INFORMATION SYSTEM SECURITY SPECIALIST 1

VSolvit is seeking a skilled and motivated Information System Security Specialist to join our team. As the Information System Security Specialist, you will be responsible for analyzing and interpreting complex cybersecurity data sets to identify potential threats and vulnerabilities. You will work closely with stakeholders to ensure that data analysis is performed accurately, and insights are provided to enhance the organization’s security posture.

In this role, you will be responsible for monitoring and analyzing security logs, conducting data-driven investigations, and   generating reports to communicate findings and recommendations to relevant teams. Additionally, you will collaborate with other cybersecurity professionals, business analysts, and end-users to develop and implement customized solutions to strengthen the organization’s security defenses, including the design and integration of workflows and data analytics tools.

As with any position, additional expectations exist.  Some of these are, but are not limited to, adhering to normal working hours, meeting deadlines, following company policies as outlined by the Employee Handbook, communicating regularly with assigned supervisor(s), and staying focused on the assigned tasks.

Responsibilities

• Collect and collate system information and use it to evaluate and develop security documentation
• Maintain system security records in Enterprise Mission Assurance Support Service (eMASS)
• Review security assessment plans, test plans, and procedures
• Optimize A&A and AO testing procedures
• Conduct risk and vulnerability assessments of planned and installed systems to identify vulnerabilities, risks and protection needs
• Conduct systems security evaluation, audits, and reviews
• Determine the residual risk of a package based on content and assessment results and documenting for the SCA and higher-level review.
• Conduct systems security reviews, audits, or evaluations, as appropriate, to ensure accreditation documents are accurate and represent the current risk posture of the system.
• Work with the Information System Owner/ISSO/System Administrators to determine applicable fixes and/or mitigation for weaknesses and to determine the adequate level of residual risk.
• Perform analysis of logs, events, and reporting of various data collections tools including:
  • Assured Compliance Assessment System (ACAS) and related tools
  • Host Based Security Systems (HBSS)
  • Web content filters
  • Security Information and event management (SIEM)
  • Firewall systems, network devices, server devices, workstations, and intrusion detection and prevention systems (ID/PS)
• Assess impacts from observed risks and report via the Cybersecurity Program chain of command.
• Perform the evaluation of system administrator, security engineer, and/or system owner proposed corrections to ensure compliance and best-fit solution.
• Present and submit data to management, develop reports, and produce procedural documentation in a comprehensive and cohesive manner.
• Perform remediation, patching, scanning and associated boundary maintenance risk management and security engineering for assigned systems.
• Develop all required eMASS documents, to include Plan of Actions and Milestones (POA&Ms)/ Risk Assessment Reports (RARs) and Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs); products shall be created in the appropriate software (i.e. Microsoft Visio, scanning software, eMASS DISA STIG Viewer, etc.)
• Determine a system's compliance with all applicable Controls and Assessment Procedures (APs) for an assigned DoN system, including:
  • Developing the appropriate test procedures, if necessary
  • Executing the test procedures; and accurately documenting the results of security testing
  • Updating the eMASS record for the assigned system(s).
• Document residual risks in a plan of actions and milestones formatted in compliance with the current package system, currently eMASS.
• Maintain current vulnerability scan data and residual risk plan of actions and milestones in Vulnerability Remediation Asset Manager (VRAM).
• Track deliverables and action items in accordance with A&A guidance.
• Manage, attend, and support configuration control board practices.
• Ensure RMF artifacts comply with appropriate current instructions
• Create and verify the accuracy of POA&Ms/RARs as identified by vulnerability actual test results.

Basic Qualifications

• Bachelor’s degree in a technology, business, or equivalent field AND 2 Years practical experience in a Cybersecurity, Engineering, T&E or A&A (formerly C&A) related field, OR;
• 4 Years practical experience in a Cybersecurity, Engineering, T&E or A&A (formerly C&A) related field
• Have worked with Information Assurance tools such as DISA Enterprise Mission Assurance Support Service (eMASS), Assured Compliance Assessment Solution (ACAS).
• Must be a U.S. Citizen 
• Meet IAT II requirements by holding current certification in or more of the following:
  1. CCNA-Security
  2. CySA+
  3. GICSP
  4. GSEC
  5. Security+ CE
  6. CND
  7. SSCP

Preferred Qualifications

• Understanding DOD STIGs and ability to provide direction based on STIGs
• Familiarity with US Navy Risk Management Framework (RMF)
• Able to work in team environments and independently with some oversight
• Ability to read, analyze and interpret security regulations
• Good analytical and problem-solving skills to troubleshoot and resolve network/operating system security issues
• Writing technical documentation, procedures and/or guidelines, Training, Systems/Equipment Integration, Production Release or Installation. 
• Meet IAT 3 requirements by holding current certification in or more of the following:
  1. CASP+ CE
  2. CCNP Security
  3. CISA
  4. CISSP (or Associate)
  5. GCED
  6. GCIH
  7. CCSP

Company Summary

Join the VSolvit Team! Founded in 2006, VSolvit (pronounced 'We Solve It') is a technology services provider that specializes in cybersecurity, cloud computing, geographic information systems (GIS), business intelligence (BI) systems, data warehousing, engineering services, and custom database and application development. VSolvit is an award winning WOSB, CA CDB, MBE, WBE, and CMMI Level 3 certified company. We offer a customizable health benefits program that best meets the needs of its employees. Offering may include: medical, dental, and vision insurance, life insurance, long and short-term disability and other insurance products, Health Savings Account, Flexible Spending Account, 401K Retirement Plan options, Tuition Reimbursement, and assorted voluntary benefits. Our goal is to grow together and enjoy the work that we do as a team.

VSolvit LLC is an Equal Opportunity/Affirmative Action employer and will consider all qualified applicants for employment without regard to race, color, religion, sex, national origin, protected veteran status, or disability status