This job has closed.

ARMADA, Ltd. · 3 weeks ago

Specialist, Information System Security III (SISS3)

Philadelphia, PA

Full-time

Onsite

Senior Level

5+ years exp

ARMADA, Ltd. is seeking a Specialist in Information System Security III to conduct risk and vulnerability assessments for systems. The role involves executing security assessment plans, performing system security evaluations, and documenting residual risks to ensure compliance with cybersecurity standards.

HardwareManufacturingMobile

Growth Opportunities

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Specialist, Information System Security III (SISS3) will conduct risk and vulnerability assessments of planned and installed systems to identify vulnerabilities, risks and protection needs; conduct systems security evaluation, audits, and reviews; determine the residual risk of a package based on package content and assessment results and documenting for the Security Controls Assessor's (SCA) and higher level review

Execute Security Assessment Plans (SAPs) by conducting on-site testing for afloat and PIT ashore systems. Examples include executing STIGs, SRGs, ACAS scanning, and applying patches assets to obtain cybersecurity compliance and remediate vulnerabilities

Specialist, Information System Security III (SISS3) will conduct systems security reviews, audits, or evaluations, as appropriate, to ensure accreditation documents are accurate and represent the current risk posture of the system

Perform analysis of logs, events, and reporting of various data collections tools including: vulnerability monitoring via Assured Compliance Assessment System (ACAS) and related tools, Host Based Security Systems (HBSS), web content filters, Security Information and event management (SIEM), firewall systems, network devices, server devices, workstations, and intrusion detection and prevention systems (ID/PS)

Specialist, Information System Security III (SISS3) will assess impacts from observed risks and report via the Cybersecurity Program chain of command

Executing Security Assessment Plans (SAPs) by conducting on-site testing for afloat and PIT ashore systems. Examples include executing STIGs, SRGs, ACAS scanning, and applying patches assets to obtain cybersecurity compliance and remediate vulnerabilities

Perform the evaluation of system administrator, security engineer, and/or system owner proposed corrections to ensure compliance and best-fit solution

Specialist, Information System Security III (SISS3) will present and submit data to management, develop reports, and produce procedural documentation in a comprehensive and cohesive manner

Perform risk management and security engineering for Research, Development, Testing, and Evaluation (RDT&E) RMF Afloat systems include Information Assurance Vulnerability Management (IAVM) support, remediation, patching, scanning and associated boundary maintenance

Specialist, Information System Security III (SISS3) will document residual risks in a plan of actions and milestones formatted in compliance with the current package system, currently eMASS

Specialist, Information System Security III (SISS3) will maintain current vulnerability scan data and residual risk plan of actions and milestones in Vulnerability Remediation Asset Manager (VRAM)

Manage, attend, and support configuration control board practices

Create and verify the accuracy of POA&Ms/RARs as identified by vulnerability actual test results

Specialist, Information System Security III (SISS3) shall write technical documentation such as user manuals, reports, documentation, policies, presentations, Plan of Action and Milestones (POA&Ms), risk assessments, proposals, outlines, and summaries in support of both ashore and afloat systems across multiple platforms. Support developing of technical documents across multiple platforms including conﬁguration management, milestone, issue tracking, web site content management and RMF documentation

Specialist, Information System Security III (SISS3) may be required to travel CONUS (any state in USA) and OCONUS (primarily Japan, and any country in Europe). The estimated number of trips is 14 per year (estimated 25%-30% travel)

Other duties as assigned

Qualification

CybersecurityRisk Management Framework (RMF)Information AssuranceCompTIA Security+ (CE)Assured Compliance Assessment Solution (ACAS)PowerShellTechnical DocumentationTeam CollaborationOral CommunicationWritten CommunicationOrganizational Skills

Required

Active Secret Security Clearance

Ability to travel CONUS (any state in USA) and OCONUS (primarily Japan, and any country in Europe)

Proficient in Microsoft Windows Operating System Administration, including Windows 11, Windows 10, Windows 7, and Windows XP (at a minimum)

Ability to work as a team member, communicate, perform office functions and use office tools, customer focused and deliver exceptional performance

Possess excellent organizational and file management skills and the ability to plan and execute administrative work with little supervision

Possess excellent oral and written communication skills

Minimum of one (1) IAT Level II listed certificate required: CompTIA Security+ (CE), CompTIA CySA+, GIAC Security Essentials (GSEC), ISC² SSCP (Systems Security Certified Practitioner)

Five (5) years of experience in the following: Cybersecurity, Engineering, Test and Evaluation (T&E) or Authorization and Assessment (A&A) (formerly C&A) related field

Five (5) years of experience in Information Assurance tools such as Defense Information Systems Agency (DISA) Enterprise Mission Assurance Support Service (eMASS), Assured Compliance Assessment Solution (ACAS)

Five (5) years of experience in command line interface, PowerShell, and performing automated tasking through use of code

College degree in any technical discipline from an accredited college or university