NOVA Corporation

Intermediate Information Assurance (IA) Analyst

US-MD-Fort Meade
2 weeks ago
ID
2017-2325

Overview

NOVA Corporation is 100% tribally owned by the Navajo Nation.  

 

NOVA Corporation is dedicated to providing outstanding services to its customers and employees.  Our strength is in our ability to understand our client's needs and deliver a solution that will not only meet those needs but exceed their expectations.

NOVA Corporation strives to be innovative in all areas of business and is committed to technical excellence.  Our corporate offices are located on the Navajo Nation reservation in Window Rock, Arizona, Chambersburg, Pennsylvania, Albuquerque, New Mexico, and Columbia, Maryland.

 

NOVA Corporation provides unique, custom solutions to meet our customers’ communications needs. Our solutions provide communication capabilities using modern technology. At their most complex, they are multi-purpose systems that gather information from dozens of different sources. The information is presented to decision makers immediately, visually, clearly.

 

NOVA Corporation will accommodate individuals with disabilities that need assistance applying for open positions.

 

NOVA Corporation is an equal opportunity/affirmative action employer subject to the Navajo Preference in Employment Act.

Responsibilities

NOVA is seeking an Intermediate Information Assurance (IA) Analyste. The associated duties may include, but are not limited to, the following:

 

General responsibilities:

  • Examines potential security violations, incidents, malicious activities and attacks to determine if policy has been breached, assesses the impact, and preserves artifacts.
  • Enters and tracks events and incidents. Supports incident escalation and assesses probable damages, identifies damage control and remediation, and assists in developing courses of action.
  • Supervises the installation, monitoring, testing, troubleshooting, and administration of IA hardware and software systems.
  • Recommends, schedules, and performs IA system repairs, systems administration, and maintenance.
  • Analyzes patterns of non-compliance or attacks and recommends appropriate actions to minimize security risks and insider threat.
  • Configures, optimizes, and tests network devices.
  • Diagnoses and resolves IA problems in response to reported incidents.
  • Enhances rule sets to identify or block sources or potential sources of malicious traffic.
  • Supports the design and execution of exercise scenarios.
  • Implements, and monitors policies and procedures reflecting the legislative intent of applicable laws and regulations.
  • Prepares, distributes, and maintains plans, instructions, guidance, and standard operational procedures concerning Information Security.
  • Participates in IA risk assessments during the C&A process.
  • Prepares, reviews, and evaluates documentation of compliance.
  • Prepares recommendations for the DAA.
  • Reviews IA and IA enabled software, hardware, and firmware for compliance with appropriate security configuration guidelines, policies, and procedures.
  • Reviews AI security plans.
  • Identifies alternative functional IA security strategies to address organizational security concerns.
  • Reviews security safeguards to determine that security concerns identified in approved policies, plans, and doctrine have been fully addressed.
  • Develops and implements programs to ensure that systems, network, and data users are aware of, understand, and follow IA policies and procedures.

Additional Responsibilities:

  • Accountable for providing analysis of raw data and findings to produce actionable information regarding the current state of the security posture of the DISA Enterprise IT environment, and recommendations for enhancing the security posture of the same.
  • Responsible for performing research into planned and upcoming security events (ATOs, site security visits, etc.) to provide adequate support for these events
  • Responsible for planning, scheduling, and implementing network security scans using current DOD scanning tools
  • Conduct analysis for detecting and evaluating cyber events and/or intrusions.
  • Monitor for potential compromise, intrusion, deficiency, significant event or threat to the security posture and security baseline.
  • Perform daily network vulnerability scanning actions, providing data analysis to stakeholders, and generating technical and executive summary reports.
  • Conduct web application vulnerability scanning and provide reports to application owners for vulnerability mitigation and management activities
  • Input, track, and report on vulnerability management trouble ticket and out-of-band requests via DISA’s internal incident management and tracking system
  • Conduct incident response IAW DoD policy (Chairman of the Joint Chiefs Staff Manual/CJCSM 6510 and industry best practices such as NIST Special Publication 800-61).
  • Apply knowledge of information security services/analysis concepts, practices and procedures.
  • Conduct analyses of existing solutions to incorporate requested enhancements.
  • Review/analyze requested changes for equipment, technology and/or other factors/trends, which may impact existing solution.
  • Research current cyber events and/or intrusions for impact to Agency systems.
  • Provide input into the design, deployment, and implementation of enterprise IDS/IPS and vulnerability scanning tools
  • Develop SOP and other technical documentation IAW with current government policy.
  • Consult with hardware, communications, database experts and /or vendors to ensure system viability.
  • Perform system design functions, including interpretive analyses, chart preparation and associated diagrams/enhancement plans for network security.
  • Prepare/conduct acceptance test plans and confirm accompanying results, including the development of vulnerability assessments and functionality.
  • Conduct briefings to senior leadership as required by the government.
  • Follow intrusion and escalation processes and procedures IAW with current government policy.

Qualifications

Requirements:

  • Experience with DOD 8510 (DIACAP and RMF), DoD 6510 and 8500 series instructions, and NIST 800 series guidance
  • Basic knowledge of cloud computing services and related security matters
  • Basic knowledge of DOD PKI/PKE implementation and related governing policies
  • Experience with COTS & GOTS network scanning tools (Retina, Tenable Nessus, etc.)
  • Experience with Host Based Security System (HBSS) and McAfee EPO
  • Experience with Automated Compliance Assessment System (ACAS)
  • Experience with web application scanning and reporting tools (BURP suite)
  • Experience with incident management tracking and reporting tools (Remedy)
  • Experience with IAVMs, DISA STIGs, POA&Ms, and related Federal/DoD policies and regulations

Certifications Required

Security +CE

Education Requirements

Education: Bachelor’s Degree in computer sciences, information security, or related fields

Experience: Minimum 3-5 years relevant experience 

Required Certifications:

DoDM 8140-01 (old 8570-01M) IAT Level II certification (CompTIA Security +, CASP, C|eH,or similar)

Desired Certifications:

DoDM 8140.01 (old 8570-01M) IAT Level III certification (CISSP, CISA, or similar)

Certifications Preferred

none

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed