Specialist, Information Assurance Compliance II; SIAC Security Clearance

Position: Specialist, Information Assurance Compliance II (SIAC2) with Security Clearance
Type:
Full Time

Location:

Philadelphia, PA Overtime Exempt:
Exempt

Reports To:

ARMADA HQ

Travel Required:

Yes Security

Clearance Required:

Active Secret Security Clearance
************ CONTINGENT UPON AWARD
**************
* Duties & Responsibilities:

* Specialist, Information Assurance Compliance II (SIAC2) will collect and collate system or site information and use it to evaluate and document in Enterprise Mission Assurance Support Service (eMASS) the security posture of the system or site being Assessed, Authorized, and maintained. Will have access to the unclassified and classified Navy eMASS system.
* Develop, submit, and maintain RMF packages in accordance with DoD Instruction 8510.01, NAVSEA Business Rules, DON RMF Process Guides, NAVSEA Standard Operating Procedures (SOPs), and the business rules of cognizant review offices. Should there be any conflicting interpretations, request for clarification/adjudication will be resolved in the Technical Instruction.
* Specialist, Information Assurance Compliance II (SIAC2) will develop the RMF package documentation required for submission in accordance with DoD/NAVSEA directives. Some examples include AO Determination Request Package and Checklist, System Platform IT (PIT) Determination, Categorization Form, HW/SW lists, Authorization Boundary Diagrams, Defense in Depth Diagrams, PPSM list, Privacy Impact Assessment (PIA). E-Authentication Questionnaire, System Level Continuous Monitoring Strategy (SLCM), Security Plan (SP), RMF Step SOP checklists, Plan of Actions and Milestones (POA&M), Security Assessment Plan (SAP), Security Technical Implementation Guide (STIG), Alternate Forms of Compliance, Security Assessment Report (SAR), Risk Assessment Report (RAR), Security Authorization Package, Package Endorsement Letters.

Products shall be created in the appropriate software (i.e. Microsoft Visio, scanning software, eMASS DISA STIG Viewer, eMASSTER etc.).
* Develop or revise existing policies, plans, and strategy documents to meet requirements for RMF Control Families and ensure all IA requirements have been addressed. Some examples include an Incident Response plan, Contingency plan, Information Assurance Vulnerability Management plan, Configuration Management plan, System Development plan, and Physical Security plan. Evaluate all discrepancies and recommend potential mitigation measures for reducing or eliminating specific risks.

* Specialist, Information Assurance Compliance II (SIAC2) will conduct risk and vulnerability assessments of planned and installed systems to identify vulnerabilities, risks and protection needs; conduct systems security evaluation, audits, and reviews; determine the residual risk of a package based on package content and assessment results and documenting for the Security Controls Assessor's (SCA) and higher level review.
* Execute Security Assessment Plans (SAPs) by conducting on-site testing for afloat and PIT ashore systems. Examples include executing STIGs, SRGs, ACAS scanning, and applying patches assets to obtain cybersecurity compliance and remediate vulnerabilities.
* Specialist, Information Assurance Compliance II (SIAC2) will develop and maintain in eMASS a Plan of Action and Milestone (POA&M) for all IA-related tasks and deliverables. The POA&M should include findings from required Security Technical Implementation Guides (STIGs), vulnerability test results, automated scan reviews, Assured Compliance Assessment Solution (ACAS) scans, Security Content Automation Protocol (SCAP), Evaluate STIG, and other DoD-mandated assessment-utilities.

eMASS shall be utilized to assist in POA&M creation.
* Conduct systems security reviews, audits, or evaluations, as appropriate, to ensure accreditation documents are accurate and represent the current risk posture of the system.
* Perform analysis of logs, events, and reporting of various data collections tools including: vulnerability monitoring via Assured Compliance Assessment System (ACAS) and related tools, Host Based Security Systems (HBSS), web content filters, Security Information and event management (SIEM), firewall systems, network devices, server devices, workstations,…