This position is located in our MD, Patuxent River facility
The position is for a dedicated Junior Operations Analyst to support NAWCAD 726 IA Division as embedded support to NAVAIR Echelon II IA 726. As a member of the NAWCAD 726 IA Staff, the candidate will provide embedded, Information Systems Security Engineering (ISSE)/Acquisition IA engineering support to the NAVAIR HQ 726 IA.
• The candidate will be required to ensure that IA is included and documented as part of security engineering, e.g, review ECP packages, and attend meetings such as CDR, SRR, NAVAIR System Engineering Technical Review (SETR) and DCCB meetings.
• The candidate needs to ensure the PIT processes follow the SETR processes as outlined in Enclosure (2), "Department of the Navy Platform IT Information Assurance Guidance" of the DON CIO Memorandum, 02-10, "IA Policy Update for PIT" of 26 April 2010. Additionally, they need to ensure compliance with the "NAVAIR Business Rules for Platform IT" of 23 Apr 2010 and the "NAVAIR PIT Risk Approval (PRA) Tool".
• He or she needs to coordinate with NAVAIR Systems Engineering Development & Implementation Center (SEDIC) and SETR analysts via the NAVAIR 726 IA SETR Checklist POC.
• He or she needs to ensure the analysis of IA risks supports the Program's Risk Management Process and is utilized in the SETR.
• He or she needs to be able to use NAVAIR SEDIC-developed SETR Checklists:
https://nserc.navy.mil/joint/SERC/default.aspx for program milestones/
• The candidate needs to ensure IA is integrated into the existing acquisition documentation and that ISSE support has been incorporated into the system architecture. As a minimum, the candidate will support the NAVAIR IAMs/PMs with the following tasks as outlined in Appendix E of Enclosure (2) to DON CIO Memorandum, 02-10, "IA Policy Update for PIT".
• Develop and maintain metrics.
• Maintain a "SWP/SOP/Desk Guide" for all assigned duties.
NAVAIR's Framework. NAVAIR implemented a "phased" approach as outlined in the "NAVAIR Business Rules for Platform IT" with respect to implementing the PIT process, and, as such, the candidate will use the NAVAIR PIT Risk Approval (PRA) Tool during this phased approach.
He/She may be required to attend collaboration meetings and review and comment on program security policies and procedures; coordinate security implementation issues with the appropriate Government officials and/or prime contractors; and support security testing.
Travel to NAVAIR and Industry sites may be required.
Bachelors Degree in Computer Science or a related technical discipline, or the equivalent combination of education, professional training or work experience.
0-2 years of related experience in data security administration.
• Experience developing, reviewing and analyzing DIACAP and/or PIT packages in accordance with the DoD/Navy accreditation process.
• Experience with reviewing security architecture and design diagrams detailing ports, protocols, etc.,.
• Ability to analyze and review the results of network and system vulnerability scans and be able to test and validate IA controls per the DIACAP Knowledge Service.
• Experience with hardening and scanning tools such as the DISA Gold Disks, Security Readiness Reviews, Retina, Hercules, etc.,
• Experience supporting the certification and accreditation of DoD/Navy systems with Cross Domain Solutions, Platform IT, and DISN circuit.
• Possess a Defense Acquisition University (DAU)-certified Level I: as they will be responsible for providing IA technical guidance and input throughout the life cycle of the systems.
• Knowledge/familiarity with NAVAIR System Engineering Technical Review and Program Acquisition Milestone process.
• Ability to understand and document what the programs are actually doing, "after-the-fact", such as facilitating regular Configuration Control Board (CCB) meetings, processes, and procedures already in place for maintenance and contingencies.
• Ability to recognize the fact that Programs of Record (PORs) have problems contractually, e.g., Contract Modifications can be difficult; affecting both cost and schedule. The IA/ISSE needs to recognize these issues and ensure appropriate mitigations are in place. As a minimum, they need to be very familiar with the systems they support and the documentation in place for the systems acquisition process, e.g., system specifications, architecture, software functionality, system/subsystem design specifications, etc.,.
• Knowledgeable of external and internal interfaces and data flows, accreditation boundaries, ensure POA&Ms are updated, etc.)
• Understanding Navy networks
• Understanding of FISMA compliance requirements and IA requirements.
Highly desirable skills include an in depth understanding of an IT/IM technical environment. Performing tasking in the operations analysis and/or engineering discipline is highly desired. Performs complex tasks in operations systems discipline in a team environment.
Candidate must currently hold an approved DoD 8570 compliant IA certification at the IAM I level (or achievable within six months of employment )
Required Experience for the Job: Demonstrated analytical skills and the ability to analyze customer requirements for security issues and drafting accreditation and PIT support documentation IAW the DITSCAP/DIACAP/Navy PIT Policy.
• Ability to work within a team environment.
• Ability to talk in front of others so that he/she can formally train/brief program
managers, project leads, application managers, system administrators and IA Officers on IA Certification and Accreditation, SETR, PIT and methods for securing their systems and networks.
• Must have excellent communication skills and be able to multitask in a stressful
environment while adhering to last minute deadlines.
• Must have effective organizational skills to be able to track all IA tasking.
Ability to coordinate technical review of IA design considerations.
• The candidate needs to ensure that all IA requirements are appropriately captured, documented, and assessed in the Program's system requirements traceability matrix
• The candidate needs to ensure critical IA technical information and risks are provided
to the review team to support the technical review timeline (identified risks should
include: the probability of occurrence, the severity of impact if it occurs, and a plan
for mitigation or resolution)
• The candidate needs to ensure that the appropriate SETR checklist has been reviewed for IA considerations
• The candidate needs to ensure that technical review's entry criteria have been met
• The candidate needs to ensure risks are conveyed in a clear and concise manner to the Program's Lead Systems Engineer, the Program Manager, PIT DAA, and to the Technical Review Team
• The candidate needs to ensure concerns from IA stakeholders, and in particular, from the intended Fleet user/maintainer/operator community, have been captured, identified, mitigated or elevated during the review.
• The candidate needs to ensure that technical issues related to IA are resolved
They will assist IAMs and PMs with their responsibilities as outlined in sections 3.3 and 3.4 of the "DON PIT IA Guidance", Enclosure (2) to DON CIO Memorandum, 02-10, "IA Policy Update for PIT" of 26 April 2010.
• Be able to learn, or be familiar with how to conduct vulnerability scans and assist system administrators and IAOs wrt developing mitigation strategies from vulnerabilities identified in those scans.
Any skill level or experience in the following:
• Managing and leading efforts in the review, application, and maintenance of IA policies and C&A procedures for operational/Programs of Record (POR) acquisition programs.
• Performing Information Assurance/security analyses and risk/vulnerability assessments along with evaluating IA technologies and secure solutions for applications, systems, and platform interconnections/interfaces.
• Hands-on experience with the DoD IA Certification and Accreditation Process (DIACAP).
• Knowledge of the System Engineering Technical Review (SETR) processes and IA in support of Acquisition Programs.
• Experience in the use of Gold Disk, Retina and DoD mandated Security Technical Implementation Guides (STIGs), NSA Guides, Security Checklists and Security Readiness Review (SRR) Scripts. He/She should be able to analyze and review the results of network and system vulnerability scans and be able to test and validate IA controls per the DIACAP Knowledge Service.
• Understanding of DoD and Navy Firewall Policy and requirements (PPS CAL, UTNPp, CTNPp, etc)
• Working knowledge of NAVAIR IA program and processes and Navy Platform IT.
• A team player who is able to formally train/brief program managers, project leads, application managers, system administrators and IA Officers on Information Assurance, Certification and Accreditation and methods for securing their systems and networks.
8570 Requirements: Candidate must currently hold an approved DoD 8570 compliant IA certification at the IAM II level (or achievable within six months of employment).Click Here to Apply