Job Information
Tetrad Digital Integrity LLC Senior Information System Security Specialist in Philadelphia, Pennsylvania
Tetrad Digital Integrity (TDI) is a leading-edge cybersecurity firm with a mission to safeguard and protect our customers from increasing threats and vulnerabilities in this digital age.
TDI is seeking a Sr Information System Security Specialist to join our team with technical expertise for a Department of Defense (DoD) client that supports the Risk Management Framework (RMF) package development.
This position will be based in Philadelphia, PA and requires an active Secret clearance.
RESPONSIBILITIES:
Work with the Information System Owner/ISSO/System Administrators equivalent to NSWCPD’s Information System Security Officer (ISSO) to determine applicable fixes and/or mitigation for weaknesses and to determine the adequate level of residual risk.
Perform analysis of logs, events, and reporting of various data collections tools including: vulnerability monitoring via Assured Compliance Assessment System (ACAS) and related tools, Host Based Security Systems (HBSS), web content filters, Security Information and event management (SIEM), firewall systems, network devices, server devices, workstations, and intrusion detection and prevention systems (ID/PS).
Assess impacts from observed risks and report via the Cybersecurity Program chain of command.
Perform the evaluation of system administrator, security engineer, and/or system owner proposed corrections to ensure compliance and best-fit solution.
Present and submit data to management, develop reports, and produce procedural documentation in a comprehensive and cohesive manner.
Perform remediation, patching, scanning and associated boundary maintenance risk management and security engineering for RMF Afloat systems.
Develop all required eMASS documents, to include Plan of Actions and Milestones (POA&Ms)/ Risk Assessment Reports (RARs) and Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs); products shall be created in the appropriate software (i.e. Microsoft Visio, scanning software, eMASS DISA STIG Viewer, etc.)
Determine a system’s compliance with all applicable Controls and Assessment Procedures (APs) for an assigned DoN system, including developing the appropriate test procedures, if necessary; executing the test procedures; and accurately documenting the results of security testing. The analysts shall update the eMASS record for the assigned system(s).
Document residual risks in a plan of actions and milestones formatted in compliance with the current package system, currently eMASS.
Maintain current vulnerability scan data and residual risk plan of actions and milestones in Vulnerability Remediation Asset Manager (VRAM).
Track deliverables and action items in accordance with A&A guidance.
Manage, attend, and support configuration control board practices.
Ensure RMF artifacts are in compliance with published Navy, NAVSEA Business Rules (OPNAV N2N6 and/or NAVSEA), NIST SP-800-37 and SP-800-53 Rev 4. In addition, local NSWCPD policies and procedures may apply. Command Information System Security Manager (ISSM) will resolve any conflicting interpretations;
Create and verify the accuracy of POA&Ms/RARs as identified by vulnerability actual test results.
QUALIFICATIONS:
Bachelors Degree in Computer Science, IT or related technical discipline
Active Secret clearance
5 years experience performing analysis of logs and events, and of various data collection tools; as well as experience automating processes through scripting, and assessing impacts from observed risks and present the findings through the chain-of-command.
Possess one of the following IAM/IAT Level II certifications: CCNSA Security, CySA+, GICSP, GSEC, Security + CE or SSCP
TDI does business with the federal government, which restricts employment to individuals who are either US citizens or lawful permanent residents of the United States.
"TDI is an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, sexual orientation, genetics, gender identity or expression, national origin, protected veteran status or disability status, or any other characteristic protected by federal, state or local laws."
Powered by JazzHR