Job Details

Information Assurance Analyst

for

OST, Inc.

in

South Park, PA 15129

(map)
Optimal Solutions & Technologies (OST, Inc.) is focused on excellence. We specialize in providing Management Consulting, Information Technology, and Research Development and Engineering services. OST is one of an elite set of companies worldwide to be externally appraised CMMI Level 5.
The fundamental distinction of the OST team is its business knowledge in both the public and private sectors. We serve the aerospace & transportation, association & nonprofit, defense, education, energy, financial, healthcare, and technology & telecommunications industries. OST is successful because we listen to our clients, we learn from our clients, and we know our clients.

Description of specific Duties in a typical workday for this position:
* Serve as member of Information Assurance Team. Will complete assigned tasks, within scope and schedule to accomplish goals of the IA Team. The IA Team supports the development and maintenance of the cybersecurity program documentation in accordance with Federal, DOE and NETL regulations, procedures and processes. In addition, staff member will ensure the incorporation of industry best practices throughout the Cyber program which consists of defending the IT environment from cyber threats; detecting compromises, weaknesses and incidents; and responding to those events to prevent further damage.
* Assist the Cyber Security Manager with security control's Continuous Monitoring (CM) and Continuous Diagnostic and Mitigation (CDM) planning and implementation, and the creation and maintenance of all associated Certification and Accreditation (C&A) documentation in accordance with Federal, DOE and NETL regulations, procedures and processes. In addition, they will ensure the incorporation of industry best practices throughout the Cyber program which consists of defending the IT environment from cyber threats; detecting compromises, weaknesses and incidents; and responding to those events to prevent further damage.

Additional responsibilities:

* Participate in the effort to adopt and institutionalize the Twenty Critical Security Controls for Effective Cyber, Defense: Consensus Audit Guidelines (CAG).
* Provide support to develop, document, implement, review and revise policies and procedures compliant with the requirements defined in the NETL Program Cyber Security Plan (PCSP), the Undersecretary of Energy PCSP, and DOE Order 205.1B, commensurate with the level of security required for the environment and special needs of NETL.
* Provide cyber security planning, reporting and implementation consistent with NETL, Under Secretary, and Departmental policies and requirements.
* Compile and maintain information to develop responses to cyber security related data calls or investigations.
* Provide support related to establishing and/or maintaining the certification and accreditation of IT systems and applications within the appropriate NETL boundaries or enclaves using the risk management approach outlined in DOE Order 205.1B and the Undersecretary of Energy PCSP, including the following duties:
+ Ensure that users are granted access to information systems' resources based on the least privilege required principle.
+ Document any special protection requirements identified by the application owner, data owner, or data steward, and ensure that these requirements are included within the protection measures implemented in the information system.
+ Ensure that the organization's Cyber Security Program Manager (CSPM) is notified when an IT system or application is no longer needed or when changes occur that might affect its accreditation.
+ Ensure that users and systems administrators are properly trained in information system security.
+ Continuously conduct cyber security audits, reviews and tests to ensure that the cyber security features and controls are functioning and effective.
+ Ensure the performance of risk assessments to determine whether additional countermeasures beyond those identified in the relevant system security plan are required and whether an identified unique local threat exists.
+ Communicate individual incident reports to the NETL Cyber Security Program Manager.
+ Ensure appropriate and effective measures have been implemented to prevent unauthorized personnel from being granted use of or access to an IT system or application.
+ Ensure the appropriate operational security posture is maintained for IT systems and applications.
+ Document residual risk and mitigation measures such that the Approving Authority (AO) or the Approving Authority Designated Representative (AODR) can make a determination/decision relative to acceptability of risk and the resultant impact on an authority to operate.
+ Ensure compliance with all Program Cyber Security Plan requirements and documentation, including but not limited to network connections, security impact analyses, change control, and Plan of Action and Milestones (POA&M).
+ Work closely with internal and external stakeholders to ensure compliance with cyber security policies, procedures and "Best Practices" for the identification of critical information, analysis of threats, analysis of vulnerabilities, assessment of risks, and application of countermeasures

Position Requirements:

* Bachelor's degree and 6 years' experience in a Cybersecurity discipline
* Experience in Cyber Security Operations or Information Assurance is required
* A Certification in Cyber Security (CISSP, CISA, CISM or SANs Program certifications) is desired
* Understanding of information technology and telecommunications systems; working knowledge of network interoperability, cyber security, and survivability issues, including cyber security best practices and standards
* Strong understanding of enterprise IT, including networking infrastructure, systems administration, data centers, and software applications and the development life cycle
* In depth knowledge of NIST and Federal Information Processing Standards (FIPS) to include NIST 800-37, FIPS 199, and 200
* Reasoning and problem-solving skills
* Work independently with limited supervision; ability to interact effectively with customer
* Work well as a member of a cooperative team
* Work in a matrix organizational structure and distributed team environment
* Recognize and deal appropriately with confidential and sensitive information
* Ability to implement project plans and document progress of assigned tasks
* Ability to prepare and deliver presentations to technical and non-technical audiences
* Strong written and verbal communication skills
* Government Cyber Security experience is highly desired
* US Citizenship required

This is a full time position paying a base salary, full benefits, and has possible bonus potential based on merit and performance. To be considered for this position, please apply online with a cover letter and MS Word resume.

OST is an equal opportunity employer. Applicants are considered for positions without regard to race, religion, gender, native origin, age, disability, or any other category protected by applicable federal, state, or local laws.
Post Date:
10/20/2017
Minimum Clearance:
DoE Q or L
Workplace:
On-Site/Office
Status:
Employee
Job Category:
IT - Security
Compensation:
Unspecified annual salary
Unspecified hourly wage
Group ID:
OSTDC