Responsible for working with the project IAM to perform static and dynamic source code analysis using automated tools such as HP Fortify, to support the Application Security Development STIG, in addition to Cyber security tools like Vulnerator, ACAS Security Center, and SCAP. Candidate will also support the accreditation and Risk Management Framework (RMF) processes. The information gathered during these activities will be used to create and maintain associated POA&Ms that will be used to track the systems security posture. In addition to technical responsibilities, candidate will be responsible for maintaining and performing security checks and updates to products documentation generated by teammates.
- Strong verbal and written communication skills. - US citizen and possess a DoD Secret clearance - DoD 8570.1-M IAM II certification (SSCP or Security+ CE with appropriate Operating System certificate) - Four (4) or more years of experience providing cyber security and/or security analyst support as described to DoD programs. - Experience with performing static code analysis using automated tools such as HP Fortify required. - Experience in performing vulnerability testing and using DoD approved tools (Nessus ACAS, SCAP, Vulnerator, HBSS, STIG viewer etc.) - Experience evaluating systems utilizing the NIST SP 800-53 - Experience with the C&A process and with DIACAP and/or RMF package documentation.
This position requires a Secret US DoD security clearance.
- Preferred OS certifications (CompTIA Linux +, Red Hat RHSA, Microsoft, Cisco CCENT/CCNA) - Linux/Unix/Solaris experience as well as DoD RMF process.