Responsible for working on-site with the project IAM and contractor support personel to perform static and dynamic source code analysis using automated tools such as HP Fortify, to support the Application Security Development STIG. Additionally responsible for running and maintaining Cybersecurity testing tools like ACAS Security Center, Vulnerator and SCAP. Candidate will also support the accreditation and Risk Management Framework (RMF) processes life cycle. The information gathered during these activities will be used to create and maintain associated POA&Ms that will be used to track the systems security posture. In addition to technical responsibilities, candidate will be responsible for maintaining and performing security checks and updates to products documentation generated by teammates. Full time on-site lab presence within NAVAIR base required.
- Strong verbal and written communication skills. - US citizen and possess a DoD Secret clearance. - Education: High School diploma or GED - DoD 8570.1-M IAM II certification (SSCP or Security+ CE with appropriate Operating System certificate) - Five (5) or more years of experience providing cyber security and/or security analyst support as described to DoD programs. - Computer system experience to include: Design, Development, Test and Evaluation, Network Protocols, LAN administration fundamentals, and UNIX and Windows based operatingsystem. - Experience with performing static code analysis using automated tools such as HP Fortify required. - Experience in performing vulnerability testing and using DoD approved tools (Nessus ACAS, SCAP, Vulnerator, HBSS, STIG viewer etc.) - Experience evaluating systems utilizing the NIST SP 800-53 - Experience with the RMF A&A process and with RMF package documentation.
This position requires a Secret US DoD security clearance.
- Preferred OS certifications (CompTIA Linux +, Red Hat RHSA, Microsoft, Cisco CCENT/CCNA) - Linux/Unix/Solaris experience as well as DoD RMF process.