Information Security Analyst - Senior (Mon - Fri)

One Inc
Fort Lee, United States of America
7 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior

Job location

Fort Lee, United States of America

Tech stack

Microsoft Windows
Computer Security
Computer Networks
Data Security
Issue Tracking Systems
IT Management
PCI Data Security Standards
Public Key Infrastructure
Comptia Pentest+ CE
Security Content Automation Protocol
Software Vulnerability Management
SolarWinds (Software)
ServiceNow
Plan of Action and Milestones

Job description

At The One 23 Group, our mission is to set the benchmark for excellence in government services. We empower our clients in the Department of Defense, Intelligence Community, and Federal Civilian sectors to excel with our advanced capabilities. Our dedication lies in fostering a people-first culture, underpinned by steadfast ethical principles. Embracing innovative technologies and process improvements, we are steadfast in our journey toward a future that is both bright and transformative.

Our expertise spans Cyber, Mission IT and Enterprise IT. With our global footprint, we place a strong emphasis on nurturing our people and culture, which forms the core of our successful strategies in leadership and financial management. We pride ourselves on our extensive experience and effective approach, ensuring that we lead with both innovation and integrity.

The Defense Commissary Agency (DeCA) is responsible to Joint Force Headquarters, Department of Defense Information Network (JFHQ-DoDIN) and United States Cyber Command (USCYBERCOM) for the ongoing efforts to secure, operate and defend the Department of Defense Information Network (DoDIN) as a Tier-1 DoDIN Area of Operations (DAO). DeCA is also responsible for upholding other requirements including but not limited to those set by the Federal Information Security Management Act (FISMA), the Payment Card Industry Data Security Standard (PCI-DSS), and the National Institute of Standards and Technology Risk Management Framework (RMF) in order to continue operations. The requirements of this position will be to provide risk management, long-term vulnerability management, and general cybersecurity support., * Protect and defend DeCA by working with DeCA's Information Systems Security Managers (ISSM) and Information Systems Security Officers (ISSO), and others to secure the Desktop Common Operating Environment (DCOE) in accordance with National Institute of Standards and Technology Risk Management Framework, Department of Defense, and DeCA doctrine

  • Assist in the development of Plan(s) of Action and Milestones (POA&M, or POAM) and Risk Acceptance
  • Vulnerability Management

Secondary Responsibilities

  • Assist in managing vulnerability patching
  • Reporting of vulnerability baselines

Knowledge/Experience must include

  • Customer Service/Support
  • Risk Management Framework (RMF)
  • RMF Security Controls
  • Information Assurance Vulnerability Management (IAVM)
  • Assured Compliance Assessment Solution (ACAS)
  • Enterprise Mission Assurance Support Service (eMASS)
  • System Security Plans (SSPs)
  • Authority to Operate (ATOs)
  • Plan of Action & Milestones (POA&Ms)
  • Designating Approving Authority Risk Acceptance (DRAs)
  • Security Content Automation Protocol (SCAP)
  • Security Compliance Checker (SCC)
  • Public Key Infrastructure (PKI)
  • Security Technical Implementation Guides (STIGs)

Requirements

  • National Institute of Standards and Technology (NIST)
  • Ticketing System Experience (e.g. BMC Remedy/ServiceNow/SolarWinds/Ivanti)
  • Excellent Oral/Written Communication
  • Federal Risk and Authorization Management Program (FedRAMP), * Bachelor's degree or HS/GED + 5 yrs in Windows Computing Environment
  • Baseline Certification (required): DoD 8140 certification from CSSP Infrastructure Support or CSSP Auditor category (CEH, CYSA+, GICSP, SSCP, CHFI, CFR, Cloud+, CND, CISA, GSNA, CFR, PenTest+), CISM or CISSP
  • Computing Environment Certification (ACASS or EMASS) - can be obtained within six months of hire
  • ITIL Training Course (ITIL v4 recommended) - can be obtained after hire

Apply for this position