Job Requirements
Honolulu, HI
Top Secret/SCI Polygraph not specified
Early Career (2+ yrs experience)
$100,000 - $115,000
Job Description
Essential Job Functions:
• Assist PACAF MOBs & GSUs improve & maintain implementation of congressional FISMA, DoD, and AF cybersecurity directives.
• Conduct (on-site and/or virtual) A&A validation and reviews, using National/DoD/AF standards (e.g., DISA Security Technical Implementation Guides (STIGs), National Institute of Standards and Technology (NIST) SP 800-12).
• Collect and develop A&A artifacts in accordance with AO Office.
• Assisting MOBs and GSUs maintain and sustain A&A packages, including tracking/updating A&A documents/products in the following databases:
o Connection Approval Process (CAP) for SNAP
o GIAP circuit management tools
o eMASS and ITIPS
o Continuous Monitoring Risk Scoring (CMRS) efforts
• Assist MOB and GSUs create and maintain comprehensive RMF products for the theater circuits/enclaves via eMASS as required. Products must include all requirements IAW applicable DoD and AF Instructions.
• Assist the Government in the creation, consultation, revision, finalization, submission of the deliverables for RMF to include but not limited to the following:
o System Security Plan
o Ports Protocol Services Matrix (enclave)
o Artifacts for control validation (STIG results, Policies, Scans, Charters, etc., unit provided)
o Plan of Actions and Milestones (POAMs)
o System Topology
• Provide up-dates through AF central FISMA database repository, ITIPS.
• Ensure A&A data are synchronized across AF and DISA repositories (eMASS, ITIPS, SNAP, and GIAP).
• Assist processing circuit connection requests for all the main bases through SIPRNet Global Information Grid (GIG) Interconnection Approval Process (GIAP) System (SGS) and the NIPRNet SNAP.
• Prepare and mentor NAF, Wing, and cybersecurity forces through the CRR-M program.
• Train and assist PACAF MOBs & GSUs personnel in the use of DoD security technical implementation tools and technology to maintain & improve cyber readiness.
• Consult to resolve any issues with DoD required vulnerability scanning tools, including system credentials, access control list, and identified network assets.
• Consult to resolve any issues with DoD required endpoint security solutions for all host devices in the network enclaves.
• Assist and prepare PACAF Wings for CCRIs & CCORIs on NIPRNet, SIPRNet and supported information systems.
• Create CCRI and CCORI scores and Risk Assessment Report for the MOBs & GSUs using DISA CCRI Scoring and Risk Assessment tools.
• Provide recommendations for mitigations & follow-on actions to include POAMs.
MUST HAVE ONE OF THE FOLLOWING:
• CompTIA Advanced Security Practitioner Continuing Education (CASP+ CE)
• Cisco Certified Network Professional-Security (CCNP-Security)
• Certified Information Systems Auditor (CISA)
• Certified Information Systems Security Professional (CISSP) (or Associate - this means the individual has qualified for the certification except for the number of years’ experience)
• Global Information Assurance Certification (GIAC) Certified Enterprise Defender (GCED)
• GIAC Certified Incident Handler (GCIH)
• Certified Cloud Security Professional (CCSP)
• Assist PACAF MOBs & GSUs improve & maintain implementation of congressional FISMA, DoD, and AF cybersecurity directives.
• Conduct (on-site and/or virtual) A&A validation and reviews, using National/DoD/AF standards (e.g., DISA Security Technical Implementation Guides (STIGs), National Institute of Standards and Technology (NIST) SP 800-12).
• Collect and develop A&A artifacts in accordance with AO Office.
• Assisting MOBs and GSUs maintain and sustain A&A packages, including tracking/updating A&A documents/products in the following databases:
o Connection Approval Process (CAP) for SNAP
o GIAP circuit management tools
o eMASS and ITIPS
o Continuous Monitoring Risk Scoring (CMRS) efforts
• Assist MOB and GSUs create and maintain comprehensive RMF products for the theater circuits/enclaves via eMASS as required. Products must include all requirements IAW applicable DoD and AF Instructions.
• Assist the Government in the creation, consultation, revision, finalization, submission of the deliverables for RMF to include but not limited to the following:
o System Security Plan
o Ports Protocol Services Matrix (enclave)
o Artifacts for control validation (STIG results, Policies, Scans, Charters, etc., unit provided)
o Plan of Actions and Milestones (POAMs)
o System Topology
• Provide up-dates through AF central FISMA database repository, ITIPS.
• Ensure A&A data are synchronized across AF and DISA repositories (eMASS, ITIPS, SNAP, and GIAP).
• Assist processing circuit connection requests for all the main bases through SIPRNet Global Information Grid (GIG) Interconnection Approval Process (GIAP) System (SGS) and the NIPRNet SNAP.
• Prepare and mentor NAF, Wing, and cybersecurity forces through the CRR-M program.
• Train and assist PACAF MOBs & GSUs personnel in the use of DoD security technical implementation tools and technology to maintain & improve cyber readiness.
• Consult to resolve any issues with DoD required vulnerability scanning tools, including system credentials, access control list, and identified network assets.
• Consult to resolve any issues with DoD required endpoint security solutions for all host devices in the network enclaves.
• Assist and prepare PACAF Wings for CCRIs & CCORIs on NIPRNet, SIPRNet and supported information systems.
• Create CCRI and CCORI scores and Risk Assessment Report for the MOBs & GSUs using DISA CCRI Scoring and Risk Assessment tools.
• Provide recommendations for mitigations & follow-on actions to include POAMs.
MUST HAVE ONE OF THE FOLLOWING:
• CompTIA Advanced Security Practitioner Continuing Education (CASP+ CE)
• Cisco Certified Network Professional-Security (CCNP-Security)
• Certified Information Systems Auditor (CISA)
• Certified Information Systems Security Professional (CISSP) (or Associate - this means the individual has qualified for the certification except for the number of years’ experience)
• Global Information Assurance Certification (GIAC) Certified Enterprise Defender (GCED)
• GIAC Certified Incident Handler (GCIH)
• Certified Cloud Security Professional (CCSP)
group id: 91135575