The Information Systems Security Analyst is a Navy Cyber, DIACAP, RMF and Information Assurance (IA) policy/ documentation subject matter expert. This position is for a Senior Information Systems Security Analyst experienced in performing cybersecurityinspections; developing and reviewing DIACAP/NIST accreditation documents; or perform Computer Network Defense (CND) activities.
The analyst will perform cybersecurity work. Specific responsibilities and tasks may include:
Travel to commands/sites and perform technical functions such as running scans, review command documentation/policies, upload results into VMS, and any other tasks necessary to complete a cyberinspection/assessment/audit.
Provide full-time subject matter expert (SME) support to Department of the Defense (DoD) customers, such as the Navy, Air Force, and Army, in regard to certification and accreditation (C&A)
Perform vulnerability scans, conduct risk assessments, and implementing or overseeing of the implementation of vulnerability assessments
Responsible for the full range of Information Assurance (IA) activities, specializing in C&A matters
Analyze customer's requirements regarding applicable security disciplines (physical, personnel, information, communications, and computer)
Evaluate customer's security policy and provide recommendations
Submit and track DIACAP accreditation packages, to include annual reviews of accredited networks/systems
Provide guidance on Information Assurance matters during configuration design and modification of information systems; review system designs for IA directive compliance; recommend changes, mitigations and remediation
Monitor and review periodic vulnerability and IA compliance testing
Verify that applicable security measures identified by the IA Vulnerability Management (IAVM) program are applied
Monitor mitigation and remediation progress; draft and update Plans of Action and Milestones (POA&Ms)
Participate in certification and accreditation collaboration meeting
Provide IA and risk analysis support; provide level of effort Technical Support on-site
Provide augmentation support to observe and support Certification Test and Evaluation (CT&E), Security Test and Evaluation (ST&E) and Independent Verification and Validation (IV&V) testing of new and existing systems at multiple locations across the United States
Generate DIACAP artifacts to include; DIACAP Implementation Plan (DIP), System Identification Profile (SIP), DIACAP Scorecard, Draft DIACAP POA&M, Test Plan, Test Report, Vulnerability Report, Residual Risk Assessment, Contingency Plan, COOP, and other documents as required
5 years of experience, including 4 years of related IA and INFOSEC technical experience.
Minimum of 4 years’ experience in IA/C&A analysis support in IA controls analysis, conducting risk assessments, risk mitigation analysis, developing contingency plans.
Certifications: CASP, CISSP, CISM or GSLC is required
Clearance: Must possess an active Secret clearance
Demonstrated experience in the following areas:
Demonstrated knowledge of IA/INFOSEC concepts and requirements
Knowledge of the DOD C&A process and standards
System/network vulnerability analysis
Risk assessment and risk mitigation analysis
Security Test and Evaluation (ST&E)
Ports & Protocols
KBR is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, disability, sex, sexual orientation, gender identity or expression, age, national origin, veteran status, genetic information, union status and/or beliefs, or any other characteristic protected by federal, state, or local law.
Job: Information Technology
Job Number: 1048978