Job Description
Position Overview
Huntington Ingalls Industries (HII) is seeking an Information System Security Consultant. A successful candidate will provide IT and IA support for a system or enclave's information assurance program through security authorization activities in compliance with Risk Management Framework (RMF). They will maintain operational security posture to ensure information systems (IS), security policies, standards, and procedures are established and followed. They will perform vulnerability/risk assessment analysis to support Assessment & Authorization (A&A). They will provide configuration management (CM) for information system security software, hardware, and firmware. They will manage changes to system and assesses the security impact of those changes. They will prepare and review documentation to include System Security Plans (SSPs), Risk Assessment Reports, A&A packages, and Security Controls Traceability Matrix (SCTM).
Want more jobs like this?
Get Human Resources and Recruitment jobs in Mountain View, CA delivered to your inbox every week.
Job Responsibilities
• Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources.
• Ensure that cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level.
• Document and escalate incidents (including event's history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment.
• Perform cyber defense trend analysis and reporting.
• Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack.
• Perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy.
• Use cyber defense tools for continual monitoring and analysis of system activity to identify malicious activity.
• Conduct research, analysis, and correlation across a wide variety of all source data sets (indications and warnings).
• Assess adequate access controls based on principles of least privilege and need-to-know.
• Experience with DISA STIGs and justifying the technical need for applying each setting.
• Experience with eMASS for RMF data population, tracking, and Plan of Action & Milestones (POA&M).
• Work with stakeholders to resolve computer security incidents and vulnerability compliance.
• Provide advice and input for Disaster Recovery, Contingency, and Continuity of Operations Plans.
• Plan and conduct security authorization reviews and assurance case development for initial installation of systems and networks.
• Review authorization and assurance documents to confirm that the level of risk is within acceptable limits for each software application, system, and network.
• Verify that application software/network/system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations.
• Perform security reviews, identify gaps in security architecture, and develop a security risk management plan.
• Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change.
• Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).
• Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
• Assure successful implementation and functionality of security requirements and appropriate IT policies and procedures that are consistent with the organization's mission and goals.
• Ensure that security design and cybersecurity development activities are properly documented (providing a functional description of security implementation) and updated as necessary.
• Support necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs).
Requirements:
• MS in Computer Science/Cybersecurity/Information Technology or equivalent field of study and 10+ years of related experience.
• BS in Computer Science/Cybersecurity/Information Technology or equivalent field of study and 8 years related experience.
• Current Top-Secret Clearance with SCI Eligibility.
• In accordance with DoD 8570.01M, the selected individual must meet the requirements of an IAM Level II as a condition of employment.
• Strong interpersonal skills with effective verbal and written communication skills.
• Clear and structured thought processes and coherent decision-making skills.
• Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.
• Ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies.
• Ability to function effectively in a dynamic, fast-paced environment.
• Motivation to expand knowledge and skills for self and others.
• SME in network performance engineering, advanced data transport, secure networking, embedded networking, NIST SP 800-53, NIST SP 800-171.
• Proven success building relationships with partners and stakeholders.
#LI-YS1
#CB
CJ
MSJA
Security Clearance: Top Secret/Sensitive Comp Info
Telework - Limited
Diversity Statement
We are an EOE that values our employee's talent – regardless of gender, race, ethnicity, national origin, sexual orientation, religion or other protected characteristics – Your Talent Is Our Strength .
Women, minorities, individuals with disabilities and Veterans are encouraged to apply. Alion will provide a reasonable accommodation to individuals with disabilities and disabled veterans who need assistance to apply. Please visit the Alion Careers site for more information. U.S. Citizenship Required for the majority of our positions.
Covid Notice
A new Federal Executive Order requires that employees of Federal contractors and subcontractors be fully vaccinated for COVID-19 by December 8, 2021. Accordingly, as a condition of employment with Technical Solutions, a division of Huntington Ingalls Industries, employees will be required to provide proof of full vaccination against COVID-19 or have an approved exemption prior to starting employment.