Job Information
Alaka'ina Foundation Family of Companies Information Systems Security Specialists II in Philadelphia, Pennsylvania
Information Systems Security Specialists II
Location PA - Philadelphia
Job Code 10386
# of openings 10
Apply Now (https://phg.tbe.taleo.net/phg04/ats/careers/v2/applyRequisition?org=AKIMEKATECH&cws=43&rid=10386)
The Alaka`ina Foundation Family of Companies (FOCs) has a potential need for Information Systems Security Specialists II to support a Navy government customer. Position is onsite at the Government facility in Philadelphia, PA.
DESCRIPTION OF RESPONSIBILITIES:
Perform installation, configuration, and integration of new technology with IT security standards, backups, security patches, and the performance of analysis to ensure security controls are properly implemented. Not responsible for developing technology. Assist with implementing any new Commercial-Off-The-Shelf (COTS) technologies used to maintain operations and Cyber Compliance, Updated Microsoft Windows Operating Systems, Active Directory, Anti-Virus, and any other IT support/Management Software. Operating systems include multiple variants of Linux/UNIX, Microsoft Windows server, workstation and VMware operating systems.
Install, configure, troubleshoot, resolve, and execute backup of: Linux/UNIX Consoles; Windows Server/Workstation Consoles; VMWare/ Hyper-V Virtual Infrastructure; Storage Area Networks; and Database Servers.
Register and manage user access for test site systems.
Install security patches on servers to eliminate identified vulnerabilities, and report on patch compliance.
Perform routine audits of systems and software, add, remove, and/or update user account information and perform password-resets, as applicable.
Monitor system-security to maintain security posture, and document the latest version of system-configuration.
Conduct performance tuning – tasks include optimization of equipment and devices to ensure performance of parts and systems is as close to their theoretical peaks as possible.
Research and recommend methods and procedures to implement new security patches and remediation.
Configuration Management: Implement configuration version control practices and processes (i.e. checkout/check-in, version number control, system/software baselines, merge, build, test, and release) for software, hardware, firmware, images, technical manuals, test procedures and other support documentation.
Desktop Support: Troubleshoot user-problems to determine whether the issues are hardware, software, procedural, or communication-related and route the issue/problem to the correct support-party for resolution, track and log the incoming requests and report the incidents.
Troubleshoot: Provide first-level usage support for locally developed applications deployed within all customer Land Based Test Sites.
Assess: Monitor desktop systems on a daily basis to discover/find and correct any identified technical problems.
Hardware: Install IT devices in support of test site system testing requirements. Configure devices to be compatible with test site operation requirements as well as RMF ATO requirements. Maintain accurate inventory of all test site IT systems.
Monitor: Plan and coordinate security measures to safeguard information in computer files against accidental or unauthorized damage, modification or disclosure. Provide recommendations for implementation.
Evaluate: Plan and support the installation and testing of new products and improvements to computer systems, such as the installation of testing equipment in support of test site requirements.
Procedures: Develop RMF required documentation that captures procedures on how system access control, asset inventory, patch management, and communications between system POCs are managed.
Develop system architecture diagrams, software design requirements, network connection diagrams, integrity analysis of integrated products, life-cycle management analysis, and vulnerability assessment.
Based on this analysis, the contractor shall write, remediate and mitigate security vulnerabilities resulting from the software development tools used, operating system deficiencies, and the actual software implementation.
Create and maintain a vulnerability Navy eMASS POAM for systems.
Perform a detailed technical documentation analysis of the software/hardware associated with the system and components.
Conduct all Assured Compliance Assessment Solution (ACAS) scans as required on all Land Based Test Site systems using approved scanning solutions per DoD and RMF requirements.
Assess and perform required system security reviews per RMF system requirements.
System configuration – address system vulnerabilities by configuring and assessing systems to meet all necessary DoD and RMF system hardening requirements.
System Troubleshooting: The Contractor shall participate in system validation testing in relation to the implementation of RMF system hardening requirements.
Assist in ensuring systems are functioning after system hardening requirements are implemented.
Develop RMF A&A package documentation required for ATO-submission in accordance with DoD/NAVSEA directives, which includes the following components: Platform IT (PIT) Determination package documentation, System Categorization Form, Information System Continuous Monitoring Strategy (ISCM), Security Plan (SP), Step Concurrence forms, Plan of Actions and Milestones (POA&M), Security Assessment Plan (SAP), Security Assessment Report (SAR), Risk Assessment Report (RAR), and Security Authorization Package.
Ensure the RMF A&A package is submitted to the Certification Authority (CA) in sufficient time for its review and operational cybersecurity risk recommendation to obtain Designated Accrediting Authority (DAA) authorization decision; authorization must be obtained prior to operations or tests on a live network (i.e. LBES or shipboard).
Ensure the RMF artifacts are in compliance with the latest published Navy, NAVSEA Business Rules, and NIST and Security Plans. Should there be any conflicting interpretations, request for clarification/adjudication will be resolved by the Government Information Assurance Manager (IAM)/Information System Security Manager (ISSM).
Provide troubleshooting support during the implementation of new security features into the Control System Operating Environment. The contractor shall determine if new security features are prohibiting the control system from operating properly.
Monitor and maintain the security posture of IT systems in accordance with each system’s SOP; tasks include patching, implementing STIGs, analyzing network traffic, and applying new physical security measures
Ensure system’s compliance with all applicable Information Assurance Controls (IACs) for an assigned DON system within the NAVSEAINST guidelines.
Review test plans and procedures to ensure the test plan(s) are comprehensive enough to addresses the corresponding level of effort, and will validate all IA requirements applicable to the IT system or site being certified and accredited.
Evaluate all discrepancies reported by validators, and recommend mitigation measures for reducing or eliminating specific risk items.
Address deficiencies reported by validators by executing approved-remediation methods to harden and secure the system; work includes STIGs, patching, scanning, validation of inventory and creation of network diagrams.
Coordinate with the Information Assurance Officer (IAO) to determine and fix [and/or mitigate] identified weaknesses, and to determine the level of revalidation testing required should immediate fixes not be applied.
Provide in-person, phone or e-mail support as appropriate to respond to validator requests within one week of notification.
REQUIRED DEGREE/EDUCATION/CERTIFICATION:
Must have a High school diploma or HS equivalency certificate.
In accordance with DoD 8570.01-M, candidates must be IAT II certified with at least one active baseline certification: CCNA-Security; CySA+ **; GICSP; GSEC; Security+ CE; CND; or SSCP.
REQUIRED SKILLS AND EXPERIENCE:
Must have two (2) years of cybersecurity experience in DISA Enterprise Mission Assurance Support Service (eMASS) and Assured Compliance Assessment Solution (ACAS).
REQUIRED CITIZENSHIP AND CLEARANCE:
Must be a US Citizen.
Must have an active Secret clearance.
The Alaka`ina Foundation Family of Companies (FOCs) is a fast-growing government service provider. Employees enjoy competitive salaries. Eligible employees enjoy a 401K plan with company match; medical, dental, disability, and life insurance coverage; tuition reimbursement; paid time off; and 11 paid holidays.
We are an Equal Opportunity/Affirmative Action Employer. We are proud to state that we do not discriminate in employment decisions on the basis of race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status. If you are a person with a disability and you need an accommodation during the application process, please click here (HRdept@alakaina.com) to request accommodation. We E-Verify all employees.
The Alakaina Foundation Family of Companies (FOCs) is comprised of industry-recognized government service firms designated as Native Hawaiian Organization (NHO)-owned and 8(a) certified businesses. The Family of Companies (FOCs) includes Keaki Technologies, Laulima Government Solutions, Kūpono Government Services, and Kāpili Services, Pookela Solutions, Kīkaha Solutions, LLC, and Pololei Solutions, LLC. Alakaina Foundation activities principally benefit the youth of Hawaii through charitable efforts which includes providing innovative educational programs that combine leadership, science & technology, and environmental stewardship.
For additional information, please visit www.alakainafoundation.com.
#ClearanceJobs