Information Assurance Analyst
CTL Resources has a number of open positions available immediately to support an exciting program just getting off the ground. This meaningful work will support the mission of the Naval Air Warfare Center, Weapons Division and their complex network of computing and communications systems and software supporting a scientific user community that relies on available and stable access to timely information.
Planning, implementation, upgrading, and/or monitoring of security measures which make up the protection of corporate or government computer networks. Capable of performing independently. Research, analyze, develop and document information systems IAW government policies and standards. Experience with NIST 800-37 and 53 Risk Management Framework (RMF) concepts and procedures. Provide guidance in matters of Security Controls selection, implementation, auditing and monitoring for area of responsibility. Collaborate with other ISSOs and Sr. Staff to achieve favorable A&A outcomes. Responsible for the execution of the Information Assurance program as stipulated by various USG requirements documents including (but not limited to): NISPOM, JSIG, ICD 503, DAAPM, and associated NIST documents. The selected candidate will be responsible for day-to-day effective execution of the Information Assurance program:
- Risk Management Framework Experience
- Assessment and Authorization (A&A) of assigned systems (SSPs, CMP, RMP, CTP, etc.)
- Perform technical security controls assessments and baseline validations to identify vulnerabilities and control deficiencies as part of continuous monitoring program
- Information assurance sustainment activities (hardware/software change management, account management, auditing, media protection, user interface, file transfers, etc.)
- System self-inspections, audit log reviews, secure baselines, and continuous monitoring
- Interfacing with internal and external customers, program managers, IT staff, etc.
- Prepare and conduct initial and annual general/privileged IA training and awareness
- Conduct various actions related to cyber incident response, investigation, and resolution
- Development, maintenance, and execution of effective, well-written, and customer compliant IA policies and procedures for various customer bases
- The ideal candidate possesses strong written and oral communications skills, technical knowledge, exemplary customer service skills, strong time management skills, the ability to creatively find solutions to complex challenges, and the ability to multi-task and thrive in a fast-paced environment. This position will report directly to the CSI Systems Security Manager (ISSM) for IIS.
- Must be able to obtain and maintain a TS/SCI Security Clearance.
- This position will require the candidate to obtain and maintain an IA Professional certification (e.g. Security+ CE, CISSP, etc.)
- HANDS ON!!
- 3+ years of experience in information systems security/information assurance, security engineering
- Experience developing System Security Plans (SSPs) and supporting Assessment & Authorization (A&A) documentation
- Experience supporting various computer hardware platforms and multiple operating systems in both stand alone and LAN/WAN configurations
- Working knowledge of operating systems security features and settings (e.g. Windows, Unix, Linux, and OS X)
- Ideal Candidate has experience to make sound decisions and implement all aspects of information systems security as it applies to NISPOM Chapter 8, JSIG, ICD 503, NIST SPs, and other government doctrine
- Professional demeanor, good interpersonal skills, and ability to excel in a high-paced multi-tasked environment
- Demonstrated ability to act independently, prioritize tasks, and manage to schedule
- Willingness to perform security tasks outside specialty (e.g. program security) and be proficient in Microsoft Applications (Word, Excel, Power Point, Access, Visio, etc.)
- Strong communication skills with the ability to communicate effectively in both oral and written modes, and be able to author and present subject specific presentations
- Must be willing and able to travel as required up to 10% of work schedule
- Experience with computer forensic tools and investigation methodologies
- Experience with various information system security assessment/hardening tools - SCAP Compliance Checker, STIG Viewer, ACAS, Nessus, SECSCN, DISA SRR, Retina, etc.
- Working knowledge of Wide-Area and Local Area Networks (WAN/LAN), to include Cisco-based routers, switches, and firewalls
- DoD 8570.1M compliant Professional Certification (e.g. Security +, CISSP, GSEC, etc.)
- Current Top Secret clearance with SCI access and polygraph
- Prior ISSO/ISSM or alternate ISSO/ISSM experience
- Self-starter with ability to work independently, customer service orientated
- In-depth knowledge of NIST special publications, CNSS policies and instructions
- Secret Clearance Required at Minimum.
- IAT Level II Certification Required - CCNA, CSA+, GICSP, GSEC, Security+ CE, SSCP
- Additional Certifications Desired - CISSP, CAP, GSLC, ENSA, CASP CE, CSSLP, CEH, CFR, CSA+, GCIA, GCIH, GICSP, SCYBER, CISA, CISA+, GSNA, CISM, CISSP-ISSMP, GCFA
Bachelor’s degree in computer science or other technical field and degree of applicability and 4 years of experience or 8 years (without a degree) experience. CNSSI 4012-4016 Certificate or NDU CISO certificate or Military Training NEC 2780 or 2779 or 2781 can also be substituted for educational requirement.
Ridgecrest, California. This location is within driving distance of several metropolitan areas and offers a low cost of living and pleasant small-town atmosphere.
CTL Resources is an established defense contractor with 15 years of experience delivering global engineering programs. We offer industry leading salaries as well as world class benefits including Medical, Dental, Vision, Life Insurance, Disability Insurance, Health Savings Plans, and 401k offerings. We offer challenging and exciting work opportunities, like NAVAIR Cyber and have a turnover level much lower than industry averages due to our tradition of serving our employees with the highest level of support.