StraCon Services Group, LLC is seeking a Principal Cyber Security and Information Assurance Analyst, Journeyman to support our NAVAIR customer in Patuxent River MD. The Principal Cyber Security and Information Assurance Specialist will be responsible for but no limited to the following requirements. Essential Job Duties:
• Incumbent will report to the PMA Lead ISSO under the direction of the ISSM.
• He/she will report to the ISSO Lead via the ISSM to successfully complete specific Navy Qualified Validator (NQV) or Information System Security Officer (ISSO) tasks, produce work products and services, and meet program objectives. • As a team member, the employee is a primary resource person in his/her specialty area and is expected to carry out the work assignments. • Work requires coordination with other specialists, project members, and other work groups at the activity. Assignments may require travel to other commands and contractor plants.
Navy Qualified Validator (NQV) Tasks:
• Perform security reviews, identify gaps in security architecture, and develop a security risk management plan.
• Performs risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change.
• Plan and conduct security authorization reviews and assurance case development for initial installation of systems and networks.
• Review authorization and assurance documents to confirm that the level of risk is within acceptable limits for each software application, system, and network.
• Verify and update security documentation reflecting the application/system security design features.
• Verify that application software/network/system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations.
• Participate in Risk Governance process to assess security risks, mitigations, and provide input on other technical risk.
• Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc
• Assure successful implementation and functionality of security requirements and appropriate information technology (IT) policies and procedures that are consistent with the organization's mission and goals.
• Define and document how the implementation of a new system or new interfaces between systems impacts the security posture of the current environment.
• Ensure that security design and cybersecurity development activities are properly documented (providing a functional description of security implementation) and updated as necessary.
• Support necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs).
• Ensure that all acquisitions, procurements, and outsourcing efforts address information security requirements consistent with organization goals.
• Assess the effectiveness of security controls.
• Assess all the configuration management (change configuration/release management) processes.
ISSO Tasks:
• An ISSO supports and contributes to the overall effectiveness of the Cyber Security program for command acquisition projects. This requires recognized technical expertise in Cyber Security functional areas, and ability to integrate this expertise with broad knowledge of the mission, objectives and operations of the component served. The work may require the ability to lead a team of Cyber Security functional specialists for specific tasks/products and to collaborate with varying teams to integrate Cyber Security principals and methods into the target system development lifecycle.
Cyber Security Management:
• Suggests and implements Cyber Security methods/techniques for the supported program, including considering the needs of external partners (e.g., vendors). Ensures consideration of Cyber Security issues in staff meetings/program reviews/other discussions of work status/progress. Participates in the formal/informal training of new/existing team members.
• Researches and provides Lead ISSO/ISSM with information/support/suggestions on Cyber Security requirements for proposed IT acquisitions. Works collaboratively with cyber security and acquisition team members to define/review/provide critical and constructive feedback for optimized system design strategies.
• As a cyber security specialist, monitors the compliance with Cyber Security policies/procedures/documentation requirements, and the security/integrity of IT/IM systems. Supports announced/unannounced security site surveys/inspections to ensure/verify adherence to A&A (Assessment & Authorization) documentation and Cyber Security regulations. Supports activities of external auditors.
• Monitors all Cyber Security plans/programs/processes, ensuring IT assets operate at optimized levels of security and are responsive to the rapidly-changing operational security requirements. Communicates corrective action recommendations to the Cyber Security team members.
• Responds to specific Cyber Security initiatives. Reviews/drafts/supports Cyber Security policies/processes that may be associated with such initiatives and provides timely/appropriate responses.
Assessment and Authorization:
• Applies specialized knowledge of Assess & Authorization (A&A) regulatory and policy directives to ensure appropriate security analyses, standards, and measures are integrated into IT procurement plans and processes, and Functional Area Management (FAM) processes.
• Provides technical support to IT acquisition managers' preparation of various IT acquisition C&A-related documentation. Consults with customers to support the development of technical processes, procedures and solutions to address the Cyber Security requirements of IT applications, systems and networks. Reviews proposed Cyber Security strategies and designs and identifies potential security vulnerabilities and deficiencies and makes recommendations to resolve them.
• Cyber Security specialist for the development of A&A documentation for all aspects of IT systems such as legacy and RDT&E networks, Platform IT, enterprise business systems, and other systems as necessary. Assists the ISSM in responding to any inquiries received from higher-echelon review authorities regarding Cyber Security-related elements of submitted documentation.
• Prepares and inputs information into the A&A tracking tools for the NAWCAD/NAVAIR Enterprise or other tool as required. Updates the database to keep information current on Cyber Security status of assigned systems. Assists in maintaining a repository of all system accreditation or certification documentation and modifications in accordance with configuration management (CM) policies and practices.
• After Interim Authority to Operate (IATO)/Authority to Operate (ATO) has been achieved, monitors use of subject IT applications to ensure that only those assets are employed. Participates in and supports periodic system re-accreditation reviews and annual verification & validation activities. Also supports investigations of possible incursions into accredited IT applications.
Travel Requirements:
• Potential Travel 3-4 times per year
Experience Requirements:
• A minimum of 3 years of professional experience in Information Assurance and Risk Management
• Applicant must have working level experience utilizing Enterprise Mission Assurance Support Service (eMASS).
• eMASS is a government owned web-based application with a broad range of services for comprehensive fully integrated cybersecurity management. Features include dashboard reporting, controls scorecard measurement, and the generation of a system security authorization package. eMASS provides an integrated suite of authorization capabilities and prevents cyber attacks by establishing strict process control mechanisms for obtaining authorization decisions. Education and Certification Requirements:
• Bachelor's Degree
• Allowable Substitution: Associates Degree and an additional 2 years’ experience or no degree and an additional 4 of years’ experience.
Security Requirements:
• U.S. Citizenship required.
• Must be able to obtain and maintain a Secret security clearance. About StraCon:
StraCon is dedicated to supporting our government clients and warfighters by “Enhancing their Operational Capability”. With a proven track record, and an employee focused philosophy, we have developed a culture that believes in the talent of the individual. StraCon employees are empowered to “Make It Happen”. Since 2008, we have provided Program Management, Training Systems Products, Financial Management, Instructional System Design, Data Management, Courseware Development, Engineering, Logistics, Foreign Military Sales Support, and a variety other technical services for the Department of Defense. StraCon offers competitive benefits including medical, dental, vision, life insurance, accidental death and dismemberment, short/long-term disability, and 401(k) retirement plans, as well as a paid time off programs for eligible full-time employees. Eligible part-time employees are able to participate in the 401(k) retirement plans and may be eligible for state or contract required paid time off programs. StraCon is an Equal Opportunity & Affirmative Action Employer