Job ID: 2010996
Location: SAN DIEGO, CA, United States
Date Posted: Oct 12, 2020
Subcategory: Cyber Sec Analyst
Shift: Day Job
Minimum Clearance Required: Secret
Clearance Level Must Be Able to Obtain: Secret
Potential for Remote Work: No
This position supports the Assessment and Authorization (A&A) cybersecurity efforts for NIWC PAC code 82000 to support the Research, Development, Test & Evaluation (RDT&E) network. The Cybersecurity Analyst II will serve as a Risk Management Framework (RMF) Subject Matter Expert (SME) for all network security architectures, designs, implementations, and operations within 3 NIWC Pacific RDT&E systems, networks, and applications. Additionally he/she will provide engineering and technical support for the testing of systems, software, tools and products while identifying operational and functional requirements of new, developing and existing systems and develop a system security approach, which includes but not limited to defining potential threats, vulnerabilities, safeguards, and risk factors.
Roles and associated responsibilities
1. Provide practice of Cloud Computing Security Requirements Guide (SRG) and cloud computing industry best practices; and utilize these tools to assist in the evaluation, research and development of IT cloud security risk assessments, security tools, and implementation plans.
2. Analyze / implement enterprise architecture/design, cloud migration plans, generating auditing reports, performance, interoperability, and functionality.
3. Work with all layers of technology stack (network routing and switching, firewalls, Virtual Private Network (VPNs), load balancers, network and server virtualization, server operating systems, large storage systems, data-exchange interfaces, databases, middleware, web services, and enterprise management tools used to administer all such capabilities).
4. Evaluate risks associated with extending the network boundaries and data migration to a cloud environment.
5. Work on Instances and software lists for the AWS Gov Cloud in the West region under Availability Zone A.
6. Utilize the testing and analysis of IA controls and secure configuration using the Assured Compliance Assessment Solution (ACAS).
7. Monitor software compliance in the DoN Application and Database Management System (DADMS).
8. Policy development and enforcement.
9. Assess information security risks to new projects and non-standard IT requests using risk assessment methodologies.
10. Provide experience of NIST SP 800-53, RMF implementation and provide recommendations in accordance with NIST FIPS 199.
11. Provide a system security approach, which includes defining potential threats, vulnerabilities, safeguards, and risk factors.
12. Develop A&A documentation to include system security plans, system categorization forms, contingency plans, configuration management plans, support and sustainability plans.
13. Utilize eMASS and the process for entering all system packages, artifacts, and supporting documentation.
14. Analyze system configurations per DISA STIG using STIGviewer, SCC, and OpenSCAP.
15. Create network architecture and data-flow diagrams.
16. Must be able to verify both technical and non-technical findings, propose actions to address the findings, develop a tracking process inclusive of performance metrics, and prepare responses or reports demonstrating that the findings have been addressed in the Plans of Action and Milestones (POA&M).
17. Provide continuous monitoring efforts of Program of Records (PORs).
18. Verify accreditation boundary information for POR and the networked systems including accreditation boundary, hardware and software lists, and other Authority to Connect (ATC)-related information.
19. Support the ISSO and ISSM.
Key Skills, Knowledge and Abilities
· Must have high level of understanding of various virtual and cloud services (AWS or Google services)
· Must have experience developing Security Policies/Standard Operating Procedures (SOPs)/Other Documentation.
· Must be able provide analysis of Directives, Policies, Instructions (CTOs, FRAG/TASK/OPORDs, IAVM, PKI Guidance), Impact on RDT&E Network/ VRAM
· Demonstrate experience and processes for reviewing security control implementation down to the Control Correlation Identifier (CCI) level for compliance and provide appropriate guidance to customers developing valid mitigation/ remediation statements.
1. Bachelor's Degree in (STEM), or an Information Technology (IT) related field AND five (5) years of relevant work
experience, OR Associate's Degree in an Information Technology (IT) related field AND eight (8) years of relevant
work experience, OR High School Diploma or equivalent AND ten (10) years of relevant work experience.
2. Commercial certification meeting or exceeding DoD 8570.01M requirements for IAM-3 (CISSP or CISM)
3. Four (4) years of demonstrated experience in Risk Management Framework (RMF)
4. Must have high level of understanding of various virtual and cloud services (AWS or Google services)
5. Must have experience developing Security Policies/Standard Operating Procedures (SOPs)/Other Documentation.
6. Must be able provide analysis of Directives, Policies, Instructions (CTOs, FRAG/TASK/OPORDs, IAVM, PKI Guidance), Impact on RDT&E Network/ VRAM
7. Demonstrate experience and processes for reviewing security control implementation down to the Control Correlation Identifier (CCI) level for compliance and provide appropriate guidance to customers developing valid mitigation/ remediation statements.
SAIC is a premier technology integrator solving our nation's modernization and readiness challenges. Our offerings across defense, space, civilian, and intelligence markets include high-end solutions in engineering, IT, and mission outcomes. We integrate the best components from our portfolio with our partner's ecosystem to deliver innovative and effective solutions. We are 25,500 strong; driven by mission, united by purpose, and inspired by opportunities. Headquartered in Reston, VA, SAIC has annual revenues of nearly $7.1 billion. For information, visit saic.com or Working at SAIC for benefits details. SAIC is an Equal Opportunity Employer empowering people no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, or veteran status. We strive to create a diverse, inclusive and respectful work culture that values all.