Information Assurance Analyst

Program Overview

About The Role

Cyber Protection, Assessment and Authorization, and Risk Management Framework (RMF). Provides cybersecurity functional support for assessments, authorizations, and documentation Enterprise-fielded systems managed by NETCOM HQ. Efforts include using the Enterprise Mission Assurance Support Service (eMASS) to record RMF activities such as control implementation of all applicable security controls as identified via information system security categorization in accordance with National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 and Committee on National Security Systems Instructions (CNSSI) 1253. The number of families and controls will vary depending on the security categorization, the application of overlays (privacy, classified, intel, etc.) and any security control tailoring.
• Adhere to the DoD cybersecurity policy requirements set forth in DoDI 8500.01, “Cybersecurity,” and DoDI 8510.01, “Risk Management Framework (RMF) for DoD Information Technology (IT)” and their successors.
• Provide personnel with knowledge in DoD security hardening, collection, and assessment tools (includes: Security Technical Implementation Guide (STIGs); Assured Compliance Assessment Solution (ACAS) SCAP; Nessus; or other currently Government-approved tools) and expertise with security architectures, firewalls, and network access.
• Possess and retain knowledge of the RMF Knowledge Service - the DoD’s official site for enterprise RMF policy and implementation guidelines.
• Review any RMF activities on behalf of NETCOM ensuring adherence to the operational ETPs and Operations Orders hosted on the US Army Component Workspace – Operations tab of the RMF Knowledge Service. The ETPs provide amplifying guidance and process implementation for the Army regarding RMF.

Qualifications

Basic Qualifications:

• 7 years w/o BS/BA; 5 years with BS/BA; 3 years with MS/MA; 0 years with PhD
• Certifications: DCWF Code 722 Intermediate: Certified Chief Information Security Officer (CCISO) or Certified Cloud Security Professional (CCSP) or Certified in Governance Risk and Compliance (CGRC) or CompTIA Cloud+ or CompTIA Security+ or CompTIA SecurityX (formerly CASP+) or Systems Security Certified Practitioner (SSCP)
• Possess and maintain Secret with the ability to obtain a TS/SCI security clearance
• Ability to conduct vulnerability assessments and monitor networks to support test and operational environment requirements.
• Solid understanding of data transport, encryption, networking, IT systems, and cybersecurity fundamentals

SCA / Union / Intern Rate or Range

Details

Target Salary Range: $80,000 - $128,000. This represents the typical salary range for this position based on experience and other factors.

EEO: Equal opportunity employer, including disability and protected veterans, or other characteristics protected by law.