No more applications are being accepted for this job
- Collect and collate system or site information and use it to evaluate and document in Enterprise Mission Assurance Support Service (eMASS) the security posture of the Propulsion, Power, & Auxiliary Machinery systems and subsystems being Assessed, Authorized, and maintained.
- Review security assessment plans, test plans, and procedures to ensure they addresses the correct level of effort and are sufficiently comprehensive to assess all Information Assurance (IA) requirements applicable to the applicable system or site, for assessment, authorization, and maintenance have been met.
- Optimize A&A and AO testing procedures to ensure the most accurate reporting in the appropriate format and that all IA requirements have been addressed
- Conduct risk and vulnerability assessments of planned and installed systems to identify vulnerabilities, risks and protection needs; conduct systems security evaluation, audits, and reviews; determine the residual risk of a package based on package content and assessment results and documenting for the Security Controls Assessor's (SCA) and higher-level review.
- Conduct systems security reviews, audits, or evaluations, as appropriate, to ensure accreditation documents are accurate and represent the current risk posture of the system.
- Work with the Information System Owner/ISSO/System Administrators equivalent to NSWCPD's Information System Security Officer (ISSO) to determine applicable fixes and/or mitigation for weaknesses and to determine the adequate level of residual risk.
- Perform analysis of logs, events, and reporting of various data collections tools including: vulnerability monitoring via Assured Compliance Assessment System (ACAS) and related tools, Host Based Security Systems (HBSS), web content filters, Security Information and event management (SIEM), firewall systems, network devices, server devices, workstations, and intrusion detection and prevention systems (ID/PS).
- Assess impacts from observed risks and report via the Cybersecurity Program chain of command.
- Perform the evaluation of system administrator, security engineer, and/or system owner proposed corrections to ensure compliance and best-fit solution.
- Present and submit data to management, develop reports, and produce procedural documentation in a comprehensive and cohesive manner.
- Perform remediation, patching, scanning and associated boundary maintenance risk management and security engineering for RMF Afloat systems.
- Develop all required eMASS documents, to include Plan of Actions and Milestones (POA&Ms)/ Risk Assessment Reports (RARs) and Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs); products shall be created in the appropriate software (i.e
- Determine a system's compliance with all applicable Controls and Assessment Procedures (APs) for an assigned DoN system, including developing the appropriate test procedures, if necessary; executing the test procedures; and accurately documenting the results of security testing
- Document residual risks in a plan of actions and milestones formatted in compliance with the current package system, currently eMASS.
- Maintain current vulnerability scan data and residual risk plan of actions and milestones in Vulnerability Remediation Asset Manager (VRAM).
- Track deliverables and action items in accordance with A&A guidance.
- Manage, attend, and support configuration control board practices.
- Ensure RMF artifacts are in compliance with published Navy, NAVSEA Business Rules (OPNAV N2N6 and/or NAVSEA), NIST SP and SP Rev 4
- Create and verify the accuracy of POA&Ms/RARs as identified by vulnerability actual test results
Information System Security Specialist III with Security Clearance - Philadelphia, PA, United States - eScience and Technology Solutions, Inc
Description
Job Summary:
eScience & Technology Solutions, Inc
(eSTS) is looking for an enthusiastic and skilled cleared candidate to join our team to support the Cybersecurity Program in support of Propulsion, Power and Auxiliary Machinery Systems at the Naval Surface Warfare Center in Philadelphia, PA
Job Duties & Responsibilities:
Command Information System Security Manager (ISSM) will resolve any conflicting interpretations;
Required Experience:
Five (5) years of professional experience performing analysis of logs and events, and of various data collection tools
Experience automating processes through scripting and assessing impacts from observed risks and present the findings through the chain-of-command
Education Requirement:
Bachelor's degree in a technical related discipline Certification Requirements:
Minimum Certification:
IAM2 certification
Minimum of one of the following certifications to include: CAP, CASP+CE, CISM, CISSP (or Associate), GSLC or CCISO Clearance Requirement:
Active Secret Security Clearance COMPANY INFORMATION:
eScience & Technology Solutions, Inc
(eSTS) is an engineering and program management services company looking for employees who are success-oriented, professional and customer focused
eSTS offers a comprehensive benefits program with options that enable each employee to structure a benefits package tailored to meet his or her family's needs
eSTS provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.