IT Systems Compliance Analyst
Pensacola, FL
Applications have closed
CSA
Discover how CSA can support your organization's mission with our world-class technology, mission, training, simulation and cybersecurity solutions.Responsibilities
- This person will provide package support per Naval Education and Training Commands continuous monitoring guidance. Establish periodic meetings/Meet with NETC Cyber RMF Team to discuss RMF timelines, tasks, and deliverables
- Maintain eMASS Record .
- Maintain Key artifacts (Package hardware/software lists, diagrams, etc).
- Maintain other artifacts required by RMF/eMASS( Categorization Form, Contingency Plan (CP), Disaster Recovery Plan (DRP),Incident Response Plan (IRP), Vulnerability and Patch Management Plan, Privacy Impact Assessment (PIA), System Level Continuous Monitoring (SLCM) Strategy)
- Ensure MONTHLY Scans are conducted per SCA Testing Guidance
- Ensure all assets in Hardware are scanned, and credentialed
- Process scans utilizing the eMASSter tool .
- Ensure all applicable STIGS are conducted for all assets in the Hardware List
- Ensure all QUARTERLY updated applicable STIGs from DISA website are implemented
- Review findings and associate each with applicable affected security control
- Update POAM items (See POAM Section)
- Web Risk Assessment (WRA) Scans (if applicable)
- ATO Modifications (Use Case)
Qualifications
- Minimum Education: High School Diploma or equivalent.
- Navy Cyber Security Workforce (CSWF) baseline certification at IAM Level I or a higher-level certification is required. Acceptable certifications include Security+ CE, CAP, CND, GSLC, Cloud+, and HCISPP.
- IA Contractor Training and Certification and Computing Environment (CE) certification may be required at the task order level.
- An Active U.S. Government / DoD Secret Clearance and ability to maintain clearance.
- Must be able to meet security investigation and meet eligibility requirements for access to classified information.
- Three (3) or more years of experience executing the NIST Risk Management Framework (RMF) and/or the DoD Information Assurance Certification and Accreditation Program (DIACAP).
- Supporting the security Assessment and Authorization/ATO process.
- Experience with reviewing, comprehending and documenting findings from ACAS (Assured Compliance Assessment Solution) Reports.
- Experience with SCAP (Security Content Automation Protocol).
- Experience with DoD Architecture Framework (DoDAF) standards and assessments of enterprise information security architecture, processes, procedures, activities, and operations.
- Experience with performing cyber security risk assessments and identifying, verifying, and consolidating specific vulnerabilities, causes, analysis of alternatives and identification of appropriate corrective actions from each risk assessment conducted.
- Experience with evaluation of Security Technical Implementation Guides (STIGs) to determine applicability to systems and assets.
- Functional expertise with Microsoft Office suite of products, including Word, Excel, PowerPoint, Visio, and Project.
Preferred Qualifications
- BA or BS degree from an accredited institution in related field (e.g., Management Information Systems, Information Technology, Computer Science, Math, Business, Engineering, or Physical Science, etc.)
- Prior experience with DoD Information Assurance Certification and Accreditation Program (DIACAP).
- IT project management experience supporting Navy or DoD network systems.
- Excellent oral and written communication skills, including drafting, reviewing, and editing technical graphs, briefs, or documents.
- Evidence of being detail oriented with strong critical thinking in areas of IT process analysis / process improvement.
- Possesses Good Team Skills having the ability to coordinate and work well with others.
Applicants may need to meet eligibility requirements for access to classified information; an active United States Department of Defense security clearance or the ability to obtain one may be required for this role.
As a federal contractor, CSA is subject to any federal vaccine mandates or other customer vaccination requirements. All new hires are required to report their vaccination status.
WE BELIEVE great companies know who they are and what they stand for. CSA’s common purpose and core values were purposefully developed to create a culture focused on unlocking the full potential of our people—so they are inspired to solve our clients’ toughest challenges. It’s no secret, we owe the past 18 years of our success to our outstanding and ambitious team members. To support our hard working team, we offer an environment focused on learning and growth, an awesome benefits package, and opportunities to build a long and successful career. We are constantly on the hunt for talented, forward-thinking problem solvers with an energetic attitude and a strong work ethic to join our elite team of CSAers.
Be a part of CSA… do great things!
CSA is a Federal Contractor and an Equal Opportunity/Affirmative Action Employer.
If you are an individual with a disability and would like to request a reasonable workplace accommodation for any part of our employment process, please send an email to hr@csaassociates.com. Please indicate the specifics of the assistance needed. Assistance is reserved for individuals who are requesting a reasonable workplace accommodation. It is not intended for other purposes or inquiries. We’re an equal opportunity employer that empowers our people no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, or veteran status or other protected characteristic.
Federal Equal Opportunity is the LawFederal Employee Rights under FMLAFederal Employee Polygraph Protection ActE-Verify Participation Poster (uscis.gov)If you are a California resident applying for a job, you consent to our California Job Applicant Privacy Notice.
Notification for current or previously cleared professionals:
Official U.S. Government information appearing in the public domain shall not automatically be considered UNCLASSIFIED or approved for public release. CSA recognizes that information contained in resumes of current or previously cleared professionals may be sensitive, contain potentially proprietary and/or protected information. Protected Information is considered classified, in the process of a classification determination, or unclassified, but protected by statute. Therefore, all resumes should be approved for public release by a U.S. Government Official with Original Classification Authority, prior to posting the resume to CSA’s applicant tracking system.By submitting my resume, I understand that I am NOT authorized to upload content with Official U.S. Government information that is considered, sensitive, proprietary, or protected.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: ACAS Automation Clearance Cloud CND Compliance Computer Science CSWF DIACAP DISA DoD eMASS GSLC IAM Incident response Monitoring NIST Polygraph Privacy Risk assessment Risk management RMF SAP SCAP Security assessment Security Assessment Report Security Clearance STIGs Strategy Vulnerabilities
Perks/benefits: Career development Startup environment
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Product Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open IT Security Engineer jobs
- Open Sr. Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open Forensics-related jobs
- Open Kubernetes-related jobs