Primary Duties and Responsibilities
Tasking may include and will not be limited to:
- Assist in the analysis and development of the integration, testing, operations, and maintenance of systems security
- Apply security policies to applications that interface with one another, such as Business-to-Business (B2B) applications
- Assist in developing procedures and test fail-over for system operations transfer to an alternate site based on system availability requirements
- Analyze and report organizational and system security posture trends
- Ensure all systems security operations and maintenance activities are properly documented and updated as necessary
- Ensure application of security patches for commercial products integrated into system design meet the timelines dictated by the management authority for the intended operational environment
- Ensure cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level
- Assess adequate access controls based on principles of least privilege and need-to-know.
- Ensure the execution and analysis Disaster Recovery and Continuity of Operations.
- Implement security measures to resolve vulnerabilities, mitigate risks and recommend security changes to system or system components as needed
- Ensure the integration and implementation of Cross-Domain Solutions (CDS) in a secure environment
- Mitigate/correct security deficiencies identified during security/certification testing and/or recommend risk acceptance for the appropriate senior leader or authorized representative.
- Perform security reviews, identify gaps in security architecture, and develop a security risk management plan
- Provides cybersecurity recommendations to leadership based on significant threats and vulnerabilities based on exercise results for Disaster Recovery, Contingency, and Continuity of Operations Plans
- Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures and maintenance training materials)
- Verify and update security documentation reflecting the application/system security design features
- Assess all the configuration management (change configuration/release management) processes
- Advise appropriate leadership or Authorizing Official of changes affecting the system or network cybersecurity posture.
- Collect and maintain data needed to meet system cybersecurity reporting
- Ensure that protection and detection capabilities are acquired or developed using the IS security engineering approach and are consistent with organization-level cybersecurity architecture.
- Participate in an information security risk assessment during the Security Assessment and Authorization process.
- Participate in the development or modification of the computer environment cybersecurity program plans and requirements.
- Recognize a possible security violation and take appropriate action to report the incident, as required
- Ensure plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
- Provide technical documents, incident reports, and findings from computer examinations, summaries, and other situational awareness information to higher headquarters
- Develop and maintain RMF Assess and Authorize documentation required to achieve an Authority to Operate (ATO). Prepare and maintain information systems ATO record on the Navy’s Enterprise Mission Assurance Support Service (eMASS)
- Run vulnerability assessment tools; ACAS vulnerability scanner, Security Content Automation Protocol (SCAP), STIG Viewe
- Manage system/network vulnerabilities using the Vulnerability Remediation and Assets Manager (VRAM)
Education and Experience Requirements
- 2-5 years in information technology (IT) or information systems security
- 1-2 Years DOD Information Assurance Certification and Accreditation Process (DIACAP) or Risk Management Framework, DODI 8510.01
- Associate Degree from accredited University in computer science, information systems management or computer related field OR meet security certification requirements below
- Understanding of Federal Government and DoD security controls for information systems and implementation delineated in DODI 8500.1 and DODI 8510.01
- Prior to employment, meet Department of the Navy (DON) Cyberspace IT and Cybersecurity Workforce (Cyber IT/CSWF), SECNAV M-5239.2 Cybersecurity Credential for Proficiency Level II - Intermediate/Journeyman (i.e. CASP or CAP or Security+CE, SSCP or compatible military training)
- Meet Cyber IT/CSWF qualifications requirements for Specialty Area – 46 - Systems Security Management/Analysis to include:
- Acknowledgment letter of designation as Cyber IT/CSWF
- Maintain at least forty hours of Cyber IT/CSWF Continuous Education to maintain credentials and DoN Qualifications
- Sign Privileged Access Agreement (PAA) if required to access DoD systems with privileged access
- Obtain a background investigation and security clearance commensurate with supported system/network security classification