Information Assurance Analyst - DISA

Company Description

Global Business Solutions, Inc., established in 1995, offers customers a distinctive blend of information technology capabilities, education and training services, and information assurance solutions. Managed by a team of executive leaders experienced in the field of information technology and training services within the industry and government, GBSI prides itself on exceeding expectations. Our award-winning solutions give clients the support tools needed to successfully deliver in evolving environments with confidence.

Job Description

ROLE AND RESPONSIBILITIES
Conducts capacity and performance analysis, and provides system configuration change and upgrade recommendations. Increases system administrator efficiency and accuracy via the use of automated tools and scripts, develops system administrator procedures, and conducts system administrator training and skills assessment.
PRIMARY OBJECTIVES OF THE INFORMATION ASSURANCE ANALYST
• VMS/CMRS Management including entering data, running reports, and ensuring that hardware is up-to-date with security patches from vendors;
• System scans using DoD-approved scanning tools such as ACAS, Gold Disk, Retina, and HBSS Policy Auditor;
• Process and retain System Authorization Access Requests (DD2875);
• Develop and execute test plans in accordance with DoD guidelines, to collects/analyze data, write reports and coordinate with system managers and product developers for remediation of findings:
• Perform assessments of systems and networks within the networking environment or enclave and identify where those systems and networks deviate from acceptable configurations, enclave policy, or local policy. This is achieved through passive evaluations such as compliance audits and active evaluations such as vulnerability assessments;
• Establish strict program control processes to ensure mitigation of risks and achievement of certification and accreditation of systems. Includes support of process, analysis, coordination, security certification test, security documentation, as well as investigations, software research, hardware introduction and release, emerging technology research inspections and periodic audits;
• Assist in the implementation of the required government policy; make recommendations on process tailoring and participate in and document process activities;
• Perform analyses to validate established security requirements and to recommend additional security requirements and safeguards. Support the formal Security Test and Evaluation (ST&E) required by each government accrediting authority through pre-test preparations, participation in the tests, analysis of the results and preparation of required reports;
• Document the results of Certification and Accreditation activities and technical or coordination activity and prepare the system Security Plans and update the Plan of Actions and Milestones POA&M;
• Periodically conduct a complete review of each system's audits and monitor corrective actions until all actions are closed.

Qualifications

• A minimum of five (5) years of experience in Cybersecurity, IA, or related area;
• CISSP Certification preferred;
• Possess an IAT/IAM Level III certification in accordance with DoD 8570.01-M Information Assurance Workforce Improvement Program guidelines;
• Defense Information Assurance and Certification Process (DIACAP);
• Vulnerability Management System (VMS);
• DoD C&A Portal (eMASS);
• Risk Management Framework (RMF);
• Assured Compliance Assessment Solution (ACAS);
• Continuous Monitoring and Risk Scoring (CMRS);
• DoD Security Technical Implementation Guides (STIGS);
• Federal Information Security Management Act (FISMA);
• Host Based Security System (HBSS);
• McAfee’s Enterprise Policy Orchestrator (ePO);
• Knowledge of DOD Information Security (INFOSEC);
• Ability to communicate effectively orally and in writing;
• Knowledge of IT Systems Analysis;
• Knowledge of IT policy and planning, IT project management, and system administration;
• Knowledge and experience in Windows, Linux, Networking, Proxy, and Firewalls;
• Knowledge and experience with DoD STIGs, SRRs, OVAL, SCAP and their application/use for security evaluation and remediation of various systems. (Windows, Linux, Oracle, Cisco, Juniper, etc.); Ability to pass a government background check.

Additional Information

GBSI is an Equal Opportunity and Affirmative Action Employer committed to providing equal employment opportunity without regard to an individual’s race, color, religion, creed, age, sex (including pregnancy), sexual orientation, gender identity, genetics, marital status, national origin, disability, veteran status, political affiliation or belief. This equal opportunity applies to every area of employment at GBSI, including recruitment, hiring, training, transfers, promotions, terminations, compensation, and benefits. We continue to affirm our commitment to an inclusive workplace through Affirmative Action Plans that address employment opportunities for qualified women, minorities, veterans, and individuals with disabilities. We welcome and encourage diversity in our workforce.

Our policies prohibit discrimination and harassment based on race, color, religion, creed, age, sex (including pregnancy), sexual orientation, gender identity, genetics, marital status, national origin, disability, veteran status, political affiliation or belief. It is important that employees and applicants trust that they can address a concern of discrimination or harassment without retribution. GBSI will not tolerate retaliation against an individual who reports, opposes, or participates in an investigation of discriminating or harassment that violates GBSI policies.

GBSI invites any employee or any applicant for employment to review GBSI’s written Affirmative Action program, absent the data metrics required by §60-741.44(k). The AAP is available for inspection upon request during the hours of 8:00am - 4:00pm Monday - Friday in the Human Resources department. Any questions should be directed to Sheila D. Dyer, GBSI’s EEO Administrator.
No part of this Position Description or of any other shall be construed as an employment contract. Employment with GBSI is at will and constrained by both the laws of the State of Florida and those of the state wherein the employee performs services for the company.