Information Assurance/Security Specialist – Level II–NELLIS Position Type

Full Time, Onsite

Position Location

Nellis AFB, NV

Tracking Code

01138

Daily Responsibilities

• Document DISA Security Technical Implementation Guideline (STIG) and Security Requirements Guide (SRG) compliance. Conducts Assured Compliance Assessment Solution (ACAS) and Security Content Automation Protocol (SCAP) scanning and assessments, and DHA Authorization to Operate (ATO) standards.
• Update and document Site and Support Locations enclave artifacts in Enterprise Mission Assurance Support Service (eMASS).
• Assist the system owner and ISSM in various aspects of designing, developing, and writing certification and accreditation (C&A) documentation packages, including support of the ATO and its systems and/or environment, including but not limited to POA&M and other artifacts.
• Administer and support security reviews of all new or modified systems, devices, and configurations to ensure a consistent security posture.
• Administer all security related documentation and databases including System Security Authorization Agreements (SSAA), recording mitigation strategies, waivers, approvals, ports and protocol registration, and user rights tracking.
• Assist in the detailed investigation and documentation of security incidents as required.
• Support the Government’s directive to maintain and sustain all aspects of CAC login and PKI technology and/or other Government authorized or required two-factor identification protocol or system.
• Utilize approved Government scanning tools and/or Government provided security protocols, including forensics analysis and Intrusion Prevention System.
• Provide risk assessments and reviews for system and medical devices deployed and to be deployed on site.
• Participate in preparing for Command Cyber Readiness Inspections (CCRIs).
• Support changes required by IAVAs, Information Assurance Vulnerability Bulletins (IAVBs), and Cybersecurity Tasking Orders.
• Participate in remediation of findings, vulnerabilities, and troubleshooting of subsequent conflicts and problems.
• Manage tickets (incidents, cases, and requests) that have been initiated and/or assigned to the local site Cybersecurity office or assigned IA support resources.
• Contractor will obtain and maintain access and familiarity with enterprise tools required for support of RMF, vulnerability management, threat detection, event auditing, IT audits, data loss prevention, and incident response.
• Coordinate with system owners, administrators, and users to implement security requirements and maintain compliance throughout the system lifecycle.
• Follows National Institute of Standards and Technology (NIST) and/or Department of War IA Certification and Accreditation Process standards, and Department of War (DoW) security protocols.
• The Contractor shall collaborate with the Government Information Assurance and Cyber team to provide updates to the local site RMF package for the information system. The RMF package shall include, at a minimum, the following documents, and artifacts:
• System Security Plan (SSP): A document that describes the security controls in place for the information system and how those controls are implemented, monitored, and assessed.
• Security Assessment Report (SAR): A report that provides an assessment of the security controls in place for the information system and identifies any deficiencies or weaknesses.
• Plan of Action and Milestones (POA&M): A document that outlines the actions required to address any deficiencies or weaknesses identified during the security assessment.
• Security Authorization Package (SAP): A package of documents that includes the SSP, SAR, POA&M, and other relevant artifacts that are submitted to the Authorizing Official (AO) for review and approval.
• Continuous Monitoring Plan (CMP): A plan that outlines the ongoing monitoring and assessment of the security controls in place for the information system.
• The contractor shall provide updates to the RMF package within eMASS and shall be reviewed and approved by the Government Task Manager prior to the deployment of the information system. The Contractor shall also provide the Government Task Manager…