Responsibilities: Conduct risk and vulnerability assessments of planned and installed systems to identify vulnerabilities, risks and protection needs; conduct systems security evaluation, audits, and reviews; determine the residual risk of a package based on package content and assessment results and documenting for the Security Controls Assessor's (SCA) and higher level review.
Conduct systems security reviews, audits, or evaluations, as appropriate, to ensure accreditation documents are accurate and represent the current risk posture of the system. Work with the Information System Owner/ISSO/System Administrators to determine applicable fixes and/or mitigation for weaknesses and to determine the adequate level of residual risk. Present and submit data to management, develop reports, and produce procedural documentation in a comprehensive and cohesive manner. Develop all required eMASS documents, to include Plan of Actions and Milestones (POA&Ms)/ Risk Assessment Reports (RARs) and Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs). Document residual risks in a plan of actions and milestones formatted in compliance with the current package system, currently eMASS. Maintain current vulnerability scan data and residual risk plan of actions and milestones in Vulnerability Remediation Asset Manager (VRAM). Track deliverables and action items in accordance with A&A guidance. Manage, attend, and support configuration control board practices. Ensure RMF artifacts are in compliance with published Navy, NAVSEA Business Rules (OPNAV N2N6 and/or NAVSEA), NIST SP-800-37 and SP-800-53 Rev 4. Create and verify the accuracy of POA&Ms/RARs as identified by vulnerability actual test results.
Education: BA/BS Degree from an Accredited University in a Technical Discipline and Certifications: IAT Level 2 Baseline certifications.
Experience: Three (3) years entry-level experience in Cybersecurity.
Other: An Active Secret Security Clearance is required.
Conduct systems security reviews, audits, or evaluations, as appropriate, to ensure accreditation documents are accurate and represent the current risk posture of the system. Work with the Information System Owner/ISSO/System Administrators to determine applicable fixes and/or mitigation for weaknesses and to determine the adequate level of residual risk. Present and submit data to management, develop reports, and produce procedural documentation in a comprehensive and cohesive manner. Develop all required eMASS documents, to include Plan of Actions and Milestones (POA&Ms)/ Risk Assessment Reports (RARs) and Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs). Document residual risks in a plan of actions and milestones formatted in compliance with the current package system, currently eMASS. Maintain current vulnerability scan data and residual risk plan of actions and milestones in Vulnerability Remediation Asset Manager (VRAM). Track deliverables and action items in accordance with A&A guidance. Manage, attend, and support configuration control board practices. Ensure RMF artifacts are in compliance with published Navy, NAVSEA Business Rules (OPNAV N2N6 and/or NAVSEA), NIST SP-800-37 and SP-800-53 Rev 4. Create and verify the accuracy of POA&Ms/RARs as identified by vulnerability actual test results.
Education: BA/BS Degree from an Accredited University in a Technical Discipline and Certifications: IAT Level 2 Baseline certifications.
Experience: Three (3) years entry-level experience in Cybersecurity.
Other: An Active Secret Security Clearance is required.