such as Tenable Security CenterWorking knowledge of DISA STIGs, SCAP content/ audit files, and CIS BenchmarksUnderstanding of cloud service models (SaaS, PaaS, IaaS) and protections as described in FedRAMP security documentationExperience reviewing FedRAMP authorization packages and understanding how to ensure customer responsibilities are addressed in accordance with the shared responsibility modelExperience with performing technical architecture reviews of complex systems with a strong understanding of a system's authorizationKnowledge of major cloud platforms (Azure/ Amazon Web Services [AWS]), virtualization, networking devices (e.g., routers and switches), web services (e.g., IIS, Apache Tomcat), network security appliances (e.g., firewalls, VPNs), databases (e.g., Microsoft SQL), and intrusion prevention/ anti-malware softwareKnowledge of system and application security threats and vulnerabilitiesProficiency with Microsoft Office applicationsAbility to prioritize and complete tasks efficiently and effectivelyComfortable working individually and as part of a teamScripting ability (e.g., PowerShell, VBA) is a plus
RESPONSIBILITIES
Work closely with all levels of personnel, including system administrators, Information System Security Officers (ISSOs), and Authorizing Official (AO), to support FISMA systems through the Security Assessment & Authorization (SA&A)Assess the confidentiality, integrity, and availability impact levels of information stored, possessed, and transmitted by systems to determine the FIPS 199 security categorizationDevelop and maintain system security documentation throughout all phases of the NIST Risk Management Framework (RMF). This includes security categorizations, digital identity risk assessments, system security plans, system policy and procedures, privacy impact assessments, contingency plans, configuration management plans, incident response plans, vulnerability assessment reports, deviation requests, and any other documents necessary to support systems' authorization and continuous monitoringAnalyze risks identified during security control assessments and continuous monitoring activities in accordance with NIST SP 800-30. This includes making a determination regarding the likelihood and impact of the risk being exploited, along with a supporting rationale, and providing recommendations for mitigation/remediationPerform and document the results of vulnerability scans and configuration compliance checks against configuration standards such as DISA STIGs and CIS BenchmarksAnalyze FedRAMP security packages to document and assess customer responsibility for cloud-basedAssist in the review of monthly continuous monitoring deliverables produced by Cloud Service Providers (CSPs) and annual assessments (produced by third party assessors [3PAOs]) in support of FedRAMP requirements to ensure that cloud services maintain an appropriate riskCreate, track, and manage system Plans of Action and Milestones (POA&Ms)Attend project meetings and collaborate with stakeholders to ensure security is addressed throughout the entire system lifecycle
What We Offer
Competitive salariesContinuing education assistanceProfessional development allotmentMultiple healthcare benefits packages401K with employer matchingPaid time off (PTO) along with a federally recognized holiday schedule
Who We Are
At Astrion, we innovate, elevate, and shape the world of tomorrow. At our core is our purpose to "Be the Difference". This means we encourage our employees to take action and be the driving force for positive change. We foster an environment where innovative solutions flourish and our company continuously evolves.We have a culture of care, empathy, and making a tangible difference within our organization and communities. We embrace continuous learning, growth, and innovation, and pushing the boundaries of what's possible. We promote collaboration and empowering our teams is at the core of our success.
Join Astrion and Be the Difference in your career and the world!
Astrion is an Equal Employment Opportunity/Affirmative Action Employer. We provide equal employment opportunities to all employees and applicants for employment and prohibit discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.
This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.#LI-CK1
Job Locations
US-MD-Rockville
Requisition Number
2024-18525
# of Openings
1
Category
Information Technology
Overview
Information Assurance Support AnalystBe the Difference
Astrion offers comprehensive services that boost preparedness, optimize performance, and ensure success across various domains, from Cyber to Digital, Mission and Systems, servicing our nation's Civilian, Defense and Space communities. We support customers with Centers of Excellence in Washington DC, Huntsville, AL and Burlington, MA with an additional 36 locations across the U.S.Astrion has an exciting opportunity for a
Information Assurance Support Analyst for the NRC-CPSS Contract,
supporting the
Civilian Division.JOB DETAILSLOCATION:
50% on-site. Must live in the DMV area for occasional customer meetings in Rockville, MD. These meetings could be last minute requests.JOB STATUS:
FTTRAVEL:
10% Occasional Domestic TravelLOCATION:
Rockville, MDJOB STATUS:
Hybrid: 50% on-siteTRAVEL:
10%; Occasional Domestic Travel
REQUIRED QUALIFICATIONS / SKILLSBA/BS or 5 years additional equivalent experience
6 years IT experience, with 4 years specialized in Information AssuranceSecret Clearance; the ability to obtain an NRC Security Clearance; US citizenship requiredMust hold at least one of the following certifications: CompTIA Security+, CISSP, ISACA CISA, GIAC GSEC, GIAC GSNA, GIAC GPEN, CEH, CAP, CASP+, CRISC, or CCSKDESIRED QUALIFICATIONS / SKILLSA strong understanding of FISMA and NIST Special Publications, especially NIST SP 800-37 and NIST SP 800-53Excellent written and oral communication skills; attention to detail is a mustExperience with vulnerability scanning tools, such as Tenable Security CenterWorking knowledge of DISA STIGs, SCAP content/ audit files, and CIS BenchmarksUnderstanding of cloud service models (SaaS, PaaS, IaaS) and protections as described in FedRAMP security documentationExperience reviewing FedRAMP authorization packages and understanding how to ensure customer responsibilities are addressed in accordance with the shared responsibility modelExperience with performing technical architecture reviews of complex systems with a strong understanding of a system's authorizationKnowledge of major cloud platforms (Azure/ Amazon Web Services [AWS]), virtualization, networking devices (e.g., routers and switches), web services (e.g., IIS, Apache Tomcat), network security appliances (e.g., firewalls, VPNs), databases (e.g., Microsoft SQL), and intrusion prevention/ anti-malware softwareKnowledge of system and application security threats and vulnerabilitiesProficiency with Microsoft Office applicationsAbility to prioritize and complete tasks efficiently and effectivelyComfortable working individually and as part of a teamScripting ability (e.g., PowerShell, VBA) is a plus
RESPONSIBILITIES
Work closely with all levels of personnel, including system administrators, Information System Security Officers (ISSOs), and Authorizing Official (AO), to support FISMA systems through the Security Assessment & Authorization (SA&A)Assess the confidentiality, integrity, and availability impact levels of information stored, possessed, and transmitted by systems to determine the FIPS 199 security categorizationDevelop and maintain system security documentation throughout all phases of the NIST Risk Management Framework (RMF). This includes security categorizations, digital identity risk assessments, system security plans, system policy and procedures, privacy impact assessments, contingency plans, configuration management plans, incident response plans, vulnerability assessment reports, deviation requests, and any other documents necessary to support systems' authorization and continuous monitoringAnalyze risks identified during security control assessments and continuous monitoring activities in accordance with NIST SP 800-30. This includes making a determination regarding the likelihood and impact of the risk being exploited, along with a supporting rationale, and providing recommendations for mitigation/remediationPerform and document the results of vulnerability scans and configuration compliance checks against configuration standards such as DISA STIGs and CIS BenchmarksAnalyze FedRAMP security packages to document and assess customer responsibility for cloud-basedAssist in the review of monthly continuous monitoring deliverables produced by Cloud Service Providers (CSPs) and annual assessments (produced by third party assessors [3PAOs]) in support of FedRAMP requirements to ensure that cloud services maintain an appropriate riskCreate, track, and manage system Plans of Action and Milestones (POA&Ms)Attend project meetings and collaborate with stakeholders to ensure security is addressed throughout the entire system lifecycle
What We Offer
Competitive salariesContinuing education assistanceProfessional development allotmentMultiple healthcare benefits packages401K with employer matchingPaid time off (PTO) along with a federally recognized holiday schedule
Who We Are
At Astrion, we innovate, elevate, and shape the world of tomorrow. At our core is our purpose to "Be the Difference". This means we encourage our employees to take action and be the driving force for positive change. We foster an environment where innovative solutions flourish and our company continuously evolves.We have a culture of care, empathy, and making a tangible difference within our organization and communities. We embrace continuous learning, growth, and innovation, and pushing the boundaries of what's possible. We promote collaboration and empowering our teams is at the core of our success.
Join Astrion and Be the Difference in your career and the world!
Astrion is an Equal Employment Opportunity/Affirmative Action Employer. We provide equal employment opportunities to all employees and applicants for employment and prohibit discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.
This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.#LI-CK1