An information assurance analyst has several daily tasks that protect the corporate environment from hackers and cyber threats.
- Hackers and security experts who understand both white hat and black hat hacking.
- They keep up to date with the latest security alerts.
- They update and patch current systems, and they work with developers to review software for future deployments.
- During cyber threats, the information assurance analyst is able to triage issues and find the best resolution to mitigate any damages.
- They monitor the system and patching software to prevent future attacks
- Identify and report all IAVA/B/T & CTOs that affect the system; apply applicable patches to system baselines
- Coordinate with IAO for VRAM updates
- Create/maintain program security related Enterprise Change Requests (ECRs) for IAVA/B/T, CTOs, TASKORDs, etc.
- Prepare test reports, configuration guides and implementation plans for IAVM fix/mitigation and implementation
- Inform operational sites of fix/patch per documented procedures
- Create/maintain Standard Operating Procedures (SOPs) documenting the patching processes, ACAS scanning, etc.
- Generate and review ACAS scans to include IAV and STIG related findings, upload results to program dashboard
- Provide input to IAO for mitigation POA&Ms and Certification & Accreditation Plans (as necessary)
Requirements and skills
- Identify and report all Information Assurance Vulnerabilities (IAVs) & Communications Task Orders (CTOs) that affect the system; apply applicable patches to system baselines
- Coordinate with Information Assurance Officer (IAO) for Vulnerability Remediation Asset Manager (VRAM) database updates
- Create/maintain program cybersecurity related Enterprise Change Requests (ECRs) for baseline changes resulting from Information Assurance Vulnerabilities (IAVA/B/T), Computer Task Orders (CTOs), TASKORDs, vendor patches, etc.
- Prepare test reports and implementation plans for IAV fix/mitigation and deployment
- Notify operational sites of availability of fix/patch to deploy per documented procedures
- Create/maintain Standard Operating Procedures (SOPs) documenting the patching processes, Assured Compliance Assessment Solution (ACAS) scanning, etc.
- Generate and review ACAS scans to include IAV and Security Technical Implementation Guide (STIG) related findings, upload results to program dashboard
- Provide input to IAO for mitigation Plans of Action & Milestones (POA&Ms) and Certification & Accreditation (C&A) Plans (as necessary)
- Candidate MUST possess DoD 8570 Information Assurance Technician (IAT) II compliant security certification (such as CISSP or Security+) upon Date of Hire and TS security clearance (or ability to immediately upgrade to TS based on existing SSBI background investigation or equivalent)
- Administration of Windows OS on hardened systems, patch deployment via Windows Server Update Services (WSUS)
- Experience conducting vulnerability testing on Windows based systems, determining impact of vulnerabilities on network architecture, and communicating appropriate mitigation solutions
- Experience interpreting and reviewing System Security Plans (SSPs), network diagrams, Standard Operating Procedures (SOPs), and System Design Documents (SDDs) Experience performing security testing of applicable Security Technical Implementation Guides (STIGs), Information Assurance Controls (IACs), and current mandated DoD/DoN, and program security settings
- Experience performing and reviewing ACAS scans and analyzing the results with respect to system applicability
- Experience with DoD Information Assurance processes, particularly the DIACAP/RMF process
- Experience with various automated security tools including eEye Retina, DISA Gold Disk, NESSUS and SCAP tools
- Experience developing cybersecurity related support documentation
- Familiarity with NIST
- Bachelor’s degree in related field preferred.
- Proof of U.S. citizenship or permanent residency is required due to government or federal requirement.
- Applicants selected for employment may be subject to a federal background investigation and may need to meet additional eligibility requirements for access to classified information or materials.