It's fun to work in a company where people truly BELIEVE in what they're doing!
We're committed to bringing passion and customer focus to the business.
The Information Assurance Security Specialist provides support to the Defense Health Agency (DHA) at Fort Sam Houston in San Antonio, Texas.
ESSENTIAL DUTIES AND RESPONSIBILITIES
Essential duties and responsibilities include the following. Other duties may be assigned.
Responsible for the integration of CNI Core Competencies into daily functions, including: commitment to integrity, knowledge/quality of work, supporting financial goals of the company, initiative/motivation, cooperation/relationships, problem analysis/discretion, accomplishing goals through organization, positive oral/written communication skills, leadership abilities, commitment to Affirmative Action, reliability/dependability, flexibility and ownership/accountability of actions taken.
Tracks and reports status of major projects and deliverables to include Risk Assessments, Risk Acceptance, accreditation and authorization efforts (A&A), Control Correlation Identifier (CCI) completion, Plan of Action and Milestones.
Recommends corrective actions and process improvements.
Maintains responsibility for accuracy and timeliness of inputs to eMASS and other accreditation requirements.
Supports the mission of the Information Systems Security Officer (ISSO) for all DHA managed systems under the ISSO’s responsibility.
Leads team to ensure network resources are in compliance with DoD IA and security policies and vulnerability alerts, all IAVAs and any other technical advisories identified by the USCYBERCOM/DHA.
Fixes Category 1, Category A and other urgent rated vulnerabilities within 21 days. Most Category 2 and 3 rated vulnerabilities are resolved during a routine maintenance window; however, some may require manual remediation(s), or a shorter timeframe.
Administers, records and supports the upkeep of all network resources and any implemented changes as reported by the Continuous Monitoring and Risk Scoring (CMRS)/ACAS/other scanning tools.
Ensures all discovered discrepancies or security vulnerabilities, such as missing patches or perceived gaps in network security, are immediately resolved through the necessary DHA offices and service functions.
Creates Plan of Actions and Milestones (POA&Ms), maintains and follows through to resolution for issues requiring additional time for testing, solutions development, team collaboration, and deployment. POA&Ms include detailed/applicable risk mitigation statements, and appropriate milestone dates.
Oversees team performing IA scans of network enterprise devices using tools such as, Security Content Automation Protocol (SCAP) Compliance Checker (SCC) Tool, manual checks, DISA STIG Viewer, ACAS Nessus Scanner, and ACAS Security Center. Performs routine and random testing of servers and devices to ensure 100% security compliance.
Validates deployed security patches and solutions to ensure proper installation and function.
Maintains and validates asset lists within ACAS and eMASS. Maintains 95% of credentialed scans by resolving non-credentialed/dead/misconfigured assets.
Reports any security violations and incidents up the chain of command within established timeframes.
Replies and reports to security and associated taskers.
Ensures log files and audits are maintained and reviewed for all systems, and that authentication policies (i.e., password) are audited for compliance.
Reviews and evaluates the effects of security system changes, including interfaces, with other Information Systems (IS) and documents all changes.
Ensures that all IS within area of responsibility (e.g. mJAD, AMEDD, North Beach Pavilion LAN) are certified and accredited via the Risk Management Framework (RMF) or comparable accreditation process.
Maintains and updates in eMASS or other RMF system as required.
Legacy accreditations may sunset, transition, or migrate to other existing or newly created accreditation boundaries.
Responsible for aiding in own self-development by being available and receptive to all training made available by the company.
Plans daily activities within the guidelines of company policy, job description and supervisor’s instruction in such a way as to maximize personal output.
Responsible for keeping own immediate work area in a neat and orderly condition to ensure safety of self and co-workers. Will report any unsafe conditions and/or practices to the appropriate supervisor and human resources. Will immediately correct any unsafe conditions as the best of own ability.
Bachelor’s degree in Computer Science or a related field of study and the following number of years of relevant experience for the respective levels (or equivalent combination of education / experience):
Mid Level: BS and 2 years’ of relevant experience or 6+ years’ of relevant experience
Senior Level: BS and 4 years’ of relevant experience or 8+ years’ relevant experience
Experience working in or with Defense Health Agency or other military medical environment. Minimum of two to four (2-4) years’ experience with DIACAP and/or RMF, IAT Level III certification IAW DOD 8570.01-M.
CERTIFICATES, LICENSES, REGRISTRATION
Must be a US Citizen
ADP II Position of Trust prior to commencing work
JOB SPECIFIC KNOWLEDGE / SKILLS / ABILITIES
Excellent oral and written communication skills
IAT-III, – one of the following: CASP+ CE, CCNP Security, CISA, CISSP (or Associate), GCED, or GCIH
MCSA or MCSE
Ability to read, analyze and interpret general business periodicals, professional journals, technical procedures, or governmental regulations. Ability to write reports, business correspondence and procedure manuals. Ability to effectively present information and respond to questions from groups of managers, clients, customers and the general public.
Ability to work with mathematical concepts such as probability and statistical inference, and fundamentals of plane and solid geometry and trigonometry. Ability to apply concepts such as fractions, percentages, ratios and proportions to practical situations.
Ability to define problems, collect data, establish facts and draw valid conclusions. Ability to interpret an extensive variety of technical instructions in mathematical or diagram form and deal with several abstract and concrete variables.
The physical demands described here are representative of those that must be met by an employee to perform successfully the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of this job. Work is primarily performed in an office environment. Regularly required to sit. Regularly required use hands to finger, handle, or feel, reach with hands and arms to handle objects and operate tools, computer, and/or controls. Required to speak and hear. Occasionally required to stand, walk and stoop, kneel, crouch, or crawl. Must frequently lift and/or move up to 10 pounds and occasionally lift and/or move up to 25 pounds. Specific vision abilities required by this job include close vision, distance vision, depth perception, and ability to adjust focus. Exposed to general office noise with computers printers and light traffic.
All qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, age, marital status, pregnancy, genetic information, or other legally protects status.
If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us!