Information Policy and Compliance Certified Professional III
Locations: Huntsville, AL, or Vicksburg, MS, or Portland, Oregon
Secret Clearance required
Under general supervision, assists in the support of Certification and Accreditation (C&A) or other IA/CND Compliance and Auditing processes and inspections for all enterprise systems and networks; assists in the development of all associated documentation. Leads and performs compliance reviews of computer security plans, performs risk assessments, and validates and performs security test evaluations and audits. Analyzes and defines security requirements for information protection for enterprise systems and networks. Assists in the development of security policies. Analyzes the sensitivity of information and performs vulnerability and risk assessments on the basis of defined sensitivity and information flow. Professionally certified as Technical Level III as defined by DODI 8570 is a requirement.
MAJOR JOB ACTIVITIES:
- Performs security analysis, design, and documentation activities in support of new and legacy DoD networks and satellite monitoring and control systems. Ensures compliance with all system performance specifications and IA requirements. Prepares and submits Certification and Accreditation (C&A) documents for Government approval.
- Analyzes and resolves complex system security or performance issues. Works with stakeholders at all levels to ensure supported systems meet both security requirements and user community needs.
- Provides consolidated tracking of all IA related expiration dates (e.g., expiration of IATO, ATO, MOA and DoD 8570 training renewal requirement dates).
- Interfaces with Field Engineers, Network Engineers, and Information Assurance Officers (IAO) on IA policies, IA Vulnerability Management (IAVM) compliance, and DoD reporting requirements.
- Conducts IA compliance reviews against systems. Understands security features and shortcomings of supported systems. Performs network performance analysis and vulnerability scans using advanced security tools including the Defense Information Systems Agency (DISA) GOLD DISK, eEye Retina, and NMAP. Uses the results of security scans to create security reports and input to security documentation. Serves as the program proponent for IA. Provides IA technical and administrative support to all program personnel and customer representatives. Interfaces and coordinates with Government counterparts.
- Develops and disseminates IA training guidelines for all users.
- Functions as a first responder to investigate, report, and resolve any security-related incident.
- Provides IA technical expertise at management meetings and conferences as required.
MATERIAL & EQUIPMENT DIRECTLY USED:
General Office Equipment
General office environment.
Lifting up to 25lbs unassisted.
Education/Certifications: One year related experience may be substituted for one year of education, if degree is required.
Bachelor’s Degree from an accredited college or university in Management Information Systems, Computer Science, or Engineering. (Degree requirement may be substituted with 7 years directly relevant experience and active CISSP certification.) Must currently possess applicable certifications in accordance with DoD 8570.01-M IAT Level III and have at least one of the following certifications: RHCE, ACSA, BCCPP, CCNA, CCNA Security, CCNP, CCNP Security, CCNP Voice, CCNP Service Provider, CCIE, CCIE Security, CCIE Voice, CCIE Service Provider, MCITP Server Administrator: Windows Server 2008, MCITP Enterprise Administrator: Windows Server 2008, MCITP Virtualization Administrator Windows Server 2008 R2, MCSA Windows Server 2008, MCSA Windows Server 2012, MCSE Desktop Infrastructure 2012, MCSE Server Infrastructure 2012, MCSE Private Cloud 2012, Server+, VCP 4, VCP 5.
Minimum of 6 years experience with DoD IA support; expertise with DIACAP (C&A) process.
In-depth knowledge of IA policies and regulations required. Must have IA experience with various operating systems.
Experience applying operationally focused Security Technical Implementation Guides (STIG).
Must have experience with and a strong understanding of networking fundamentals.
Information Assurance Vulnerability Management (IAVM)
Technical writing capabilities.
Ability to communicate well with coworkers and customers.
Strong understanding of DoD IA requirements.
Retina Scan tool (or other IA scanning tools)