Job ID: 2010991
Location: SAN DIEGO, CA, United States
Date Posted: Oct 12, 2020
Subcategory: Cyber Sec Analyst
Shift: Day Job
Minimum Clearance Required: Secret
Clearance Level Must Be Able to Obtain: Secret
Potential for Remote Work: No
is position supports the Assessment and Authorization (A&A) cybersecurity efforts for NIWC PAC code 82000 to support the Research, Development, Test & Evaluation (RDT&E) network. The RDT&E environment allows customers to utilize Navy computers and network infrastructure to develop, test, and certify new systems that are either directly in support of Navy initiatives or support internal or external customer requirements.
Roles and associated responsibilities
· Develop A&A documentation to include system security plans, system categorization forms, contingency plans, configuration management plans, support and sustainability plans, Plans of Action and Milestones (POA&Ms).
· Obtain an Authority to Operate (ATO) in accordance with guidance from the Navy Security Control Assessor (SCA), Navy Authorizing Official (NAO), and DoDI 8510.01 DoD Risk Management Framework (RMF).
· Policy development and enforcement.
· Perform eMASS package development.
· Provide technical, validation, and ISSE support for Assessment and Authorization (A&A) processes.
· Navy Information Assurance Vulnerability Management (IAVM) and Computer Task Order (CTO) process and reporting.
· Provide experience of NIST SP 800-53, RMF implementation and provide recommendations in accordance with NIST FIPS 199.
· Provide metrics gathering/data analysis compliance with all cyber/A&A policies, audits and inspections.
· Automated vulnerability scanning tools
o Assured Compliance Assessment Solution (ACAS) / Tenable Nessus & SecurityCenter
o DISA Security Content Automation Protocol (SCAP) Compliance Checker (SCC)
· Analyze system configurations per DISA STIG using STIGviewer, SCC, and OpenSCAP.
· Monitor software compliance in the DoN Application and Database Management System (DADMS).
Key Skills, Knowledge and Abilities:
· Demonstrate a good understanding of various virtual and cloud services (Good understanding of the AWS services is a plus).
· Cloud+ certification
· Provide Cloud Computing Security Requirements Guide (SRG) and cloud computing industry best practices; and utilize these tools to assist in the evaluation, research and development of IT cloud security risk assessments, security tools, and implementation plans.
· Administration and/or development with:
o Microsoft Windows Operating Systems
o Red Hat Enterprise Linux (RHEL)
o Apache Tomcat
o Cloud-based technologies
1. Bachelor’s Degree in (STEM), or an Information Technology (IT) related field AND two (2) years of relevant work experience, OR Associate's Degree in an Information Technology (IT) related field AND four (4) years of relevant work experience, OR High School Diploma or equivalent AND six (6) years of relevant work experience.
2. Commercial certification meeting or exceeding DoD 8570.01M requirements for IAM-1 (CompTIA Security+)
3. Four (4) years of demonstrated experience in Risk Management Framework (RMF) to include ALL of the
a. Policy development and enforcement
b. eMASS package development
c. Assessment and Authorization (A&A) processes
d. Navy Information Assurance Vulnerability
Management (IAVM) and Computer Task Order (CTO) process and reporting
e. Testing and analysis of IA controls and secure configuration using the Assured Compliance Assessment Solution (ACAS)
f. Analyzing system configuration per DISA STIG using STIGviewer, SCC, and OpenSCAP
4. Demonstrated knowledge of RMF National Institute of Standards & Technology (NIST)
SAIC is a premier technology integrator solving our nation's modernization and readiness challenges. Our offerings across defense, space, civilian, and intelligence markets include high-end solutions in engineering, IT, and mission outcomes. We integrate the best components from our portfolio with our partner's ecosystem to deliver innovative and effective solutions. We are 25,500 strong; driven by mission, united by purpose, and inspired by opportunities. Headquartered in Reston, VA, SAIC has annual revenues of nearly $7.1 billion. For information, visit saic.com or Working at SAIC for benefits details. SAIC is an Equal Opportunity Employer empowering people no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, or veteran status. We strive to create a diverse, inclusive and respectful work culture that values all.