Cyber Security Analyst Level Iii

Responsibilities:

The primary service associated with A&A support to include creation and maintenance of Risk Management Framework (RMF) Authority-To-Operate (ATO) packages (To include annual reviews) to achieve and/or retain an ATO for AFRC/A4 systems. These activities include authoring/reviewing Standard Operating Procedures (SOPs), and Ports, Protocols & Services maintenance.

Representative systems include:

• AFRC Basing and Logistics Geospatial Information and Services (AFRC B&L GI&S) - NIPR RMF Package
• AFRC Civil Engineering Planning Tool (CEPT) – NIPR RMF Package
• AFRC Support Agreement Management Tool (SAM) - NIPR RMF Package

Additional services provided will include but are not limited to the following:

• Perform ISSM duties as required IAW AFI 17-101, Risk Management Framework (RMF) for Air Force Information Technology (IT) and AFI 17-130, Cybersecurity Program Management.
• Ensure Federal Information Security Management Act (FISMA) compliance requirements are met for the packages. 
• Conduct annual security reviews of all IA controls and a test of selected IA controls IAW AFI 17-101, Risk Management Framework (RMF) for Air Force Information Technology.
• Manage the systems COMPUSEC Program for HQ AFRC/A4
• Address all AF COMPUSEC requirements IAW AFMAN 17-1302-O
• Implement and enforce all AF cybersecurity policies, procedures, and countermeasures.
• Completion/ annual review of SOPs.
• Comply with continuous monitoring – update asset/hardware/software inventory, upload vulnerability scan reports, POAMs, STIG checklists.
• Coordinate/facilitate annual Tabletop or Live Contingency/Incident Response Plan.
• Provide CCRI support services to Vulnerability Management office & CCRI PM. · Monitor STIG compliance and remediation of vulnerabilities.
• Ensure POAMs are being accomplished for those items that are non-compliant.
• Review POAMs periodically to ensure estimated completion date is met, milestones documented.
• Participate in Change Approval Board for changes to systems. 
• Upload monthly hardware/software asset inventories.
• Provide/upload artifacts required for authority to operate and other A&A requirements, as required in accordance with CDRL A008, ATO/A&A Artifacts, DI-MGMT-82000, PWS Appendix C.
• Provide input to on-site contract manager as required to support deliverables identified in section 2.3.1.
• Provide services necessary to provide Information Systems Security Management support for HQ AFRC/A4 systems - AFRC Basing and Logistics GI&S, CEPT, and SAM. All services provided and products delivered must comply with the Government security and architecture requirements. Specifically, the scope of services required includes:
• Complete RMF ATO documentation to ensure current and viable ATO for the GIS, CEPT, and SAM systems.
• Maintenance and updates of system Approvals TO Operate (ATOs) and System Security Plans (SSPs)
• Creation of risk management processes and policies for AFRC B&L GI&S 
• Creation, maintenance, and implementation of a disaster recovery/continuity of operations plan for all supported systems
• Creation and maintenance of Ports, Protocols, and Services document
• Creation and maintenance of system diagrams and architectures
• Maintain Hardware and Software listings.
• Liaison between Civil Engineering Authorizing Official (CE AO) and AFRC A4

Requirements

• 5 or more years of demonstrated corporate experience, provided support staff meeting the position requirements.
• Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities.
• Knowledge of server administration and systems engineering theories, concepts, and methods.
• Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).
• Knowledge of basic system administration, network, and operating system hardening techniques
• Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities.
• Knowledge of cybersecurity principles.
• Knowledge of risk management processes and requirements per the Risk Management Framework (RMF)
• Work on site at Warner Robins, GA location.
• Active 8570 Certification; Comp TIA Level II

Clearance Required:  Active DoD “Secret” level clearance.

Equal Opportunity Employer: Disability/Veteran