|
|||||
<
/td>
|
Job Description: Information Assurance AnalystFairfax, VA Longterm Arena Technical, LLC salaried position Must be a US citizen - a current security clearance a strong plus Must be local to the DC area Must undergo a DoD Information Technology (IT) I public trust background check. (A Top Secret clearance can be accepted in lieu of IT I) Job Description Information Assurance Analyst reporting to the Information Assurance (IA)Manager. Responsibilities include working with the IA Manager and project staff to maintain and continuously improve the security posture through ongoing vulnerability management, compliance monitoring, and implementation of security plans and processes. Qualification/Labor Requirements for Information Assurance Analyst: Education Requirements: The candidate must meet the following minimum education and/or related experience requirements: ·Ô9 years of information assurance/information security experience ·ÔBachelor's degree with 5 years of information assurance/information security experience ·ÔMaster’s degree with 3 years of information assurance/information security experience Labor Description: This position requires a minimum of 5 years experience in information assurance/information security and requires a self-starter with excellent writing, communication, and organizational skills. This IA Analyst will assist and work with the Security Manager in performing a broad range of IA activities associated with maintaining and enhancing the security posture and maintaining the system’s Authority to Operate. Specific responsibilities may include, but are not limited to: ·ÔFacilitating and/or performing vulnerability scans of system components using DoD-approved vulnerability scanning tools such as Defense Information Systems Agency (DISA) Security Readiness Review (SRR) scripts and DoD’s Secure Configuration Compliance Validation Initiative (SCCVI) tool (Retina) ·ÔDeveloping plans of actions and milestones (POA&Ms) and/or risk assessments for identified vulnerabilities, and working with the Operations team to track the execution of POA&M items to completion ·ÔTracking and maintaining the vulnerability status of assets in the DoD Vulnerability Management System (VMS) ·ÔSupporting certification and accreditation (C&A)activities in accordance with the DoD Information Technology Certification and Accreditation Process (DIACAP), including conducting ongoing monitoring of compliance with required IA controls as defined in DoD Instruction 8500.2 (Information Assurance Implementation) and collection, organization, and update of artifacts to document compliance with those controls ·ÔMonitoring DoD and vendor security advisories, and working with the Operations team to ensure necessary patches/upgrades are applied in a timely fashion ·ÔAssessing the security impact/risk of proposed changes to the system, software, or architecture to ensure the security posture is maintained as the system continues to evolve ·ÔSupporting security incident analysis, reporting, and response activities ·ÔSupporting the implementation, configuration, monitoring, and/or maintenance of intrusion detection/prevention systems and other security monitoring tools ·ÔDeveloping standard operating procedures and plans as required to maintain the security posture and ensure compliance with required DoD IA controls The candidate will demonstrate strong independent analysis, organizational, and conceptual skills, and must be able to manage multiple tasks and meet scheduled dates. The IA Analyst must be able to adapt in a rapidly changing environment, be a fast learner, and self-starter. Excellent written and communication skills are required, and the candidate must be able to work effectively both independently and within groups. Requirements: §ÔExperience in UNIX and Windows system security, to include knowledge and experience in configuring these systems for secure operation §ÔExperience in TCP/IP network security §ÔExperience with use of security vulnerability assessment/testing tools §ÔExperience in identifying, monitoring, and tracking security vulnerabilities and assessing their impact on systems, to include identifying and tracking required corrective actions §ÔUnderstanding of DoD IA requirements as well as commercial best practice §ÔQualifying IA certification for an Information Assurance-Technical or Management Level II position (Security+, GSEC, SCNP, SSCP, GSLC, CISM, or CISSP) as defined in DoD 8570.01-M, or commitment to obtain a qualifying certification by 12/31/10 §ÔMust be a US citizen §ÔMust undergo a DoD Information Technology (IT) I public trust background check. (A Top Secret clearance can be accepted in lieu of IT I) §ÔMinimum 5 years IA/security experience §ÔExcellent written and oral communication skills Assets: §ÔExperience running and analyzing results of DISA System Readiness Review (SRR) scripts, Retina/SCCVI, Nessus, and similar security vulnerability testing tools §ÔExperience with DOD Vulnerability Management System (VMS) §ÔFamiliarity with the DoD Information Assurance Certification & Accreditation Process (DIACAP), DoDI 8500.2 IA controls, and DISA Security Technical Implementation Guidelines (STIGs) §ÔUnderstanding of database (Oracle) and web application security vulnerabilities and best practices §ÔUnderstanding of public key infrastructures (PKI) §ÔExperience conducting risk assessments and performing certification and accreditation activities in accordance with the DIACAP §ÔExperience with implementation, configuration and/or monitoring of Snort, Enterasys Dragon, or other intrusion detection/prevention systems §ÔExperience with implementation, configuration and/or monitoring of Tripwire or similar compliance/baseline monitoring tools
An Equal Opportunity Employer M/F/D/V |
||||||||||||||
|
||||||||||||||
|
