Information Assurance Compliance Specialist II with Security Clearance - Philadelphia, United States - eScience and Technology Solutions, Inc

    eScience and Technology Solutions, Inc
    eScience and Technology Solutions, Inc Philadelphia, United States

    2 weeks ago

    Default job background
    Description

    Job Summary:
    eScience & Technology Solutions, Inc.

    (eSTS) is looking for an enthusiastic and skilled cleared candidate to join our team to support the Cybersecurity Program in support of Propulsion, Power and Auxiliary Machinery Systems at the Naval Surface Warfare Center in Philadelphia, PA.


    Job Duties & Responsibilities:

    • Collect and collate system or site information and use it to evaluate and document in Enterprise Mission Assurance Support Service (eMASS) the security posture of the Propulsion, Power, & Auxiliary Machinery systems and subsystems being Assessed, Authorized, and maintained.
    • Review security assessment plans, test plans, and procedures to ensure they addresses the correct level of effort and are sufficiently comprehensive to assess all Information Assurance (IA) requirements applicable to the applicable system or site, for assessment, authorization, and maintenance have been met.
    • Optimize A&A and AO testing procedures to ensure the most accurate reporting in the appropriate format and that all IA requirements have been addressed. Evaluate all discrepancies and recommend potential mitigation measures for reducing or eliminating specific risks.
    • Conduct risk and vulnerability assessments of planned and installed systems to identify vulnerabilities, risks and protection needs; conduct systems security evaluation, audits, and reviews; determine the residual risk of a package based on package content and assessment results and documenting for the Security Controls Assessor's (SCA) and higher–level review.
    • Conduct systems security reviews, audits, or evaluations, as appropriate, to ensure accreditation documents are accurate and represent the current risk posture of the system.
    • Work with the Information System Owner/ISSO/System Administrators equivalent to NSWCPD's Information System Security Officer (ISSO) to determine applicable fixes and/or mitigation for weaknesses and to determine the adequate level of residual risk.
    • Perform analysis of logs, events, and reporting of various data collections tools including: vulnerability monitoring via Assured Compliance Assessment System (ACAS) and related tools, Host Based Security Systems (HBSS), web content filters, Security Information and event management (SIEM), firewall systems, network devices, server devices, workstations, and intrusion detection and prevention systems (ID/PS).
    • Assess impacts from observed risks and report via the Cybersecurity Program chain of command.
    • Perform the evaluation of system administrator, security engineer, and/or system owner proposed corrections to ensure compliance and best–fit solution.
    • Present and submit data to management, develop reports, and produce procedural documentation in a comprehensive and cohesive manner.
    • Perform remediation, patching, scanning and associated boundary maintenance risk management and security engineering for RMF Afloat systems.
    • Develop all required eMASS documents, to include Plan of Actions and Milestones (POA&Ms)/ Risk Assessment Reports (RARs) and Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs); products shall be created in the appropriate software (i.e. Microsoft Visio, scanning software, eMASS DISA STIG Viewer, etc.)
    • Determine a system's compliance with all applicable Controls and Assessment Procedures (APs) for an assigned DoN system, including developing the appropriate test procedures, if necessary; executing the test procedures; and accurately documenting the results of security testing. The analysts shall update the eMASS record for the assigned system(s).
    • Document residual risks in a plan of actions and milestones formatted in compliance with the current package system, currently eMASS.
    • Maintain current vulnerability scan data and residual risk plan of actions and milestones in Vulnerability Remediation Asset Manager (VRAM).
    • Track deliverables and action items in accordance with A&A guidance.
    • Manage, attend, and support configuration control board practices.
    • Ensure RMF artifacts are in compliance with published Navy, NAVSEA Business Rules (OPNAV N2N6 and/or NAVSEA), NIST SP–800–37 and SP–800–53 Rev 4. In addition, local NSWCPD policies and procedures may apply. Command Information System Security Manager (ISSM) will resolve any conflicting interpretations;
    • Create and verify the accuracy of POA&Ms/RARs as identified by vulnerability actual test results

    Required Experience:
    Three (3) years of experience in Cybersecurity


    Education Requirement:
    Bachelor's degree (Computer Science, Information Technology, or related technical degree) from an accredited College or University


    Certification Requirements:
    AM1 certification
    Minimum of one of the following certifications to include: CAP, CND, Cloud+, GSLC, Security+ CE

    Clearance Requirement:
    Active

    Secret Security Clearance Company Information:
    eScience & Technology Solutions, Inc. (eSTS) is an engineering and program management services company looking for employees who are success–oriented, professional and customer focused.

    eSTS offers a comprehensive benefits program with options that enable each employee to structure a benefits package tailored to meet his or her family's needs.

    eSTS provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

    #J-18808-Ljbffr