This position supports the Assessment and Authorization (A&A) cybersecurity efforts for NIWC PAC code 82000 to support the Research, Development, Test & Evaluation (RDT&E) network. The Cybersecurity Analyst II will serve as a Risk Management Framework (RMF) Subject Matter Expert (SME) for all network security architectures, designs, implementations, and operations within 3 NIWC Pacific RDT&E systems, networks, and applications. Additionally he/she will provide engineering and technical support for the testing of systems, software, tools and products while identifying operational and functional requirements of new, developing and existing systems and develop a system security approach, which includes but not limited to defining potential threats, vulnerabilities, safeguards, and risk factors.
Roles and associated responsibilities
1. Provide practice of Cloud Computing Security Requirements Guide (SRG) and cloud computing industry best practices; and utilize these tools to assist in the evaluation, research and development of IT cloud security risk assessments, security tools, and implementation plans
2. Analyze / implement enterprise architecture/design, cloud migration plans, generating auditing reports, performance, interoperability, and functionality.
3. Work with all layers of technology stack (network routing and switching, firewalls, Virtual Private Network (VPNs), load balancers, network and server virtualization, server operating systems, large storage systems, data-exchange interfaces, databases, middleware, web services, and enterprise management tools used to administer all such capabilities).
4. Evaluate risks associated with extending the network boundaries and data migration to a cloud environment.
5. Work on Instances and software lists for the AWS Gov Cloud in the West region under Availability Zone A.
6. Utilize the testing and analysis of IA controls and secure configuration using the Assured Compliance Assessment Solution (ACAS).
7. Monitor software compliance in the DoN Application and Database Management System (DADMS).
8. Policy development and enforcement.
9. Assess information security risks to new projects and non-standard IT requests using risk assessment methodologies.
10. Provide experience of NIST SP 800-53, RMF implementation and provide recommendations in accordance with NIST FIPS 199.
11. Provide a system security approach, which includes defining potential threats, vulnerabilities, safeguards, and risk factors.
12. Develop A&A documentation to include system security plans, system categorization forms, contingency plans, configuration management plans, support and sustainability plans.
13. Utilize eMASS and the process for entering all system packages, artifacts, and supporting documentation.
14. Analyze system configurations per DISA STIG using STIGviewer, SCC, and OpenSCAP.
15. Create network architecture and data-flow diagrams.
16. Must be able to verify both technical and non-technical findings, propose actions to address the findings, develop a tracking process inclusive of performance metrics, and prepare responses or reports demonstrating that the findings have been addressed in the Plans of Action and Milestones (POA&M).
17. Provide continuous monitoring efforts of Program of Records (PORs).
Qualifications: Key Skills, Knowledge and Abilities
For Key Skills, Knowledge, Abilities and Education, Go To: https://bit.ly/2BMuBOv