Information Assurance and Security Advisor

The Information Assurance and Security Advisor will provides certification and accreditation support in the development of security and contingency plans and conducts complex risk and vulnerability assessments. Analyzes policies and procedures against Federal laws and regulations and provides recommendations for closing gaps.

What youll do:

• Assist in maintaining the existing System Security Plan (SSP) internal testing against the SSP support for DeCA sponsored Security Testing & Accreditation (ST&E); development of the plan of Actions & Milestones (POAMs) and assistance with any submission to the DeCA accrediting official for issuance of the Authority To Operate (ATO).
• Assist with weekly reviews documentation and resolve all findings identified in vulnerability assessments and security compliance reviews IAW DoDI 8531.01 DeCAM 3531.01 and published USCYBERCOM directives for enterprise infrastructure
• .Assist with ensuring audit logs meet the current audit requirements (Figure 1 of DeCAM 3531.01.
• Assist in maintaining audit logs and record findings per DeCAM 3131.01.
• Report anomalies identified during audit log reviews or alert notifications to the NCR IA Manager and/or DeCAs incident response team as appropriate and address identified anomalies and alert notifications per the guidance and reporting timelines defined by DeCAM 3531.01 and DeCA Incident Response procedures.
• Assist with enforcement of security policies and safeguards on all personnel having access to the information system for which NCR is responsible. Recommend the suspension of network access for users not complying with security policies of the system to the SISO/CISO..
• Assist with developing procedures for and conduct periodic security reviews to enforce service account and DB password strengths.
• Assist with Cybersecurity personnel reviews regarding DEBOSS responsibilities and accounts twice per year IAW DeCAM 3531.0.
• Assist with conducting periodic benchmark scans to test products for STIG compliance and apply new STIGs IAW timelines and guidance in DeCAM 3531.01.
• Identify analyze and remediate applicable OS/DB STIG severity Category I II or III finding (STIG Viewer) that occurs in systems or software IAW DeCAM 3531.01.
• Document and update deviations from STIGs or other hardening guides as new vulnerability issues are identified.
• Assist with submitting evidence for security control and continuous monitoring compliance that impact ATO vulnerability remediation activities to include POA&Ms and security patching.

This is a remote position but must reside close for possible in office days in Fort Lee VA.

Basic Qualifications:

• Minimum of 8 years with BS/BA; Minimum of 6 years with MS/MA; Minimum of 3 years with PhD
• Must have an active CISSP certification
• Must have an Secret Clearance
• U.S citizenship is required
• Abiltiy to assist with hardening DEBOSS systems and software per DISA STIGs.
• Must be able to perform vulnerability assessments including development of risk mitigation strategies.
• Must be able to provideassistance in computer incident investigations.
• Ability to recommend system enhancements to improve security deficiencies.
• This is a remote position but must reside close for possible in office days in Fort Lee VA.

Peraton is a nextgeneration national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the worlds leading mission capability integrator and transformative enterprise IT provider we deliver trusted highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land sea space air and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day our employees do the cant be done by solving the most daunting challenges facing our customers. Visit peraton to learn how were keeping people around the world safe and secure.