This position supports the Assessment and Authorization (A&A) cybersecurity efforts for NIWC PAC code 82000 to support the Research, Development, Test & Evaluation (RDT&E) network. The RDT&E environment allows customers to utilize Navy computers and network infrastructure to develop, test, and certify new systems that are either directly in support of Navy initiatives or support internal or external customer requirements.
Roles and associated responsibilities
· Develop A&A documentation to include system security plans, system categorization forms, contingency plans, configuration management plans, support and sustainability plans, Plans of Action and Milestones (POA&Ms).
· Obtain an Authority to Operate (ATO) in accordance with guidance from the Navy Security Control Assessor (SCA), Navy Authorizing Official (NAO), and DoDI 8510.01 DoD Risk Management Framework (RMF).
· Policy development and enforcement.
· Perform eMASS package development.
· Provide technical, validation, and ISSE support for Assessment and Authorization (A&A) processes.
· Navy Information Assurance Vulnerability Management (IAVM) and Computer Task Order (CTO) process and reporting.
· Provide experience of NIST SP 800-53, RMF implementation and provide recommendations in accordance with NIST FIPS 199.
· Provide metrics gathering/data analysis compliance with all cyber/A&A policies, audits and inspections.
· Automated vulnerability scanning tools
. Assured Compliance Assessment Solution (ACAS) / Tenable Nessus & SecurityCenter
. DISA Security Content Automation Protocol (SCAP) Compliance Checker (SCC)
· Analyze system configurations per DISA STIG using STIGviewer, SCC, and OpenSCAP.
· Monitor software compliance in the DoN Application and Database Management System (DADMS).
Key Skills, Knowledge and Abilities:
· Demonstrate a good understanding of various virtual and cloud services (Good understanding of the AWS services is a plus).
· Cloud+ certification
· Provide Cloud Computing Security Requirements Guide (SRG) and cloud computing industry best practices; and utilize these tools to assist in the evaluation, research and development of IT cloud security risk assessments, security tools, and implementation plans.
· Administration and/or development with:
. Microsoft Windows Operating Systems
. Red Hat Enterprise Linux (RHEL)
. Apache Tomcat
. Cloud-based technologies
For more Information go to: https://bit.ly/2A1tCci