SECURITY ANALYST (INFOSEC - LEVEL IV)
Virginia Beach, VA, US • Posted 60+ days ago • Updated 22 hours agoFull Time
On-site
Depends on Experience
Navy Exchange Service Command
Fitment
Dice Job Match Score™
👤 Reviewing your profile...
Job Details
Skills
- ISSM
- DoD
- System Security
- Mentorship
- Training
- Analytical Skill
- Problem Solving
- Conflict Resolution
- Information Architecture
- Impact Analysis
- FISMA
- Contingency Plan
- Project Management
- Performance Management
- Preventive Maintenance
- Auditing
- Payment Card Industry
- Sarbanes-Oxley
- STIG
- Testing
- Data Security
- Servers
- Database
- Network
- PCI DSS
- Information Assurance
- Procurement
- Writing
- Computer Science
- Security Controls
- Research
- IT Security
- Regulatory Compliance
- Reporting
- Risk Analysis
- Technical Drafting
- DIACAP
- RMF
- Risk Management Framework
- Information Technology
- AS/400 Control Language
- Common Lisp
- IDP
- Cyber Security
- Authorization
- Information Security
- CISM
- Information Systems
- CISSP
- CompTIA
- Customer Engagement
- Leadership
- Security Clearance
Summary
Serve as a Senior Information Security Analyst Alternate ISSM with responsibility of developing maintaining and supporting NEXCOMs Information Assurance program and associated security controls within the NEXCOM Enterprise environment. Perform security assessments and associated reports. Maintain the NEXCOM IAVM program. Maintain compliance with current DoD DON cybersecurity policy. Processes and reviews of System Security Reviews SSR. Maintain DIACAPRMF accreditations for existing and future NEXCOM systems. Includes working with stakeholders both leadership and subject matter experts to build a holistic view of NEXCOMs strategy processes information and security posture.
Duties and Responsibilities:
Incumbents must be U. S. Citizens
Serves as mentor providing instruction and guidance to lower level InfoSec Analysts.
Excellent analytical and problem solving skills.
Maintaining and tracking IAVM program compliance.
Review and document security assessments of computing environments through the SSR process to identify points of vulnerability and non compliance with established Information Assurance (IA) standards and regulations
Track FISMA Contingency Plan testing compliance.
Assist CSWF PM with maintaining and tracking CSWF program compliance.
Perform quarterly audit reviews and reporting.
Expert with compliance and regulatory requirements such as DIACAP, RMF, PCI, PII, SOX.
Complete weekly metric reports for Code IS.
Analyze STIG and ACAS reports and advise system administrators on acceptable mitigation measures.
Compile all required artifacts for DIACAP and RMF Authorization packages and work through obtaining an Authorization to Operate.
Ensure security deficiencies identified during security/certification testing have been mitigated, corrected, or a risk acceptance has been obtained by the appropriate authorized representative.
Perform data security assessments including applications, servers, databases, and other network components and associated processes against the PCI DSS standards to identify areas of non compliance.
Process and authorize NEXCOM system access through SAAR and PAA agreements.
Provide system related input on IA security requirements to be included in statements of work and other appropriate procurement documents.
Performs other related duties as assigned.
Department of the Navy (DON) Cyber Information Technology / Cybersecurity Workforce positions (Cyber IT/CSWF):
This position has been designated as a Cyber IT/Cybersecurity Workforce position in specialty area 72 and as a condition of employment incumbents of this position are required to comply with the DON Cyber IT/CSWF Program requirements of SECNAV M 5239.2, which include:
1. Earn and maintain appropriate credentials from the Cyber IT/CSWF Qualification Matrix (described in SECNAV M 5239.2) associated with the specialty area and level commensurate with the scope of major assigned duties for the position to which you are assigned, and;
2. Per SECNAVINST 1543.2, Cyber IT/CSWF individuals shall participate annually in 40 hours of continuous learning (CL) activities to be documented in a current individual development plan (IDP) signed by both the employee and supervisor.
3. Required minimum Cybersecurity Credentials for this position are:
a. Education (at least one of the following):
i. Graduate Degree from accredited University
ii. CNSSI 4012 Senior Systems Manager
OR
b. Certification (at least one of the following):
i. Certified Authorization Professional (CAP)
ii. Certified Information Security Manager (CISM)
iii. Certified Information Systems Security Professional (CISSP)
iv. CompTIA Advanced Security Practitioner (CASP) ce
v. GIAC Security Leadership Certification (GSLC)
This position is designated IT 1 (Critical Sensitive) in accordance with SECNAV M 5510.30 and will require a favorable Single Scope Background Investigation (SSBI).
Candidates must be eligible for and obtain a Top Secret Clearance, within 6 months of appointment. Failure to obtain will result in termination.
A total of 7 years of experience, consisting of the following:
GENERAL EXPERIENCE: Three years of experience performing certification and accreditation work which enabled the applicant to gain a in depth understanding of accreditation processes, methods and Department of the Navy (DON) policies required for accomplishing work; the ability to analyze systems, apply sound judgment in documenting technical details, and resolving the problems presented; and the ability to communicate effectively with others, both orally and in writing.
OR
SUBSTITUTION OF EXPERIENCE FOR EDUCATION: One year of related academic study above the high school level may be substituted for 9 months of experience up to a maximum of a 4 year bachelor's degree in Computer Science, Cyber Security, Information Technology or related field for 3 years of general experience.
AND
SPECIALIZED EXPERIENCE: Four years of experience in at least two of the following:
Security control assessments and reports; Research and analysis of cybersecurity policy; IT security compliance and reporting; System risk analysis; Drafting DIACAP/RMF Authorization packages; or one year experience at the next lowest level of this position.
Department of the Navy (DON) Cyber Information Technology / Cybersecurity Workforce positions (Cyber IT/CSWF):
This position has been designated as a Cyber IT/Cybersecurity Workforce position in specialty area 72 and as a condition of employment incumbents of this position are required to comply with the DON Cyber IT/CSWF Program requirements of SECNAV M 5239.2, which include:
1. Earn and maintain appropriate credentials from the Cyber IT/CSWF Qualification Matrix (described in SECNAV M 5239.2) associated with the specialty area and level commensurate with the scope of major assigned duties for the position to which you are assigned, and;
2. Per SECNAVINST 1543.2, Cyber IT/CSWF individuals shall participate annually in 40 hours of continuous learning (CL) activities to be documented in a current individual development plan (IDP) signed by both the employee and supervisor.
3. Required minimum Cybersecurity Credentials for this position are:
a. Education (at least one of the following):
i. Graduate Degree from accredited University
ii. CNSSI 4012 Senior Systems Manager
OR
b. Certification (at least one of the following):
i. Certified Authorization Professional (CAP)
ii. Certified Information Security Manager (CISM)
iii. Certified Information Systems Security Professional (CISSP)
iv. CompTIA Advanced Security Practitioner (CASP) ce
v. GIAC Security Leadership Certification (GSLC)
Candidates without the required credentials may be placed into this position, but must obtain the required credentials within 6 months of appointment; failure to obtain this requirement will result in termination of employment.
This position is designated IT 1 (Critical Sensitive) in accordance with SECNAV M 5510.30 and will require a favorable Single Scope Background Investigation (SSBI).
Candidates must be eligible for and obtain a Secret Clearance, within 6 months of appointment. Failure to obtain will result in termination.
Duties and Responsibilities:
Incumbents must be U. S. Citizens
Serves as mentor providing instruction and guidance to lower level InfoSec Analysts.
Excellent analytical and problem solving skills.
Maintaining and tracking IAVM program compliance.
Review and document security assessments of computing environments through the SSR process to identify points of vulnerability and non compliance with established Information Assurance (IA) standards and regulations
Track FISMA Contingency Plan testing compliance.
Assist CSWF PM with maintaining and tracking CSWF program compliance.
Perform quarterly audit reviews and reporting.
Expert with compliance and regulatory requirements such as DIACAP, RMF, PCI, PII, SOX.
Complete weekly metric reports for Code IS.
Analyze STIG and ACAS reports and advise system administrators on acceptable mitigation measures.
Compile all required artifacts for DIACAP and RMF Authorization packages and work through obtaining an Authorization to Operate.
Ensure security deficiencies identified during security/certification testing have been mitigated, corrected, or a risk acceptance has been obtained by the appropriate authorized representative.
Perform data security assessments including applications, servers, databases, and other network components and associated processes against the PCI DSS standards to identify areas of non compliance.
Process and authorize NEXCOM system access through SAAR and PAA agreements.
Provide system related input on IA security requirements to be included in statements of work and other appropriate procurement documents.
Performs other related duties as assigned.
Department of the Navy (DON) Cyber Information Technology / Cybersecurity Workforce positions (Cyber IT/CSWF):
This position has been designated as a Cyber IT/Cybersecurity Workforce position in specialty area 72 and as a condition of employment incumbents of this position are required to comply with the DON Cyber IT/CSWF Program requirements of SECNAV M 5239.2, which include:
1. Earn and maintain appropriate credentials from the Cyber IT/CSWF Qualification Matrix (described in SECNAV M 5239.2) associated with the specialty area and level commensurate with the scope of major assigned duties for the position to which you are assigned, and;
2. Per SECNAVINST 1543.2, Cyber IT/CSWF individuals shall participate annually in 40 hours of continuous learning (CL) activities to be documented in a current individual development plan (IDP) signed by both the employee and supervisor.
3. Required minimum Cybersecurity Credentials for this position are:
a. Education (at least one of the following):
i. Graduate Degree from accredited University
ii. CNSSI 4012 Senior Systems Manager
OR
b. Certification (at least one of the following):
i. Certified Authorization Professional (CAP)
ii. Certified Information Security Manager (CISM)
iii. Certified Information Systems Security Professional (CISSP)
iv. CompTIA Advanced Security Practitioner (CASP) ce
v. GIAC Security Leadership Certification (GSLC)
This position is designated IT 1 (Critical Sensitive) in accordance with SECNAV M 5510.30 and will require a favorable Single Scope Background Investigation (SSBI).
Candidates must be eligible for and obtain a Top Secret Clearance, within 6 months of appointment. Failure to obtain will result in termination.
A total of 7 years of experience, consisting of the following:
GENERAL EXPERIENCE: Three years of experience performing certification and accreditation work which enabled the applicant to gain a in depth understanding of accreditation processes, methods and Department of the Navy (DON) policies required for accomplishing work; the ability to analyze systems, apply sound judgment in documenting technical details, and resolving the problems presented; and the ability to communicate effectively with others, both orally and in writing.
OR
SUBSTITUTION OF EXPERIENCE FOR EDUCATION: One year of related academic study above the high school level may be substituted for 9 months of experience up to a maximum of a 4 year bachelor's degree in Computer Science, Cyber Security, Information Technology or related field for 3 years of general experience.
AND
SPECIALIZED EXPERIENCE: Four years of experience in at least two of the following:
Security control assessments and reports; Research and analysis of cybersecurity policy; IT security compliance and reporting; System risk analysis; Drafting DIACAP/RMF Authorization packages; or one year experience at the next lowest level of this position.
Department of the Navy (DON) Cyber Information Technology / Cybersecurity Workforce positions (Cyber IT/CSWF):
This position has been designated as a Cyber IT/Cybersecurity Workforce position in specialty area 72 and as a condition of employment incumbents of this position are required to comply with the DON Cyber IT/CSWF Program requirements of SECNAV M 5239.2, which include:
1. Earn and maintain appropriate credentials from the Cyber IT/CSWF Qualification Matrix (described in SECNAV M 5239.2) associated with the specialty area and level commensurate with the scope of major assigned duties for the position to which you are assigned, and;
2. Per SECNAVINST 1543.2, Cyber IT/CSWF individuals shall participate annually in 40 hours of continuous learning (CL) activities to be documented in a current individual development plan (IDP) signed by both the employee and supervisor.
3. Required minimum Cybersecurity Credentials for this position are:
a. Education (at least one of the following):
i. Graduate Degree from accredited University
ii. CNSSI 4012 Senior Systems Manager
OR
b. Certification (at least one of the following):
i. Certified Authorization Professional (CAP)
ii. Certified Information Security Manager (CISM)
iii. Certified Information Systems Security Professional (CISSP)
iv. CompTIA Advanced Security Practitioner (CASP) ce
v. GIAC Security Leadership Certification (GSLC)
Candidates without the required credentials may be placed into this position, but must obtain the required credentials within 6 months of appointment; failure to obtain this requirement will result in termination of employment.
This position is designated IT 1 (Critical Sensitive) in accordance with SECNAV M 5510.30 and will require a favorable Single Scope Background Investigation (SSBI).
Candidates must be eligible for and obtain a Secret Clearance, within 6 months of appointment. Failure to obtain will result in termination.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.
- Dice Id: NAVVA001
- Position Id: 250002CZ
- Posted 30+ days ago
Company Info
The Navy Exchange Service Command (NEXCOM) Enterprise encompasses six business lines, boasting a workforce of 14,000 located around the globe. The command’s mission is to provide quality goods and services at a savings and support Navy quality of life programs for active duty military, retirees, reservists, veterans, Department of Defense civilians and families.
Employees Across the Business Lines
While NEXCOM has different business lines, the majority of our employees work for NEX retail locations and NEXCOM’s Headquarters
Quality of Life Services
NEXCOM contributes to mission readiness by providing quality of life services to patrons no matter where they are stationed around the world.
Non- Appropriated Funds
As a non-appropriated fund instrumentality (NAFI) of the Department of Defense and the Department of the Navy, most of NEXCOM’s expenses are paid with its earnings and not taxpayer dollars
Create job alert
Never miss an opportunity! Create an alert based on the job you applied for.Similar Jobs
It looks like there aren't any Similar Jobs for this job yet.
Search all similar jobs