207 Business Park Dr., Ste. 100
VA Beach, VA 23462
Employee Type: Full-Time
Location: Suffolk, VA
Job Type: Information Systems Security Engineer
Experience: 3+ Years
Clearance Type: Secret (Top Secret/SCI Eligible)
AERMOR is seeking qualified candidates who will develop and manage Certification & Accreditation (C&A) in accordance with the RMF process. Will identify and implement system security controls. Perform system security assessments utilizing DOD standard tools that include STIG Viewer and SCAP Compliance Checker (SCC). Monitor cyber security compliance for all systems using tools which include but are not limited to the Enterprise Mission Assurance Support Service (eMASS), Vulnerability Remediation Asset Manager (VRAM), and Assured Compliance Assessment Solution (ACAS).
- Creates, reviews, updates, and validate Cybersecurity Standard Operations Procedures (SOPs) as required.
- Reviews and maintains an inventory of authorized software (software custodian)
- Reviews and maintains an inventory of devices and media
- Audits and validates configurations deployed on laptops, workstations, and servers
- Audits and validates configurations of network devices based on DISA STIGs or defining and implementing compensating controls of such STIGs as required to ensure mission execution.
- Maintain and update all Risk Management Framework (RMF) and C&A
- Conduct comprehensive annual RMF package reviews to ensure continued compliance
- Ensure traceability is maintained throughout the RMF submission process (e.g.: C&A Plan, POAM, RAR, Topology, Software, Ports Protocols and Services, Test Plan).
- Maintain network and system documentation in DITPR-DON / DADMS.
- Maintain documentation and registration of Network Ports, Protocols, and Services.
- Maintain circuit registrations in Global Interconnection Approval Process System (GIAP) and Systems/Network Approval Process (SNAP).
- Maintain and report on the status of all outstanding C&A items and supporting documentation.
- As a member of the Configuration Control Board (CCB), ensures CCB approved changes are timely and accurately reflected in the C&A documentation.
- Support compliance validation of current and future directives (e.g.: IAVs, STIGs, CTOs).
- Provide recommendations for corrective action of any non-compliant security controls.
- Execute DISA STIG validations for systems in conjunction with C&A package reviews annually.
- Provide security expertise to ensure security controls are implemented and the resulting documentation and artifacts are current.
- Prepare reports on scanning results and configuration management observations monthly.
- Document assessment activities and results in sufficient detail to enable external review of all assessment processes, activities, results, and conclusions.
- Conduct and document a semi-annual tabletop exercise (two times) each calendar year.
- Produce test plans, draft after actions and other documents for review and comment.
- Review and/or revise Business Impact Analysis (BIA) to include business process, IT dependency, and physical security assessments annually.
- Review and analyze IT contingency / disaster recovery plans for NIST and DoN compliance and produce checklists for IT systems.
- Assist with exercise and/or training and documentation of IT contingency plan and execution.
Required Skills and Experience:
- Must have experience in IT support
- 1 to 3 years of experience with Assured Compliance Assessment System (ACAS) and/or Nessus
- 3 to 5 years of Certification and Accreditation (C&A) package assembly experience
- Risk Management Framework (RMF) training and certification is desired
- STEM Bachelor’s Degree OR CompTIA Security + CE
- Experience: 3+ years of related IT experience
For more information contact: email@example.com