SECURITY ANALYST (INFOSEC - LEVEL IV)NAVY EXCHANGE SERVICE COMMAND (NEXCOM) • United States
Cette offre d'emploi n'est plus disponible
SECURITY ANALYST (INFOSEC - LEVEL IV)
NAVY EXCHANGE SERVICE COMMAND (NEXCOM)
- United States
- United States
À propos
Job Number: 260000E2 Primary Location: United States-Virginia-Virginia Beach Organization: NEXCOMHQ Pay Range: 4D Q1-Mid Job Summary: Serve as a Senior Information Security Analyst Alternate ISSM with responsibility of developing, maintaining, and supporting NEXCOMs Information Assurance program and associated security controls within the NEXCOM Enterprise environment. Perform security assessments and associated reports. Maintain the NEXCOM IAVM program. Maintain compliance with current DoD DON cybersecurity policy. Processes and reviews of System Security Reviews SSR. Maintain DIACAPRMF accreditations for existing and future NEXCOM systems. Includes working with stakeholders both leadership and subject matter experts to build a holistic view of NEXCOMs strategy, processes, information, and security posture. Duties and Responsibilities: Incumbents must be U. S. Citizens - Serves as mentor providing instruction and guidance to lower level InfoSec Analysts. - Excellent analytical and problem solving skills. - Maintaining and tracking IAVM program compliance. - Review and document security assessments of computing environments through the SSR process to identify points of vulnerability and non-compliance with established Information Assurance (IA) standards and regulations - Track FISMA Contingency Plan testing compliance. - Assist CSWF-PM with maintaining and tracking CSWF program compliance. - Perform quarterly audit reviews and reporting. - Expert with compliance and regulatory requirements such as DIACAP, RMF, PCI, PII, SOX. - Complete weekly metric reports for Code IS. - Analyze STIG and ACAS reports and advise system administrators on acceptable mitigation measures. - Compile all required artifacts for DIACAP and RMF Authorization packages and work through obtaining an Authorization to Operate. - Ensure security deficiencies identified during security/certification testing have been mitigated, corrected, or a risk acceptance has been obtained by the appropriate authorized representative. - Perform data security assessments including applications, servers, databases, and other network components and associated processes against the PCI DSS standards to identify areas of non-compliance. - Process and authorize NEXCOM system access through SAAR and PAA agreements. - Provide system related input on IA security requirements to be included in statements of work and other appropriate procurement documents. Performs other related duties as assigned. Department of the Navy (DON) Cyber Information Technology / Cybersecurity Workforce positions (Cyber IT/CSWF): This position has been designated as a Cyber IT/Cybersecurity Workforce position in specialty area 72 and as a condition of employment incumbents of this position are required to comply with the DON Cyber IT/CSWF Program requirements of SECNAV M-5239.2, which include: 1. Earn and maintain appropriate credentials from the Cyber IT/CSWF Qualification Matrix (described in SECNAV M-5239.2) associated with the specialty area and level commensurate with the scope of major assigned duties for the position to which you are assigned, and; 2. Per SECNAVINST 1543.2, Cyber IT/CSWF individuals shall participate annually in 40 hours of continuous learning (CL) activities to be documented in a current individual development plan (IDP) signed by both the employee and supervisor. 3. Required minimum Cybersecurity Credentials for this position are: a. Education (at least one of the following): i. Graduate Degree from accredited University ii. CNSSI 4012 - Senior Systems Manager OR b. Certification (at least one of the following): i. Certified Authorization Professional (CAP) ii. Certified Information Security Manager (CISM) iii. Certified Information Systems Security Professional (CISSP) iv. CompTIA Advanced Security Practitioner (CASP) ce v. GIAC Security Leadership Certification (GSLC) Candidates without the required credentials may be placed into this position, but must obtain the required credentials within 6 months of appointment; failure to obtain this requirement will result in termination of employment. This position is designated IT-1 (Critical - Sensitive) in accordance with SECNAV M-5510.30 and will require a favorable Single Scope Background Investigation (SSBI). Candidates must be eligible for and obtain a Top Secret Clearance, within 6 months of appointment. Failure to obtain will result in termination.
Compétences linguistiques
- English
Avis aux utilisateurs
Cette offre a été publiée par l’un de nos partenaires. Vous pouvez consulter l’offre originale ici.