CommunityForce, Inc. is a global technology company that offers a full range of service modules, including scholarship management and grants management, to manage every aspect of business operations for philanthropic organizations, educational institutions, associations and other nonprofit organizations. CommunityForce is a rapidly growing systems integrator for the US Air Force.
Position: Information Assurance Analyst
Location: Ashburn, VA
Must Have: Security+
- Will maintain the operational security posture for the information system or program in accordance with NIST, DoD, and AF guidance.
- Initiate protective or corrective measures when a cybersecurity incident or vulnerability is discovered and ensure that a process is in place and followed for authorized users to report all cybersecurity-related events and potential threats and vulnerabilities to the ISSM.
- Ensure software, hardware, and firmware complies with appropriate security configuration guidelines (i.e., Security Technical Implementation Guides (STIGs)/ Security Requirement Guides (SRG)).
- Implement security configuration guidelines on software, hardware, and firmware as required.
- Ensure proper configuration management (CM) procedures are followed prior to implementation and contingent upon necessary approval, according to this Instruction. Coordinate changes or modifications to AF IT with the system-level ISSM, SCA and or the Wing Cybersecurity office.
- Initiate protective or corrective measures, in coordination with the security manager when a security incident or vulnerability is discovered.
- Initiate exceptions, deviations, or waivers to cybersecurity requirements as directed by the ISSM.
- Maintain situational awareness of when patches, CVEs, vulnerabilities, policies, etc. are identified and formally released to DoD Information Systems for implementation and reporting.
- Ensure vulnerabilities are addressed, patched, mitigated, and reported as directed by the DoD, AF, and HQ AETC ITSP Leadership.
- Produce supporting artifacts for assigned security controls and corresponding configuration control items to include but not limited to; scan reports, system logs and system screen-shots.
- In coordination with the ISSM, utilize cybersecurity tools, made available to them and approved by the government, to configure, maintain, report, and substantiate system component compliance; examples include but are not limited to the Security Content Automation Portal (SCAP), Security Technical Implementation Guides (STIG) Viewer and Checklist.
Require Skills (if any):
- Must have a BS degree in Computer Science, Electrical Engineering, or a related technical field.
- Must have Security+ CE certification.
- Certified Information Systems Security Professional (CISSP) certification or equivalent is a plus.
- Must have a Secret Clearance and have the ability to obtain a Top Secret Clearance.
- At least 5 years of IA/Cybersecurity experience, including demonstrated knowledge, skills, and abilities to perform the job responsibilities listed above.
- Experience with cloud systems preferred