Position: ACAS Vulnerability Administrator
The successful candidate will support the Customer in the design and implementation of Assured Compliance Assessment Solution (ACAS) for the Customer’s Government Enterprise Networks (GEN), as well as train operators from outside the organization and internal Information Assurance personnel to maintain and operate the ACAS tool functionality.
Clearance Requirement: Active DoD – Secret
DUTIES AND RESPONSIBILITIES:
- Rack and provision government furnished equipment (servers), install and patch operating systems, application, and document Department Information Systems Agency (DISA) Security Technical Implementation Guidelines (STIGs) applicable to each network environment for all ACAS implementations.
- Assesses current ACAS implementations for each of the GEN networks and recommend changes.
- Documents the steps required to design the ACAS solution for each of the GEN networks to include IP address, Fully Qualified Domain Name, and physical location of each component.
- Creates network diagrams of the designs with Microsoft Visio (include list of hardware and software requirements).
- Creates reporting dashboard designs and reports for each environment that are specific to the following audiences: Leadership & Executives; Cybersecurity Staff; and System Administrators.
- Ensures GEN networks receive periodic updates from either the DISA/DoD Patch Repository or Tenable.
- Implements the Reporting Dashboard designs and use reporting tool to create reports.
- Ensures scheduled scans are covering 100% of intended assets and are being run successfully.
- Maintains the Nessus scanners and Passive Vulnerability Scanner’s (PVS) connectivity with the associated Security Center (SC).
- Good communication and interpersonal skills
- Ability to follow policies and procedures
- Ability to communicate information and ideas so others will understand, as well as the ability to respond clearly to questions
- Aptitude to address negative situations and resolve them in a positive manner.
Education and Certification Requirements:
- ACAS 5.3 certification or newer, 5.14 Preferred
- DoD 8570 IAT III or IAM II (CISA, GSE, SCNA, or CISSP [or Associate], CAP, GSLC, CISM)
Background and Experience:
Knowledge and experience with ACAS SC, Nessus Vulnerability Scanners (NVS), and RHEL. Possesses understanding and experience with common cybersecurity toolsets and processes to include STIGs, CAS, IAVA Management and Implementation, and Operation Order (OPORD)/Fragmentary Order (FRAGO) support.
- 2+ years ACAS and/or Nessus experience
- 3+ years’ experience in supporting, configuring, administering Linux
- 3+ (RHEL) operating system in an enterprise environment
- Experience with virtualized environments (vSphere, ESXI)
- DoD 8570 IAT III or IAM II (CISA, GSE, SCNA, or CISSP (or Associate), CAP, GSLC, CISM)
Required Technical Skills:
- Red Hat Enterprise Linux (RHEL) experience
- ACAS experience (preferred)
- Scripting (Nessus Attack Scripting Language (NASL), Python, Bash) (preferred)
PHYSICAL DEMANDS AND WORK ENVIRONMENT:
- General office environment. Work is generally sedentary in nature but may require movement about the office for up to 10% of the time. The working environment is generally favorable. Lighting and temperature are adequate, and there are not hazardous or unpleasant conditions caused by noise, dust, etc. Work is generally performed within an office environment, with standard office equipment available.
- Contractor site with 0-10% travel possible
- Possible off-hours work to support releases and outages
- Occasional movement of small articles up to 10lbs
- Must be able to remain in a stationary position 50% of the time
- Continually operates a computer and other office productivity machinery
- Occasionally required to move self in different positions to accomplish tasks in various environment including tight and confined spaces
- Continually required to communicate information and ideas so others will understand
- Continually utilize visual acuity to operate equipment, read technical information, and/or use a keyboard
The above is intended to describe the general content of and requirements for the performance of this job. It is not to be construed as an exhaustive statement of duties, responsibilities, or physical requirements. Nothing in this job description restricts management’s right to assign or reassign duties and responsibilities to this job at any time. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Equal Employment Opportunity Veterans/Disabled