207 Business Park Dr., Ste. 100
VA Beach, VA 23462
Employee Type: Full-Time
Location: Washington, DC
Job Type: ISSE
Experience: 3+ Years
Clearance Type: Secret
AERMOR is seeking the support the CIO, ISSM, ISSO, and validator with the maintenance and enhancement of Navy Band systems and architecture to achieve and maintain Certification and Accreditation or other DOD compliance requirements.
- Perform Information Assurance tasks required for DIACAP Certification & Accreditation (C&A) and RMF Assessment & Authorization (A&A) processes for USNB systems. (Systems include, but are not limited to Macintosh and Windows workstations/laptops, Apple iPads, routers, switches, live streaming and audio-visual peripheral and embedded equipment, public-facing internet-connected, network-connected and cloud-based systems.)
- Perform system configuration, testing, and develop documentation to be used in the DIACAP/RMF overall process.
- Support the Navy Band Command Information Officer (CIO), Information System Security Manager (ISSM), and Information System Security Officers (ISSO), in review and analysis of information assurance/cybersecurity task orders, policies, Cybersecurity Inspections (CSI), and directives; attend ad-hoc meetings, as required by CIO/ISSM.
- Perform Information System Security Engineer (ISSE) tasks and support Navy Band ISSM/ISSO in support of DIACAP/RMF process for Navy Band Stand-alone systems or internet-based, or cloud-based systems.
- Install software and hardware to maintain compliance with DOD requirements, remediate cybersecurity vulnerabilities, and perform break/fix to support system owners/users on for Apple Macintosh, IOS, and Microsoft Windows machines.
- Execute the Assured Compliance Assessment Solution (ACAS) tool, the Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs), SCAP, Security Requirements Guides (SRGs), and additional testing as required or documented by DIACAP/RMF.
- Implement security controls as directed by the Navy Security Control Assessor (SCA) & Navy Authorizing Official (NAO) Cybersecurity Authorization & Assessment (A&A) testing guidance.
- Assist the Validator in the development of the Security Authorization Package; including the creation of all artifacts required for DIACAP/RMF for authorizations with a goal of full Authority to Operate (ATO).
- Assist the fleet band activities with maintaining required security updates to systems not centrally located at the Washington Navy Yard. Create and maintain security practices documentation to standardize system administration and maintenance across the various Navy Band field activities.
- Enter and keep up to date the Security Authorization Package, security controls, and required artifacts into eMASS.
- Participate in DIACAP/RMF meetings and collaboration sessions with Navy Band activities, Echelon II, Navy’s Authorizing Official (NAO) and Security Control Assessor (SCA), and SCA Liaison.
- Working with the Navy Band ISSM/ISSO and the validator, ensure that the actions required by the Plan of Action and Milestone (POA&M) are implemented appropriately to ensure the continued risk and security posture of Navy Band systems.
- Support the periodic documentation of any DOD/DON waivers or reporting requirements, as required (e.g. HBSS, PKI, PPSM, or GIG).
- Stay current with cybersecurity policies, directives, and task orders; support USNB in the technical execution of new cybersecurity directives, as required.
- Provide System Administrator support to the Navy Band Washington DC headquarters and Navy Fleet Band Activities, including configuration maintenance, system hardening, and fielding ad-hoc support requests.
- Provide and maintain hardened system images for both the Headquarters and Fleet Band public affairs office (PAO) and audio system laptops. Provide technical support to HQ and Fleet Band staff as necessary.
- Provide training to both HQ and Fleet Navy Band musician staff, in system hardening, vulnerability scanning, and cybersecurity system lifecycle maintenance for Apple Macintosh, IOS, and Microsoft Windows machines
- Support CIO/ISSM during fielding of new technology, to include providing Navy Cyber Security Impact, Security Evaluation, and Technology Recommendations.
Required Skills and Experience:
- 3 years of experience with system/network administration and IT asset management.
- Documented experience with the DoD Risk Management Framework (RMF) process working on Department of the Navy (DON) systems.
- Experience applying system and/or network updates where necessary to comply with update security notices and requirements for Certification and Accreditation.
- Serve as experts in full performance of all Information System Security Engineering (ISSE)/System Administration tasks on day one as they will be primary cybersecurity staff at the command
For more information contact: firstname.lastname@example.org
Information System Security Engineer