Information Security Analyst, Part-time
StraCon Services Group, LLC
Orlando, FL
StraCon Services Group, LLC is seeking a Part-Time****Information Security Analyst, Journeyman in Orlando FL.****The position supports our team at the Naval Air Warfare Center Training Systems Division (NAWCTSD), andtheir respective portfolios of distributed aviation simulation platforms, programs, schools, and other training systems.NAWCTSD is the Navys principal center for modeling, simulation and training systems technologies.
The Information Security Analyst will be responsible for planning, implementing, upgrading, and monitoring security measure for the protection of computer networks and information. The candidate will assess system vulnerabilities for security risks and propose and implement risk mitigation strategies. Candidate will ensure that appropriate security controls are in place that will safeguard digital files and vital electronic infrastructure and respond to computer security breaches and viruses.
**Essential Job Duties:**
- Oversees the cybersecurity program of an information system or network; including managing information security implications within the organization, specific program, or other area of responsibility, to include:Strategy,personnel, infrastructure, requirements, policy enforcement, emergency planning, security awareness, and other resources.
- Conducts the integration/testing, operations, and maintenance of systems security.
- Responsible for the analysis and development of the integration, testing, operations, and maintenance of systems security.
- Ensure all systems security operations and maintenance activities are properly documented and updated as necessary.
- Mitigate/correct security deficiencies identified during security/certification testing and/or recommend risk acceptance for the appropriate senior leader or authorized representative.
- Assess and monitor cybersecurity related to system implementation and testing practices.
- Verify minimum security requirements are in place for all applications.
- Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures and maintenance training materials).
- Verify and update security documentation reflecting the application/system security de-sign features.
- Collect and maintain data needed to meet system cybersecurity reporting.
- Ensure that cybersecurity inspections, tests, and reviews are coordinated for the network environment.
- Participate in an information security risk assessment during the Security Assessment and Authorization process.
- Participate in the development or modification of the computer environment cybersecurity program plans and requirements.
- Assist in providing system related input on cybersecurity requirements to be included in statements of work and other appropriate procurement documents.
- Identify security requirements specific to an information technology (IT) system in all phases of the System Life Cycle.
- Ensure plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
- Participate in the acquisition process as necessary.
- Provide leadership and direction to information technology (IT) personnel by ensuring that cybersecurity awareness, basics, literacy, and training are provided to operations personnel commensurate with their responsibilities.
- Track audit findings and recommendations to ensure appropriate mitigation actions are taken.
- Oversee policy standards and implementation strategies to ensure procedures and guidelines comply with cybersecurity policies.
- Develop and maintain RMF Assess and Authorize documentation required to achieve an Authority to Operate (ATO). Prepare and maintain information systems ATO record on the Navys Enterprise Mission Assurance Support Service (eMASS).
- Run vulnerability assessmen tools; ACAS vulnerability scanner, Security Content Automation Protocol (SCAP), STIG Viewer.
- Manage system/network vulnerabilities using the Vulnerability Remediation and Assets Manager (VRAM).
**Travel Requirements:**
- TBD
**Experience Requirements:**
- Candidate must have approximately 3 or more years of cyber security experience in secure network and system design, analysis, procedure/test generation, test execution and implementation of computer/network security mechanisms.
- Experience and/or knowledge of the Essential Job Duties described above.
**Desired Experience:**
- System Categorization
- Assess and Authorize Artifacts
- Hardware/Software/Diagrams
- Platform Information Technology (PIT) Checklists
- Security Assessment Plans
- Security Assessment Procedures
- Test Reports
- System Admin Guides
- Privacy Impact Assessment (PIA)
- Support and Sustainability Plans
- Plan of Action and Milestones (POAandM)
- Risk Assessment Reports
- Security Risk Assessment Report Executive Summary
- IATT Submission Forms
- Memorandum for Record (MFR)
- Memorandum of Agreement (MOA)
**Education Requirements:**
- BS or BA Degree in in Computer Science, Computer Engineering, or Information Systems.
**Certification Requirements:**
- DoD 8570 Requirements: Certification examples: One or more of the following certifications (i.e. CompTIA Advanced Security Practitioner (CASP) or Certified Authorization Professional (CAP) or Security+(CE) or Systems Security Certified Practitioner (SSCP) or Committee on National Security Systems Instruction (CNSSI) 4012-4016 Certificate or National Defense University (NDU) Chief Information Security Office (CISO) certificate.
- OR, Prior Military Cyber Security Experience and Schooling. Example: Navy NEC's include: 2780 or 2779 or 2781.
**Security Requirements:**
- U.S. Citizenship required
- Must be able to obtain and maintain a Secret security clearance.
**About StraCon:**
StraCon is dedicated to supporting our government clients and warfighters by Enhancing their Operational Capability. With a proven track record, and an employee focused philosophy, we have developed a culture that believes in the talent of the individual. StraCon employees are empowered to Make It Happen. Since 2008, we have provided Program Management, Training Systems Products, Financial Management, Instructional System Design, Data Management, Courseware Development, Engineering, Logistics, Foreign Military Sales Support, and a variety other technical services for the Department of Defense.
StraCon offers competitive benefits including medical, dental, vision, life insurance, accidental death and dismemberment, short/long-term disability, and 401(k) retirement plans, as well as a paid time off programs for eligible full-time employees. Eligible part-time employees are able to participate in the 401(k) retirement plans and may be eligible for state or contract required paid time off programs.
**StraCon is an Equal Opportunity and Affirmative Action Employer**