Specialist, Information Assurance Compliance II (SIAC2)

Type: Full Time

Location: Philadelphia, PA

Overtime Exempt: Exempt

Reports To: ARMADA HQ

Travel Required: Yes

Security Clearance Required: Active Secret Security Clearance

************CONTINGENT UPON AWARD***************

Duties & Responsibilities:

• Specialist, Information Assurance Compliance II (SIAC2) will collect and collate system or site information and use it to evaluate and document in Enterprise Mission Assurance Support Service (eMASS) the security posture of the system or site being Assessed, Authorized, and maintained. Will have access to the unclassified and classified Navy eMASS system.
• Develop, submit, and maintain RMF packages in accordance with DoD Instruction 8510.01, NAVSEA Business Rules, DON RMF Process Guides, NAVSEA Standard Operating Procedures (SOPs), and the business rules of cognizant review offices. Should there be any conflicting interpretations, request for clarification/adjudication will be resolved in the Technical Instruction.
• Specialist, Information Assurance Compliance II (SIAC2) will develop the RMF package documentation required for submission in accordance with DoD/NAVSEA directives. Some examples include AO Determination Request Package and Checklist, System Platform IT (PIT) Determination, Categorization Form, HW/SW lists, Authorization Boundary Diagrams, Defense in Depth Diagrams, PPSM list, Privacy Impact Assessment (PIA). E-Authentication Questionnaire, System Level Continuous Monitoring Strategy (SLCM), Security Plan (SP), RMF Step SOP checklists, Plan of Actions and Milestones (POA&M), Security Assessment Plan (SAP), Security Technical Implementation Guide (STIG), Alternate Forms of Compliance, Security Assessment Report (SAR), Risk Assessment Report (RAR), Security Authorization Package, Package Endorsement Letters. Products shall be created in the appropriate software (i.e. Microsoft Visio, scanning software, eMASS DISA STIG Viewer, eMASSTER etc.).
• Develop or revise existing policies, plans, and strategy documents to meet requirements for RMF Control Families and ensure all IA requirements have been addressed. Some examples include an Incident Response plan, Contingency plan, Information Assurance Vulnerability Management plan, Configuration Management plan, System Development plan, and Physical Security plan. Evaluate all discrepancies and recommend potential mitigation measures for reducing or eliminating specific risks.
• Specialist, Information Assurance Compliance II (SIAC2) will conduct risk and vulnerability assessments of planned and installed systems to identify vulnerabilities, risks and protection needs; conduct systems security evaluation, audits, and reviews; determine the residual risk of a package based on package content and assessment results and documenting for the Security Controls Assessor's (SCA) and higher level review.
• Execute Security Assessment Plans (SAPs) by conducting on-site testing for afloat and PIT ashore systems. Examples include executing STIGs, SRGs, ACAS scanning, and applying patches assets to obtain cybersecurity compliance and remediate vulnerabilities.
• Specialist, Information Assurance Compliance II (SIAC2) will develop and maintain in eMASS a Plan of Action and Milestone (POA&M) for all IA-related tasks and deliverables. The POA&M should include findings from required Security Technical Implementation Guides (STIGs), vulnerability test results, automated scan reviews, Assured Compliance Assessment Solution (ACAS) scans, Security Content Automation Protocol (SCAP), Evaluate STIG, and other DoD-mandated assessment-utilities. eMASS shall be utilized to assist in POA&M creation.
• Conduct systems security reviews, audits, or evaluations, as appropriate, to ensure accreditation documents are accurate and represent the current risk posture of the system.
• Perform analysis of logs, events, and reporting of various data collections tools including: vulnerability monitoring via Assured Compliance Assessment System (ACAS) and related tools, Host Based Security Systems (HBSS), web content filters, Security Information and event management (SIEM), firewall systems, network devices, server devices, workstations, and intrusion detection and prevention systems (ID/PS).
• Specialist, Information Assurance Compliance II (SIAC2) will assess impacts from observed risks and report via the Cybersecurity Program chain of command.
• Executing Security Assessment Plans (SAPs) by conducting on-site testing for afloat and PIT ashore systems. Examples include executing STIGs, SRGs, ACAS scanning, and applying patches assets to obtain cybersecurity compliance and remediate vulnerabilities.
• Specialist, Information Assurance Compliance II (SIAC2) will perform the evaluation of system administrator, security engineer, and/or system owner proposed corrections to ensure compliance and best-fit solution.
• Present and submit data to management, develop reports, and produce procedural documentation in a comprehensive and cohesive manner.
• Specialist, Information Assurance Compliance II (SIAC2) will d evelop and update, at frequency specified in each package, all required eMASS documents, to include Plan of Actions and Milestones (POA&Ms)/ Risk Assessment Reports (RARs) and Defense Information Systems Agency ( DISA) Security Technical Implementation Guides (STIGs); products shall be created in the appropriate software (i.e. Microsoft Visio, scanning software, eMASS DISA STIG Viewer, etc.)
• Determine a system's compliance with all applicable Controls and Assessment Procedures (APs) for an assigned DoN system, including developing the appropriate test procedures, if necessary; executing the test procedures; and accurately documenting the results of security The a nalysts shall update the eMASS record for the assigned system(s).
• Track deliverables and action items in accordance with A&A guidance.
• Specialist, Information Assurance Compliance II (SIAC2) will manage, attend, and support configuration control board practices.
• Ensure RMF artifacts are in compliance with published Navy, NAVSEA Business Rules (OPNAV N2N6 and/or NAVSEA), NIST SP-800-37 and SP-800-53 Rev 4. In addition, local NSWCPD policies and procedures may apply. Command Information System Security Manager (ISSM) will resolve any conflicting interpretations.
• Specialist, Information Assurance Compliance II (SIAC2) will write technical documentation such as user manuals, reports, documentation, policies, presentations, Plan of Action and Milestones (POA&Ms), risk assessments, proposals, outlines, and summaries in support of both ashore and afloat systems across multiple platforms. Support the development of technical documents across multiple platforms including configuration management, milestone, issue tracking, web site content management and RMF documentation.
• may be required to travel CONUS (any state in USA) and OCONUS (primarily Japan, and any country in Europe). The estimated number of trips is 14 per year (estimated 25%-30% travel).
• Other duties as assigned.

Knowledge, Skills, and Abilities (KSAs):

• Ability to travel CONUS (any state in USA) and OCONUS (primarily Japan, and any country in Europe).
• Proficient in Microsoft Windows Operating System Administration, including Windows 11, Windows 10, Windows 7, and Windows XP (at a minimum).
• Ability to work as a team member, communicate, perform office functions and use office tools, customer focused and deliver exceptional performance.
• Possess excellent organizational and file management skills and the ability to plan and execute administrative work with little supervision.
• Possess excellent oral and written communication skills.

Required Certifications:

• Minimum of one (1) IAM Level II listed certificate required:
  • IAM Level II certifications (CAP - Certified Authorization Professional, CASP+ CE - CompTIA Advanced Security Practitioner, CISM - Certified Information Security Manager, CISSP (or Associate of CISSP), GSLC - GIAC Security Leadership Certification, CCISO - Certified Chief Information Security Officer, HCISPP - HealthCare Information Security and Privacy Practitioner)

Minimum/General Experience:

• Four (4) years of professional experience in Information Assurance Compliance.

Minimum Education:

• Bachelor's degree (Computer Science, Information Technology or related technical degree) from accredited College or University.

Disclaimer:

The above information has been designed to indicate the general nature and level of work to be performed. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of the contractor assigned to this position. Applying: If you feel you have the knowledge, skills and abilities for this position visit our careers page at www.armadausa.com .

Special Notes: Relocation is not available for these jobs

ARMADA provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status, amnesty, or status as a covered veteran in accordance with applicable federal, state and local laws. ARMADA complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including, but not limited to, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.

Must be able to successfully pass a background check, and pre-employment drug testing. Job offers are contingent upon results of background check and drug testing.