- Ensure all users have the requisite security clearances and need-to-know, complete annual cybersecurity training, and are aware of their responsibilities before being granted access to the IT.
- Maintain all authorized user access control documentation IAW the applicable AF Records Information Management System (AFRIMS).
- Ensure software, hardware, and firmware complies with appropriate security configuration guidelines (e.g., Security Technical Implementation Guides (STIGs)/Security Requirement Guides (SRG)).
- Ensure proper configuration management procedures are followed prior to implementation and contingent upon necessary approval. Coordinate changes or modifications with the system level ISSM and SCA.
- Initiate protective or corrective measures, in coordination with the security manager, when a security incident or vulnerability is discovered.
- Report security incidents or vulnerabilities to the system-level ISSM.
- Analyze information assurance-related technical problems and provide engineering and technical support in solving these problems.
- Perform vulnerability/risk analyses of computer systems and applications during all phases of the system development life cycle. Provide technical support to the IA Cell to develop and maintain IA processes and procedures for computer network defense-in-depth protection for the enterprise.
- Track all implementation information for assurance directed guidelines for all hardware as well as applicable software ensuring proper security for the Enterprise.
- Provide tracking and summary reports based on findings to leadership. Implementation actions include but are not limited to STIGs, compliant patch implementation/management, Information Assurance Vulnerability Management (IAVM) compliance, integration/ implementation of network or firewall approved devices, and react appropriately to cyber threats.
- Produce monthly status reports of IA compliance for all portions of the Enterprise.
- Run IA scans with appropriate and approved tools (e.g. Security Content Automation Protocol (SCAP), Assured Compliance Assessment Solution (ACAS), etc.) of all items as directed. Scans shall be run using the most recent security definitions of each tool.
- The contractor shall maintain CCB-approved configurations consistent with DoD policies and procedures.
- Update, document, and maintain appropriate IA implementation actions in the Vulnerability Management System (VMS) database and any additional database archives mandated.
- Support and perform DoD Risk Management Framework in accordance with NIST 800- 53 and NIST 800-53A for IA controls; 8570/8140 for IA Workforce training and DCID 6/3 for protection of sensitive compartmented information. This also includes the updates to the Risk Management Framework (RMF) package and all updated instructions which support the Assess and Authorize (A&A) process.
- Interpret and communicate findings to the JNOC, IA cell and JCSE leadership for the impact of implementing of IA hardware/software upgrades/modifications, policy, and directives to Enterprise.
- The contractor shall document and present operational systems/network computer network defense recommendations and issues.
- Must have a DoD 8570 IAM Level I Certification
- Must have documented experience with Risk Management Framework (RMF).
- Must have knowledge of DISA STIG implementation, vulnerability scanning, and mitigation.
- Must have documented experience with the following tools: ACAS, Nessus, SCAP compliant tools.
- Must have experience with the development of System Security Plans.
- Must have at least 2 years of experience with Associates Degree or 5 years of direct work experience.
- Must be a US Citizen.
- Top Secret w/SCI Eligibility.