COMNAVSURPAC Information System Analyst

Information Security Analyst Naval Amphibious Base, Coronado, CA Please go to our website to apply:https://www.caskgov.com/careers/openings/ POSITION:Information Security Analyst LOCATION:Naval Amphibious Base, Coronado, CA STATUS:Funded CLEARANCE:Candidate must possess an active U.S Government SECRET Clearance. TRAVEL:Up to 25%. DESCRIPTION:Candidate will be providing Information Security Analytics Support to Command, Control, Communications, Computers, Combat Systems, and Intelligence (C5I) / Cyber Readiness Program Mission and Infrastructure Support Services to Commander, Naval Surface Forces, Pacific (CNSP) N6 Department Staff and Divisions. Specific duties are listed below. DUTIES: • Provide cybersecurity and Risk Management SME(s) with documented experience, capabilities, training, and technical certification following DoD 8140 and SECNAV 5239 requirements • Proven expertise in Assured Compliance Assessment Solution (ACAS) scanning procedures and Security Center development • Proven experience in Host-Based Security System (HBSS) to include policy development and tuning for all DOD-mandated point products • Patching experience for both Windows and Linux systems. • Risk Management Framework (RMF) Support. Perform RMF support in accordance with DoDI 8510.01 “Risk Management Framework (RMF) for DoD Information Technology, including control validation, documentation development and support, Navy Approving Official (NAO) coordination assistance, and continuous monitoring support, as required, for CNSP Centrally Managed Programs (CMPs). • Develop and maintain the CMP's cybersecurity architecture, develop a Business Case Analysis (BCA), and conduct required site surveys for both site and system Authority to Operate (ATOs). • Perform all required and approved Information System Security Engineer (ISSE) RMF process steps, including the following: • Overseeing the development and maintenance of a system’s cybersecurity solutions • Identifying system type (IS, PIT, IT product, IT service) and any special considerations, including multi-service/agency, joint, cross domain, Privacy Impact Information (PII), Protected Health Information (PHI), tactical, space, etc., to support RMF Step 1 System Categorization. • Identifying the security control baseline set and any applicable overlays, and tailoring • Perform development, maintenance, and tracking of the SP. • Perform security control implementation and testing efforts. • Initiating the Risk Assessment Report (RAR). • Perform security testing required as part of Authorization and Accreditation (A&A) or annual reviews, to include scanning, patching, and HBSS implementation and policy development. • Mitigate and close open vulnerabilities under the system’s change control process. • Participate in any related meetings or teleconferences with assessors, validators, or approving authorities to support A&A requirements. • Develop the documents required for Authority to Operate (ATOs) decisions and maintain compliance. • Support eMASS, DITPR-DON, and DADMS entries for CMPs. • Support VRAM tracking, acknowledgment, and scanning, as required, for CMPs. • Command Policy development. Perform research and development of command cybersecurity and information assurance policies under the Force ISSM’s purview. • Inspection support. Perform research and development of requirements and processes for command cybersecurity and information assurance inspections. • Develop briefs, checklists, and documentation to self-assess and conduct inspection requirements. • Spillage and SITREP Support. Provide track command Situation Report (SITREP) actions, reports, and submittals. • Perform e-spillage coordination, tracking, and reporting. Required Skills / Qualifications • Bachelor’s Degree preferred but not required. • Strong leadership, organizational, planning, communication, and time management skills, as well as the ability to multitask and work against strict deadlines, are critical. • Strict attention to detail – must be detail-oriented. • Availability and willingness to lift materials up to 50 lbs., and perform squatting, kneeling, and extended standing. • Ability to travel occasionally, up to 25%. • Must possess and maintain IAT Level 2 (e.g., CompTIA Security+ CE). • Must possess and maintain an active U.S Government SECRET Clearance. Preferred Technical Skills: • Possess the requisite training, experience, and/or certifications necessary to perform Risk Management and Information Systems Security functions following DOD and DON requirements. • Competent in Microsoft Office, MS Project, and MS Outlook. • Familiarity with MS TEAMS. • Proven experience in Assured Compliance Assessment Solution (ACAS) scanning procedures and Security Center development • Proven experience in Host-Based Security System (HBSS), including policy development and tuning for all DOD-mandated point products • Patching experience for both Windows and Linux systems. • Familiarity with eMASS portal • Familiarity with DITPR-DON / DADMS portal Required Security Clearance: • Must possess and maintain an active U.S Government SECRET Clearance. About Cask Cask is a woman-owned small business (WOSB) founded in 2004 by a group of professionals who saw the need to help clients use and unlock the value of technology in more efficient, cost-effective ways. Cask delivers business and technology advisory and consulting services to help our customers achieve success. Cask is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, gender, age, status as a protected veteran, among other things, or status a qualified individual with a disability. EEO/Employer/Vet/Disabled