SECURITY ANALYST (INFOSEC - LEVEL IV)

Job Summary : Serve as a Senior Information Security Analyst Alternate ISSM with responsibility of developing maintaining and supporting NEXCOMs Information Assurance program and associated security controls within the NEXCOM Enterprise environment. Perform security assessments and associated reports. Maintain the NEXCOM IAVM program. Maintain compliance with current DoD DON cybersecurity policy. Processes and reviews of System Security Reviews SSR. Maintain DIACAPRMF accreditations for existing and future NEXCOM systems. Includes working with stakeholders both leadership and subject matter experts to build a holistic view of NEXCOMs strategy processes information and security posture.

Duties and Responsibilities :

Incumbents must be U. S. Citizens

• Serves as mentor providing instruction and guidance to lower level InfoSec Analysts.
• Excellent analytical and problem solving skills.
• Maintaining and tracking IAVM program compliance.
• Review and document security assessments of computing environments through the SSR process to identify points of vulnerability and non-compliance with established Information Assurance (IA) standards and regulations
• Track FISMA Contingency Plan testing compliance.
• Assist CSWF-PM with maintaining and tracking CSWF program compliance.
• Perform quarterly audit reviews and reporting.
• Expert with compliance and regulatory requirements such as DIACAP, RMF, PCI, PII, SOX.
• Complete weekly metric reports for Code IS.
• Analyze STIG and ACAS reports and advise system administrators on acceptable mitigation measures.
• Compile all required artifacts for DIACAP and RMF Authorization packages and work through obtaining an Authorization to Operate.
• Ensure security deficiencies identified during security / certification testing have been mitigated, corrected, or a risk acceptance has been obtained by the appropriate authorized representative.
• Perform data security assessments including applications, servers, databases, and other network components and associated processes against the PCI DSS standards to identify areas of non-compliance.
• Process and authorize NEXCOM system access through SAAR and PAA agreements.
• Provide system related input on IA security requirements to be included in statements of work and other appropriate procurement documents.

Performs other related duties as assigned.

Department of the Navy (DON) Cyber Information Technology / Cybersecurity Workforce positions (Cyber IT / CSWF) :

This position has been designated as a Cyber IT / Cybersecurity Workforce position in specialty area 72 and as a condition of employment incumbents of this position are required to comply with the DON Cyber IT / CSWF Program requirements of SECNAV M-5239.2, which include :

2. Per SECNAVINST 1543.2, Cyber IT / CSWF individuals shall participate annually in 40 hours of continuous learning (CL) activities to be documented in a current individual development plan (IDP) signed by both the employee and supervisor.

3. Required minimum Cybersecurity Credentials for this position are :

a. Education (at least one of the following) :

i. Graduate Degree from accredited University

ii. CNSSI 4012 Senior Systems Manager

OR

b. Certification (at least one of the following) :

i. Certified Authorization Professional (CAP)

ii. Certified Information Security Manager (CISM)

iii. Certified Information Systems Security Professional (CISSP)

iv. CompTIA Advanced Security Practitioner (CASP) ce

v. GIAC Security Leadership Certification (GSLC)

This position is designated IT-1 (Critical - Sensitive) in accordance with SECNAV M-5510.30 and will require a favorable Single Scope Background Investigation (SSBI).

Candidates must be eligible for and obtain a Top Secret Clearance, within 6 months of appointment. Failure to obtain will result in termination.

Qualified candidates must be U.S. Citizens.

A total of 7 years of experience, consisting of the following :

GENERAL EXPERIENCE : Three years of experience performing certification and accreditation work which enabled the applicant to gain a in-depth understanding of accreditation processes, methods and Department of the Navy (DON) policies required for accomplishing work; the ability to analyze systems, apply sound judgment in documenting technical details, and resolving the problems presented; and the ability to communicate effectively with others, both orally and in writing.

OR

SUBSTITUTION OF EXPERIENCE FOR EDUCATION : One year of related academic study above the high school level may be substituted for 9 months of experience up to a maximum of a 4 year bachelor's degree in Computer Science, Cyber Security, Information Technology or related field for 3 years of general experience.

AND

SPECIALIZED EXPERIENCE : Four years of experience in at least two of the following :

Security control assessments and reports; Research and analysis of cybersecurity policy; IT security compliance and reporting; System risk analysis; Drafting DIACAP / RMF Authorization packages; or one year experience at the next lowest level of this position.

Department of the Navy (DON) Cyber Information Technology / Cybersecurity Workforce positions (Cyber IT / CSWF) :

This position has been designated as a Cyber IT / Cybersecurity Workforce position in specialty area 72 and as a condition of employment incumbents of this position are required to comply with the DON Cyber IT / CSWF Program requirements of SECNAV M-5239.2, which include :

2. Per SECNAVINST 1543.2, Cyber IT / CSWF individuals shall participate annually in 40 hours of continuous learning (CL) activities to be documented in a current individual development plan (IDP) signed by both the employee and supervisor.

3. Required minimum Cybersecurity Credentials for this position are :

a. Education (at least one of the following) :

i. Graduate Degree from accredited University

ii. CNSSI 4012 - Senior Systems Manager

OR

b. Certification (at least one of the following) :

i. Certified Authorization Professional (CAP)

ii. Certified Information Security Manager (CISM)

iii. Certified Information Systems Security Professional (CISSP)

iv. CompTIA Advanced Security Practitioner (CASP) ce

v. GIAC Security Leadership Certification (GSLC)

Candidates without the required credentials may be placed into this position, but must obtain the required credentials within 6 months of appointment; failure to obtain this requirement will result in termination of employment.

This position is designated IT-1 (Critical - Sensitive) in accordance with SECNAV M-5510.30 and will require a favorable Single Scope Background Investigation (SSBI).

Candidates must be eligible for and obtain a Secret Clearance, within 6 months of appointment. Failure to obtain will result in termination.