NNSY Cyber Security Analyst (Job Number:432743)
SAIC has a contingent opening for a Cybersecurity (CS) Analyst/Specialist to support a Navy customer in Virginia Beach, VA. This position is contingent upon contract award.
The Cyber Security Analyst shall support the revision of the entire end-to-end A&A process. The candidate shall provide overarching expertise for the A&A process. The candidate shall ensure the necessary planning, outreach, execution, and dissemination of lessons learned/after action reports. The candidate shall engage pertinent stakeholders and cross-functional event support SME?s as required to provide an overall framework for managing and coordinating necessary communications that directly, or indirectly, influence objectives and tasks. The candidate shall provide support for all post Command Cyber Readiness Inspection (CCRI) and Cyber Security Inspection (CSI) and NAVSEA 08 Audit data/information resulting from a CSI/CCRI/NAVSEA 08 Audit conducted at NNSY. This effort will highlight and track significant physical, policy and or network Security issues, improving the network Security and awareness on Naval networks world-wide. The support duties and responsibilities include, but are not limited to, the following:
- Review A&A package submissions to ensure system/network architectures and technical / non-technical operating features adequately protect and defend against unauthorized access, ensure systems availability, and meet DoD/Navy CS implementation policy requirements and data protection safeguards.
- Conduct CS compliance and A&A documentation validation assessments for legacy applications, systems and networks.
- Develop, or expand existing, A&A and CS documentation to ensure complete documentation exists in accordance with DoD A&A and IA policy.
- Perform Certification Authority (CA) risk assessments to evaluate systems risks, and provide written risk assessment reports including overall risk analysis reviews and recommendations to the Navy Authorizing Official (NAO) and Functional Authorizing Official (FAO).
- Respond to feedback from the NAO and FAO in the form of comments and instructions to ensure coordination of efforts and to correct errors, information omissions and shortfalls in A&A documentation packages.
- Communicate feedback to customers, coordinate corrections collect responses and validate prior to forward for processing.
- Develop procedures to support A&A workflow processes, criteria needed to facilitate processes and NAO/FAO accreditation decision milestones.
- Maintain a minimum of five A&A packages a month dependent upon complexity for processing unless operational requirements are waived by the NNSY CIO.
- Attend meetings on behalf of the A&A team, take notes and prepare written feedback on the content and outcome of meetings, and follow-on tasks including recommendation and suggestions.
- Assist in developing point papers, naval messages, presentations, briefings and other forms of written documentation on an as needed basis to support A&A and CS functions.
- Develop Standard Operating Procedures (SOPs), checklists, workflow process charts, forms, POC lists, and other documentation needed to support NAO processes and related A&A and CS functions.
- Compile and analyze data, from authoritative sources (such as Vulnerability Remediation Asset Manager (VRAM), Assured Compliance Assessment Solution (ACAS), and Host Based Security System (HBSS)), and develop a SharePoint web enabled monthly Dashboard for NNSY leadership review for CS readiness and compliance.
- Track post CSI/CCRI/NAVSEA 08 Audit findings/results.
- Develop CSI/CCRI/NAVSEA 08 Audit follow on report(s).
- Assess CSI/CCRI/NAVSEA 08 Audit inspection statistical data/metrics of post inspections adjudications status
- Conduct analysis of trends in inspection findings/results.
- Track and report CSI/CCRI compliance related to Navy Fleet and Ashore units to improve Navy scores in the Command Cyber Readiness Inspection (CCRI) program.
- Identify areas where NNSY and other shipyards should focus CS efforts as result of or in support of CSI/CCRI(s)/NAVSEA 08 Audit and be able to relate those areas to the appropriate levels of the command?s CS team.
- Provide support for all post CSI/CCRI issues to include inspection finding adjudication in Continuous Monitoring and Risk Scoring (CMRS), assessing statistical data/metrics of post inspection adjudication status, and Security Technical Implementation Guide (STIG) review and interpretation.
- Support NNSY with CSI/CCRI related tasks such as tracking inspection findings.
- Perform the duties of a qualified Navy Validator for all NNSY accreditation submissions and assist other Naval Shipyards and the corporation on these duties when required.
- Evaluation, test, and accredit various Industrial Plant Equipment (IPE) that contain computer technology to ensure full compliance with Navy and DoD requirements.
- Assist with office clerical work; assist users with CS related issues, and provide other CS support as the need arises (e.g., auditing, contingency planning, CS awareness training, risk assessments, etc.).
EDUCATION AND EXPERIENCE:
- Bachelors degree from an accredited institution plus five (5) years or more experience.
- A minimum of a SECRET clearance is required for this position.
- Require a final fully adjudicated clearance based on a Single Scope Background Investigation (SSBI)
- Five (5) years? experience, including four years of related CS and INFOSEC technical experience. The Cybersecurity Analyst provides technical analysis for CS support and integration efforts and performs analysis of A&A documentation for DOD or Navy RDT&E or operational systems, networks and applications, and Commercial Off-The-Shelf (COTS) INFOSEC product evaluation and related documentation.
- The Cybersecurity Analyst shall have a minimum four (4) years? experience in CS / A&A analysis support in IA controls analysis, conducting risk assessments, risk mitigation analysis, developing contingency plans.
- The Information Assurance Analyst shall have demonstrated experience in the following areas:
- Demonstrated knowledge of CS / INFOSEC concepts and requirements
- Knowledge of the DOD A&A process and standards
- System / network vulnerability analysis
- Risk assessment and risk mitigation analysis
- Security Test and Evaluation (ST&E)
- Contingency planning
- Firewall Policy
- Ports & Protocols
- Knowledge to maintain all day-to-day VRAM activities, Enter the system baseline configuration in VRAM by uploading vulnerability scan of a representative baseline system
- Must meet the requirements for IT-1 positions immediately
- Expert and Mastery levels with institutional knowledge and a minimum of 5 years? experience, on the mission critical procedures, systems, and processes, as they pertain to Information Technology and Cyber Security requirements
- Fully qualified candidate personnel in accordance with DoD 8570.01M
- Personnel qualified and registered as a Navy Validator IAW DoN Memorandum 5239, Ser 5.0/1274 dated 18 Mar 10,
- QUALIFICATION STANDARDS AND REGISTRATION PROCEDURES FOR NAVY VALIDATORS
- Experience in certifying and accrediting DON information systems and networks, as well as Platform IT
- Expert knowledge of and experience with CS requirements as defined by Public Laws, National, DoD, and DON guidance [e.g., Federal Information Security Management Act (FISMA), DoDD 8500.1, DoDI 8500.2, DoDI 8510.01 (Risk Management Framework (RMF) for DoD Information Technology (IT)), DODINST 8570/01M INFORMATION ASSURANCE WORKFORCE IMPROVEMENT PROGRAM. SECNAVINST 5239.3, OPNAVINST 5239.1, NIST Special Publications Series 800, etc.
- Expert knowledge and experience with the requirements outlined in OPNAVINST N9210.3 Safeguarding Naval Nuclear Propulsion Information
SAIC Overview:SAIC is a premier technology integrator providing full life cycle services and solutions in the technical, engineering, intelligence, and enterprise information technology markets. SAIC is Redefining Ingenuity through its deep customer and domain knowledge to enable the delivery of systems engineering and integration offerings for large, complex projects. SAIC has approximately 15,000 employees are driven by integrity and mission focus to serve customers in the U.S. federal government. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $4.5 billion. For more information, visit saic.com.
EOE AA M/F/Vet/Disability
Job Posting: Jan 26, 2018, 5:00:00 AM
Primary Location: United States-VA-Virginia BEACH
Clearance Level Must Currently Possess: Secret
Clearance Level Must Be Able to Obtain: Secret
Potential for Teleworking: No
Travel: Yes, 25% of the time
Shift: Day Job