Candidate should be familiar with Risk Management Framework, RMF/A&A is replacing DIACAP/C&A processes for accreditations. Applies knowledge of current IA policy at the national IA structure; roles
of major organizations how they interrelate and interact, and shortcomings in this structure. Reviews and recommends IA solutions to customer problems based on an understanding of how products and services interrelate and support the IA mission and the viewpoints of the consumers of those products and services. Analyzes and recommends resolution of IA problems based on knowledge of the major IA products and services, an understanding of their limitations, and a working knowledge of the disciplines of IA.
Input pertinent IA data posture information, inclusive of acknowledgement and corrective actions taken, into both eMASS and VRAM. This would include scans, asset baselines, configurations, POAMs, IAV, CTO, FRAGO, EXORD, WARNORD, SCAP, and STIG compliance Review Information Assurance Vulnerability Alerts (IAVAs), Information Assurance Vulnerability Bulletins (IAVBs) and other identified Security vulnerabilities in the unclassified and classified environments.
Coordinate IAVAs, IAVBs and fixes with the Infrastructure Support network, system and database administrators as well as maintaining IAVA and IAVB status in VRAM and eMASS as required. Direct the testing of each software patch released with an IAVA, IAVB or other Security patch to ensure it will not adversely impact the functionality of the network(s) and applications(s). Input pertinent IA data posture information, inclusive of acknowledgement and corrective actions taken, into both eMASS and VRAM. This would include scans, asset baselines, configurations, POAMs, IAV, CTO, FRAGO, EXORD, WARNORD, SCAP, and STIG compliance.
Implement Security procedures and patches as required and update all system and configuration management documentation to reflect the software patches. Review installed Hardware and Software to ensure all DADMS compliance measures are satisfied.
Ensure the IAVAs, IAVBs and other Security vulnerabilities are coordinated with the MSC IA Team and corrected by the compliance due date. Support the Afloat IAM regarding system vulnerability and status of fixes (number done, estimated time to completion, etc.) and provide information to complete the required mitigation plan if the compliance due date cannot be met. The information provided as part of the mitigation plan must include the reason for the mitigation plan, number of affected assets, estimated completion date for fixing the vulnerability, and a description of the mitigating controls being implemented to manage the vulnerability until the actual documented fix is implemented.
Accomplish IA vulnerability scanning of the local ATAC network using approved IA tools (e.g. ACAS). Direct the correction/mitigation of all identified vulnerabilities. Update eMASS and VRAM with all required data afterwards. Assist with research, data gathering, and data collation for ad hoc reports, data calls and special projects. Assist with other special projects and duties as assigned.
Work with Networks team on preparing documentation as required for Accreditation efforts.. This would include creating, requesting, modifying existing, and uploading OV-1 through OV-3 drawings, SV-1 through SV-4
drawings, boundary diagrams, systems block diagrams, Ports and protocol listings, etc. Coordinate with the MSC IA Team towards satisfaction of all mandated tasking.
- BS or equivalent + 2 yrs related experience, or MS + 0 yrs experience
- IAM Level I required
- Secret clearance is required to start work
- May substitute experience for degree.
- Must be knowledgeable on VRAM and eMASS systems.
- Must be knowledgeable on ACAS scanning and review of output data. Actual hand-on experience with running ACAS scans on distributed networks is preferred.
- Should understand DADMS concepts and policies.
- Has and can apply, in an operational setting, knowledge of DoD IA products and services, an understanding of their limitations and a working knowledge of the disciplines of IA, as well as the generalized knowledge of the underlying Operating Systems and/or COTS/GOTS/Custom S/W and its peculiarities. Applies knowledge of current IA policy, tactics, techniques, policy, and doctrine, and relationship to IA reporting requirements and structure.
- Knowledge of, familiarity and experience with Microsoft Server 2003, 2008, 2012 and Windows 7/10; networks, servers, routers, printers, associated and related hardware, software, and peripheral devices