Chenega Corporation Information Assurance Officer in Alexandria, Virginia
The Information Assurance Officer will provide expert consultation with the securing of computer and network communications systems.
Provide IA support to the networks.
Perform system administration functions as necessary with Windows Operating Systems (Windows Server 2003 - 2012).
Perform scans and provide security posture reporting as well as vulnerability remediation and analysis.
Develop and assess security documentation using C&A process documents as guides (AR 25-2, AR 380-5, DoD 8500.2, DoD 8510.01, DCID 6/3, NIST 800-37, 800-53).
Review and analyze audit logs for potential security incidents on a periodic basis.
Develop audit reports and alerts using an audit collection tool.
Apply STIG documentation to deployed and development systems.
Ensure implementation of IAVM dissemination, reporting, and compliance procedures.
Ensure all users meet the requisite favorable security investigations, clearances, authorization, need-to-know, and security responsibilities before granting access to the IS.
Ensure log files and audits are maintained and reviewed for all systems and that authentication (for example, password) policies are audited for compliance.
Prepare, distribute, and maintain plans, instructions, and SOPs concerning system security.
Maintain and document CM for IS software (including IS warning banners) and hardware.
Ensure system recovery processes are monitored and that security features and procedures are properly restored.
Maintain current software licenses and ensure security related documentation is current and accessible to properly authorized individuals.
Support and assist tenant IAMs or the installation IAM if no tenant IAM exist.
Report security violations and incidents to the servicing RCERT in accordance with Section VIII Incident and Intrusion Reporting.
Other duties as assigned
High school diploma or GED required.
3+ years of direct, hands-on experience in the performance of Information Assurance support
Experience to include analysis, design, and implementation of security procedures of hardware and software on complex, large-scale systems in an enterprise environment
DoD 8570 IAM I certified
Knowledge, Skills and Abilities
Bachelor’s degree prefered in an IT related field is also preferred.
CISSP, CAP, CISA, and CCNA security are preferred, but not required
Knowledge of the RMF accreditation process used by the Army and DoD
Knowledge of the process of the Risk Management Framework Analysis and Accreditation A&A and how to perform these capabilities
Knowledge of how to perform and complete the RMF STEPS 1-6 processes and knowledge of who is responsible for completing the tasking in these RMF Steps 1-6
Knowledge of Amazon Web Services (AWS) Cloud and the accreditation process
Knowledge of the duties and responsibilities of an Information System Security Officer (ISSO)
Knowledge of how to perform an Annual Security Review (ASR) for the systems yearly process
Have knowledge of the NIST Publications that relates to performing the RMF accreditation process
Knowledge of eMASS Database and it’s functionalities
Knowledge of STIGs/Checklist and how to review in STIG Viewer
Know how to create and update the system’s Plan of Action and Milestones (POAMs)
Knowledge of writing documentations and requirements for the RMF accreditation process
Knowledge and experience with current DOD and Army IA policies and procedures, RMF certification and accreditation procedures and requirements, APMS reporting procedures, and an understanding of the unique acquisition community IA issues
Working knowledge and access to the Army Portfolio Management System (APMS) and the ability to lead and oversee the Program Protection Planning (PPP) and Security Classification Guide development and production for developmental and production systems
Knowledge and experience in the security sub-disciplines supporting Army IA, certification and accreditation, IA security testing and security management for both developmental and production systems, including but are not limited to Communications Security, Physical Security, OPSEC, Risk Assessments, Personnel Security, Tempest, Network Security, Security Inspections and User Training
Must have advanced working knowledge of a variety of computer software applications in word processing, spreadsheets, database (MS Word, Excel, Access, PowerPoint), and Outlook
Familiarity with Army and DoD regulations concerning IA implementation
Ability to work well independently and as part of a team
#Chenega Decision Sciences, LLC