JOB LOCATION: Tyndall Airforce Base
WAGE RANGE*: $55hr to $60hr
JOB NUMBER: RQ189424
REQUIRED EXPERIENCE:
Skills: Information Security, Information Systems, Risk Management
Certifications: Security+, CE - CompTIA - Security+ CE - CompTIA, CompTIA
Experience: 3 + years of related experience
JOB DESCRIPTION
Responsible for coordinating the scanning and identification of vulnerabilities associated with hosts connected to the network. Maintains all tools that are used in the scanning and identification of vulnerabilities, as well as the tools used to rationalize, consolidate, and apply additional contextual information. Maintains a cooperative relationship with Engineering and Operations teams to drive remediation efforts.
How an Information Security Analyst Will Make an Impact:
- Support the ISSM to define, create, and maintain the documentation for certification and authorization of the ADCS system in accordance with requirements. They also assess the impacts on system modifications and technological advances.
- Manages system vulnerabilities in accordance with security requirements utilizing NIST continuous monitoring standards, RMF critical security controls and counter measures based on risk assessments of mission systems.
- Identify and assess specific emergency or priority vulnerabilities, guided by input from other elements of the team such as cyber intelligence, engineering, or operations and suggest specific remediation approaches.
- Analyze vulnerability data and assist with the prioritization and remediation of the identified vulnerabilities commensurate to risk and vulnerability management standards
- Understand vulnerabilities, their impacts, mitigation techniques, and document and articulate this understanding to various stakeholders
- Update and develop security standards and templates as required to meet new regulatory/audit/etc. requirements and guidance
- Improve the efficacy and efficiency of specific VM practices across the enterprise, to include vulnerability identification/assessment/remediation.
- Leverage and enhance existing VM frameworks/policies/standards to ensure VM maintains a minimum of industry best practices.
- Coordinate collection of data and documentation in support of examinations/audits
- Work with existing solution vendors (e.g., ACAS, HBSS) as necessary; identify potential solutions.
- Research, develop, implement, test and review information security in order to protect information and prevent unauthorized access.
- Responsible for gathering information necessary to maintain security and establish functioning external barriers such as firewalls and other security measures.
- Additionally, ISSOs assess and review systems in order to identify potential security weaknesses, recommend improvements to amend vulnerabilities, implement changes and document upgrades.
What you Will Need to Succeed:
- BA/BS and 3+ years of experience (additional years of experience will be considered in lieu of degree, 7+)
- Experience and training with Microsoft Server 2016/ 2019 or newer to include Active Directory, Radius, DNS and Group Policy
- Experience and training with virtual environments (VMware, Hyper-V, etc.)
- Familiar with maintaining and operating Trellix ENS (formerly McAfee Endpoint Security) and Tenable Security Center (ACAS) scans
- Familiar with maintaining and operating SQL server
- Experienced in applying patches/updates and STIGs
- Possess and maintain a minimum of IAT level II certification IAW the DoD directive 8140.01Cyberspace Workforce Management.
Equal Opportunity Employer Veterans/Disabled
* While an hourly range is posted for this position, an eventual hourly rate is determined by a comprehensive salary analysis which considers multiple factors including but not limited to: job-related knowledge, skills and qualifications, education and experience as compared to others in the organization doing substantially similar work, if applicable, and market and business considerations. Benefits offered include medical, dental and vision benefits; dependent care flexible spending account; 401(k) plan; voluntary life/short term disability/whole life/term life/accident and critical illness coverage; employee assistance program; sick leave in accordance with regulation. Benefits may be subject to generally applicable eligibility, waiting period, contribution, and other requirements and conditions.