Information Assurance Security Specialist (Senior)
Crystal City, Virginia, United States
Lucayan Technology Solutions LLC
Lucayan is hiring a Sr. Information Assurance Security Specialist. The Sr. IASS performs assessment, compliance, and validation of IT systems to support the Cybersecurity program at USSOCOM, its Component Commands, TSOCs, and deployed forces. The Contractor shall execute a comprehensive assessment, compliance and validation of customer networks to ensure compliance with regulations and security and standards. Key activities include: the timely application of software maintenance patches; performing security assistance visits (SAVs) and inspections; validation scanning; remediation; reviews of SAVs and inspections; validating various capability packages; and support of emerging technologies, to include, but not limited to, WLAN, VPN, Mobility Access, Data at Rest, and Enterprise Gray network solutions. The Contractor shall perform duties in accordance with policies, procedures, regulations, directives, and software development guidelines from USSOCOM and Joint Staff, DoD, DIA, DISA, NSA, and USCYBERCOM.
General duties include:
- Provide on-site support for Cybersecurity assessments, compliance, and validation.
- Perform Cybersecurity Compliance and Validations to include Cybersecurity site visits, inspections, scanning, remediation, patch compliance, and reviews.
- Assess organizational security posture of USSOCOM’s Component Commands, TSOCs, and deployed forces and verify their compliance with DoD, DIA and USSOCOM guidance.
- Identify common security risks by analyzing findings, developing metrics, and trends.
- Validate the patching of systems, perform validation scanning using ACAS, develop Plans of Action & Milestone (POA&Ms), and report as directed by applicable policies, procedures, and regulations.
- Assist Component Commands, TSOCs, and deployed forces with required scanning and vulnerability management programs.
- Track and report to higher headquarters organizations (e.g., USCYBERCOM, DIA) compliance with applicable Cybersecurity regulations and directives.
- Maintain records documenting compliance with federal laws, directives, policies and procedures and provide USSOCOM, its Component Commands, TSOCs, and deployed forces.
- Provide POA&M for correcting or mitigating the weakness (as required) and track POA&Ms and provide status updates.
- Periodically review USSOCOM, Component Command, TSOC, and deployed forces’ Information Security Plans and Physical Security Plans and recommend measures to safeguard classified, sensitive, and unclassified information.
- Identify and document that physical security elements identified to support DoD networks, systems, services and devices are in compliance with security controls for access control.
- Execute Information Assurance Vulnerability Management (IAVM) programs; track and report compliance with Information Assurance Vulnerability Alerts (IAVAs) and Information Assurance Vulnerability Bulletins (IAVBs). Coordinate with subordinate organizations for required reporting and compliance status. Track and report the status of POA&Ms through their completion.
- Execute Cybersecurity self-inspection programs; track and report on compliance and completion.
- Perform FISMA network and system security reviews.
- Perform and publish trend analyses of SIE Cybersecurity assessments, lessons learned, and recommended mitigation approaches.
- Provide subject matter expertise for COA development and the implementation of Cybersecurity mitigation strategies.
- Develop and implement required processes, procedures, and capabilities to mitigate vulnerabilities and weaknesses for software and hardware deployment.
- Respond to Cybersecurity Requests for Information (RFIs) from external organizations and NetOps decision makers.
Requirements
Minimum Education/Experience Requirements:
- Bachelor’s Degree in computer or systems science discipline and eight (8) years of progressive, relevant experience or equivalent combination of education and experience.
- Experience with the US Combatant Commands (USCENTCOM/USSOCOM) is desired.
- DOD Information Assurance Technical (IAT) Level III(preferably CASP+) certification required.
- Working knowledge of the DISA Security Technical Implementation Guides.
- Must have excellent communication skills (written and oral) and interpersonal skills.
- Knowledge and experience with DOD IA processes and policies (e.g., CJCSM 6510.01, Incident Response and other IA policies).
Clearance Requirements:
- TS/SCI
Benefits
Tags: CASP+ Clearance Compliance DoD FISMA Incident response TS/SCI VPN Vulnerabilities Vulnerability management
Perks/benefits: 401(k) matching Health care Insurance
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Information Security Specialist jobs
- Open Cyber Security Specialist jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Architect jobs
- Open Senior Cyber Security Engineer jobs
- Open Product Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Staff Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Malware-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs
- Open Forensics-related jobs