GENERAL SUMMARY: Performs all procedures necessary to ensure the safety of information systems assets and to protect systems from intentional or inadvertent access or destruction.
SPECIFIC DUTIES & RESPONSIBILITIES:
1. DIACAP (DoDI 8510.01) package creation/submittal/validation
2. Platform IT (PIT) Risk Approval (PRA) package creation (IAW NAVSEAINST 9400.2)
3. Reduction of vulnerability assessment tool data through the use of scripting, macros and functions (e.g. Excel macros)
4. Ensure compliance with Federal, DoD and DoN Information Assurance (IA) policies. Incumbent utilizes extensive knowledge of all areas of automation security to establish operating standards and procedures for the IA Program. Determines long-range IA program objectives and develops strategies for achieving those objectives. Periodically evaluates, amends, or redefines major program objectives.
5. Coordinates all certification and accreditation activities within scope of Program Director, IA PM, System IAM and Designated Approving Authorities (DAAs). Disseminates Information Assurance Vulnerability Alerts (IAVAs) to System Administrators (SAs) and Information Assurance Security Officers (IASOs) to ensure IAVAs are received and acknowledged as required. Monitors IAVA compliance and reporting, ensures IS and network security scanning are performed, completed and documented. Ensures patches, hot fixes, and system change packages and AV definition updates are applied utilizing the established change control process. Reports program effectiveness to the program director. Ensures compliance of all program IS to ensure assets are properly reported and scans validated. Reviews risk analysis and accreditation documentation for timeliness, completeness and accuracy and insures that all necessary materials are forwarded for review. Conducts threat and vulnerability assessments to assess and determine effective measures to minimize risks and ensure LAN is operational and secure. Performs day-to-day interface activities with IT management, SAs, IM Officers (IMO), ISSOs/IAOs, IA Managers (IAM) and users involving IA issues and concerns.
1. Assists with implementation of counter-measures or mitigating controls.
2. Ensures the integrity and protection of networks, systems, and applications by technical enforcement of organizational security policies, through monitoring of vulnerability scanning devices.
3. Performs periodic and on-demand system audits and vulnerability assessments, including user accounts, application access, file system and external Web integrity scans to determine compliance.
4. Prepares incident reports of analysis methodology and results.
5. Provides guidance and work leadership to less-experienced technical staff members, and may have supervisory responsibilities.
6. Maintains current knowledge of relevant technology as assigned.
7. Minimal travel expected
EDUCATION AND EXPERIENCE REQUIREMENTS:
1. Bachelor’s Degree in Computer Science or a related technical discipline, or the equivalent combination of education, professional training or work experience.
2. 10-15 years of related experience in data security administration.
3. Required Certifications:
Certified Information Systems Security Professional (CISSP)
Fully qualified Navy Validator (FQNV) Certification
DESIRED SKILLS AND ABILITIES:
1. Advanced knowledge of data security administration principles, methods, and techniques.
2. Knowledge of Operating System hardening and remediation IAW the DISA Security Technical Implementation Guides (STIGs)
3. Information Assurance/Information Security experience with National Security Systems (NSS) to include: US Navy shipboard and land-based Combat Systems; Hull, Mechanical and Electrical (HM&E) systems; or Industrial Control Systems (ICS) in a US Navy environment
4. Ability to evaluate Risk and Threat Analysis of vulnerabilities and exploits as they apply to US Navy shipboard and land-based Combat Systems; Hull, Mechanical and Electrical (HM&E) systems; or Industrial Control Systems in a US Navy environment
5. Knowledge of DoDI 8500.2 Information Assurance Control implementation and validation, from an systems engineering perspective, as applied to National Security Systems (NSS)
6. Experience with use of SCCVI (Retina), SCAP Compliance Checker (SCC) and the DISA STIG Viewer
7. Experience with UNIX and Linux variants
8. Knowledge of Microsoft Networking in the context of system hardening
9. Knowledge of the Microsoft Windows OS registry
Interested personnel should submit an electronic copy of their resume to email@example.com
Requisition No. DELPH08 (please ensure that you reference this number when submitting for this position)