- Austin, TX
- Defense Analyst
CyberDefenses, Inc. is looking for a highly motivated Information Assurance Analyst to document and perform analysis for various RMF artifacts and IA controls.
Duties & Responsibilities
Perform analysis of systems against applicable RMF IA controls.
Create and update documentation for various RMF artifacts (Security Plan, System Security Plan, Security Concept of Operations, Continuity of Operations Plan, Disaster Recovery Plan, Contingency Plan, Ports and Protocol Services Matrix, Physical Security Plan, Audit and Accountability Policy, Configuration Management Policy, IA Training Plan, Vulnerability Management Plan, Plan of Action and Milestones).
Develop and maintain scripts to facilitate applying required configurations and capabilities necessary to achieve compliance to applicable RMF IA controls.
Perform vulnerability scanning using DoD Assurance Compliance Assessment Solution (ACAS), consisting of Tenable Nessus and SecurityCenter software.
Perform DoD Security Technical Implementation Guidance (STIG) scans of systems and manual STIG checklist reviews.
Perform penetration testing on software to identify security flaws.
Execute source code analysis scans using HPe Fortify SCA and support analysis of the results.
Education, Certification & Clearance Required
Associate Degree or higher in Computer Science or Computer Technical Certificate (MSCE or GAIC certificate) with related experience.
Security + certification or other IAT Level II or III certification.
Current US Security Clearance (or recently cleared).
- Analytical ability to understand and interpret Department of Defense (DoD) security policies and procedures.Knowledge of the NIST SP800-53 RMF IA controls and NIST SP800-53A RMF assessment procedures.Experience with application vulnerability testing.Working knowledge in the functionality of common operating systems, software programs and systems hardware functions
Experience with common Windows and Linux scripting languages, such as Visual Basic Scripting, PowerShell, and Bash shell scripting.
Knowledge of DoD STIGs and applying required configurations.
Able to work at our client’s site during normal working hours.