Sr. Information Assurance and Security Associate

Responsibilities

We are looking to add an Sr. Information Assurance and Security Associate to our team of talented professional for the DeCA team.

 

What you'll do:

• Assist in maintaining the existing System Security Plan (SSP), internal testing against the SSP, support for DeCA sponsored Security Testing & Accreditation (ST&E); development of the plan of Actions & Milestones (POAMs) and assistance with any submission to the DeCA accrediting official for issuance of the Authority To Operate (ATO).
• Assist with weekly reviews, documentation, and resolve all findings identified in vulnerability assessments and security compliance reviews, IAW DoDI 8531.01, DeCAM 35-31.01 and published USCYBERCOM directives for enterprise infrastructure
• .Assist with ensuring audit logs meet the current audit requirements (Figure 1 of DeCAM 35-31.01).
• Assist in maintaining audit logs and record findings per DeCAM 31-31.01.
• Report anomalies identified during audit log reviews or alert notifications to the NCR IA Manager and/or DeCA's incident response team, as appropriate, and address identified anomalies and alert notifications per the guidance and reporting timelines defined by DeCAM 35-31.01 and DeCA Incident Response procedures.
• Assist with enforcement of security policies and safeguards on all personnel having access to the information system for which NCR is responsible. Recommend the suspension of network access for users not complying with security policies of the system to the SISO/CISO..
• Assist with developing procedures for and conduct periodic security reviews to enforce service account and DB password strengths.
• Identify, analyze, and remediate applicable OS/DB STIG severity Category I, II or III finding (STIG Viewer) that occurs in systems or software IAW DeCAM 35-31.01. 
• Document and update deviations from STIGs or other hardening guides as new vulnerability issues are identified.
• Assist with submitting evidence for security control and continuous monitoring compliance that impact ATO, vulnerability remediation activities, to include POA&Ms and security patching
• This is a remote position but must reside close for possible in office days in Fort Lee, VA.

 

Qualifications

Basic Qualifications:

• 2 years with BS/BA; 0 years with MS/MA; 6 years with no degree
• Must have an active CISSP certification
• Must have a Secret Clearance
• U.S. citizenship is required
• Must have the ability to assist with Cybersecurity personnel reviews regarding DEBOSS responsibilities and accounts twice per year IAW DeCAM 35-31.0.
• Must have the abilty to assist with conducting periodic benchmark scans to test products for STIG compliance and apply new STIGs IAW timelines and guidance in DeCAM 35-31.01.
• This is a remote position but must reside close for possible in office days in Fort Lee, VA.

 

Peraton Overview

Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world’s leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees do the can’t be done by solving the most daunting challenges facing our customers. Visit peraton.com to learn how we’re keeping people around the world safe and secure.

Target Salary Range

$80,000 - $128,000. This represents the typical salary range for this position based on experience and other factors.

EEO

EEO: Equal opportunity employer, including disability and protected veterans, or other characteristics protected by law. Apply