Information Assurance Specialist II

Overview

JOB TITLE / DESCRIPTION

Job Title: Information Assurance Specialist II

Location: Guam (US Territory - OCONUS)

Job Summary:

Rivet Operations Company, LLC has an opening for a Cyber Security / Risk Management Framework (RMF) Specialist to join our rapidly growing team in the Pacific Region. The Information Assurance Analyst II provides expertise and analysis to assist the DoD in the process of improving how their IT systems are compliant with DoDI 8570 and the NIST 800. This includes developing and updating cybersecurity policies, user and administrator training guides, tracking tools, and manuals that support cybersecurity governance and risk management framework.

Essential Duties and Responsibilities: (Not listed in order of importance; other duties may be assigned) and must be able to perform the following with minimal guidance:

• Works closely with system owners to guide them through RMF lifecycle of Operational Technology (OT) systems


• Determines the appropriate information types and identifies applicable security controls based on Confidentiality, Integrity, and Availability impact


• Assists architects and systems developers in the identification and implementation of appropriate information security control to ensure uniform application of security policy and enterprise solutions


• Validates and verifies system security requirements definitions and analysis to establish system security designs


• Reviews assessment and authorization (A&A) documentation, providing feedback on completeness and compliance of its content


• Assesses and mitigates system security threats/risks throughout the program life cycle


• Contributes to the security planning, assessment, risk analysis, risk management, certification and awareness activities for system and networking operations


• Applies system security engineering expertise in one or more of the following: system security design process; engineering life cycle; information domain; cross domain solutions; commercial off-the-shelf and government off-the-shelf cryptography; identification; authentication; and authorization; system integration; risk management; intrusion detection; contingency planning; incident handling; configuration control; change management; auditing; certification and accreditation process; principles of IA (confidentiality, integrity, non-repudiation, availability, and access control); and security testing


• Support security authorization activities in compliance with DoD Risk Management Process (RMF) process and other DoD and DoN policies and procedures


• Participates as a security engineering representative on engineering teams for the design, development, implementation and/or integration of secure networking, computing, and enclave environments

• Applies knowledge of cyber security policy, procedures, and workforce structure to design, develop, and implement secure networking, computing, and enclave environments


• Supports security planning, assessment, risk analysis, and risk management


• Conduct RMF Validation and Risk Assessment (RA) activities for Operational Technology (OT) systems (Security Testing, System Risk, System Audits, Security Hardware and Software Testing, and support Checkpoints)

Responsibilities

Requirements

• DoD Secret Clearance


• Bachelor of Science (B.S.) in Information Technology, Cybersecurity, Engineering or similar preferred


• An Information Assurance certification in compliance with DoD 8570 (e.g. Security+, CISSP) (IAT Level II) is required


• 5+ years of experience with the development, review and approval of Navy RMF A&A/DIACAP C&A packages for software systems and enclaves; Assured Compliance Assessment Solution (ACAS) experience desired


• Experience with ICS/SCADA systems ideal


• Experience working with DoD Enterprise Mission Assurance Support Services (eMASS) & Vulnerability Remediation Asset Manager (VRAM)


• Experience with IA / INFOSEC concepts and requirements: Firewall Policy, Ports & Protocols, Cybersecurity, Cybersafe, DoD A&A processes and standards, etc.


• Experience with the Defense Information Systems Agency published Security Technical Information Guidance (STIG) requirements and compliance process, SCAP Content Checker, Security Readiness Review (SRRs), and other DoD approved tools like Enterprise Mission Assurance Support Service (eMASS), Windows Automated Security Scanning Program (WASSP) and Vulnerator.


• Ability to manage time well to meet assigned milestones


• Strong communication skills; motivated to investigate, analyze, and document system issues and resolutions; provides consistent status updates to ensure IT security projects stay focused


• Strong work ethic and a proven professional demeanor (e.g., respectful, dependable, takes initiative and follows through)

Physical Requirements:

Work may involve sitting or standing for extended periods of time. Position may require typing and reading from a computer screen. Must have sufficient mobility, including but not limited to bending, reaching, and kneeling to complete daily duties in a timely and efficient manner. May include lifting weigh up to thirty (30) pounds as necessary.

Rivet Operations Company, LLC. reserves the right to change or modify job duties and assignments at any time. The above job description is not all encompassing. Positions functions and qualifications may vary depending on business needs.

Rivet Operations Company, LLC is an equal opportunity employer and does not discriminate against applicants based on race, color, creed, religion, medical condition, legally protected genetic information, national origin, sex (including pregnancy, childbirth or related medical condition), sexual orientation, gender identity and expression, age, disability, or Vietnam era, or other eligible veteran status or legally protected characteristics.