H2 Performance Consulting (H2), a high-growth, technology-enablement firm, is currently seeking a Senior Information Assurance Analyst to support our government client in the San Diego area. The ideal candidate will have 4 years minimum Information Assurance and Assessment and Authorization (A&A) experience or 2 years' experience directly working Navy IA and A&A efforts.
The Senior Information Assurance Analyst responsibilities include:
- Experience with DIACAP and Risk Management Framework (RMF) processes and NIST 800-53 controls.
- Develop and maintain associated Certification and Accreditation (C&A) and/or Assessment and Authorization (A&A) documentation.
- Provide security expertise involving various computer hardware and software operation systems and application solutions hosted in an enterprise environment in coordination with hosting environment technical and security staff.
- Provide expertise with security features and vulnerabilities of various operating systems as defined by NIST, DISA (STIGs), and USCYBERCOM.
- Perform patch updates and vulnerability remediation
- Perform IA vulnerability testing and verification using tools such as ACAS, SCAP, and HBSS.
- Assist with establishing goals, plans (POA&M), and time lines to meet RMF accreditation project objectives.
- Coordinate with the application hosting facility and develop and maintain all accreditation artifacts as required to achieve and maintain required operational authorization.
- Remediation or mitigation of IA issues resulting from scan results.
- Assist in the remediation and mitigation of risks and deficiencies identified in security test plans.
- Assist with continuing IA support including continuous monitoring.
Knowledge and Skills Required:
- 4 years' experience in an IA or C&A (or A&A) related field or 2 years of experience working with Navy C&A (or A&A) efforts.
- Demonstrated technical (hands-on) experience related to Information Assurance/Cyber requirements, determination, development, and implementation.
- Working knowledge of DIACAP and RMF accreditation packages required to achieve successful accreditation status.
- Hands-on experience with vulnerability testing using tools such as ACAS, SCAP, and HBSS.
Knowledge and Skills Desired:
- 8 years' experience in an IA or C&A (or A&A) related field or 5 years of experience working with Navy C&A (or A&A) efforts.
- Thorough understanding of RMF and A&A activities and artifacts.
- Experience using eMASS and supporting collaboration meetings.
- Working knowledge of Windows Server operating systems 2012 R2, UNIX, TCP/IP, and TSL.
- Some knowledge and experience with database management systems.
Education, Certificates, Licenses Required:
- CompTIA Security + CE Certification
- Position requires Cyber Security Workforce (CSWF) compliance IAW DOD Directive 8140 series, DOD 8570.01-M series, SECNAV M-5239 and NETC Instruction 5239 series requirements for an IAM Level 1 or IAT Level 2.