is position supports the Assessment and Authorization (A&A) cybersecurity efforts for NIWC PAC code 82000 to support the Research, Development, Test & Evaluation (RDT&E) network. The RDT&E environment allows customers to utilize Navy computers and network infrastructure to develop, test, and certify new systems that are either directly in support of Navy initiatives or support internal or external customer requirements.
Roles and associated responsibilities
· Develop A&A documentation to include system security plans, system categorization forms, contingency plans, configuration management plans, support and sustainability plans, Plans of Action and Milestones (POA&Ms).
· Obtain an Authority to Operate (ATO) in accordance with guidance from the Navy Security Control Assessor (SCA), Navy Authorizing Official (NAO), and DoDI 8510.01 DoD Risk Management Framework (RMF).
· Policy development and enforcement.
· Perform eMASS package development.
· Provide technical, validation, and ISSE support for Assessment and Authorization (A&A) processes.
· Navy Information Assurance Vulnerability Management (IAVM) and Computer Task Order (CTO) process and reporting.
· Provide experience of NIST SP 800-53, RMF implementation and provide recommendations in accordance with NIST FIPS 199.
· Provide metrics gathering/data analysis compliance with all cyber/A&A policies, audits and inspections.
· Automated vulnerability scanning tools
o Assured Compliance Assessment Solution (ACAS) / Tenable Nessus & SecurityCenter
o DISA Security Content Automation Protocol (SCAP) Compliance Checker (SCC)
· Analyze system configurations per DISA STIG using STIGviewer, SCC, and OpenSCAP.
· Monitor software compliance in the DoN Application and Database Management System (DADMS).
Key Skills, Knowledge and Abilities:
· Demonstrate a good understanding of various virtual and cloud services (Good understanding of the AWS services is a plus).
· Cloud+ certification
· Provide Cloud Computing Security Requirements Guide (SRG) and cloud computing industry best practices; and utilize these tools to assist in the evaluation, research and development of IT cloud security risk assessments, security tools, and implementation plans.
· Administration and/or development with:
o Microsoft Windows Operating Systems
o Red Hat Enterprise Linux (RHEL)
o Apache Tomcat
o Cloud-based technologies
1. Bachelor’s Degree in (STEM), or an Information Technology (IT) related field AND two (2) years of relevant work experience, OR Associate's Degree in an Information Technology (IT) related field AND four (4) years of relevant work experience, OR High School Diploma or equivalent AND six (6) years of relevant work experience.
2. Commercial certification meeting or exceeding DoD 8570.01M requirements for IAM-1 (CompTIA Security+)
3. Four (4) years of demonstrated experience in Risk Management Framework (RMF) to include ALL of the
a. Policy development and enforcement
b. eMASS package development
c. Assessment and Authorization (A&A) processes
d. Navy Information Assurance Vulnerability
Management (IAVM) and Computer Task Order (CTO) process and reporting
e. Testing and analysis of IA controls and secure configuration using the Assured Compliance Assessment Solution (ACAS)
f. Analyzing system configuration per DISA STIG using STIGviewer, SCC, and OpenSCAP
4. Demonstrated knowledge of RMF National Institute of Standards & Technology (NIST)