Role: Information Security Specialist – Intermediate
Location: Fort Knox, KY OR Remote
Education/Certifications: BA/BS or MA/MS preferred; IAT Level II; Computing Environment Certification
Years of Experience: 5+
Clearance Level & Investigation: Secret
IA Cert Level (DoD 8570.01): IAT Level II (Security+, CCNA-Security, GSEC, CySA+, CND, or SSCP recommended)
Computing Environment Certifications: Required
Job Description:
Qualifications:
- Uses current information security technology disciplines and practices to ensure confidentiality, integrity, and availability of information assets IAW established standards and procedures.
- Develops and maintains knowledgebase on changing regulatory, threat, and technology landscapes to continually develop or maintain security policies and standards, and ensure compliance throughout organization.
Specific Responsibilities:
- Personnel support the following functional areas: Liaison Support; Cyber Readiness & Operations; and Access Control & Training Management.
- Provides surge support, technical guidance, and expertise in the areas of Cybersecurity to support Customer, Mission Partners, IMOs, ISSOs, IS Owners, Software Developers, Network System, and Database Administrators IAW all related cyber regulations and directives; provide results in reports, briefs, and deliverables as required to the appropriate Government representative.
- Provide Cybersecurity surge support in the event of real world or additional requirements in support of RMF compliance checks and documentation review across authorization boundaries, including, but not limited to:
- Perform security review preparation for all security controls associated with RMF applicable to an assigned authorization boundary based upon the Confidentiality, Integrity, or Availability designation.
- Perform on site or off-site reviews of all information systems to audit and validate compliance with associated security controls.
- Perform as reviewers of audit teams during inspections, assessments, evaluations, audits, etc.
- Provide reports to the assigned Government representative as required.
- Provide reviews, validation, and deliverable efforts in support of compliance or non-compliance IAW CCI, STIGs and SRGs for each finding or vulnerability IAW RMF.
- Provide embedded Cybersecurity support across Customer or other supported organizations as required.
Liaison Support:
- Supports data center hosting for off-premises Customers.
- Upon receipt of Customer requirements document, reviews hosting requirements, conducts research and analysis, and provides written recommendations for impacts and risks to Customer-managed ISs.
- Provides assigned Cybersecurity onboarding support tasks during hosting of new customer’s equipment and/or software and provides recommendations.
- Supports internal and external coordination for customer requirements that require utilization and support from additional DoD and U.S. Army agencies (RMF Boundary implications, compliance validation and scanning, incident response, account management).
- Provides enduring support to new Data Center customers when hosting projects move into operational and maintenance mode, which may also require internal and/or external coordination as stated during migration.
- Maintains external off-premises customer POC list.
- Attends all assigned Data Center hosting customer meetings, and delivers meeting notes.
Cyber Readiness & Operations:
- Provides support in processing, executing, delivering, and tracking cybersecurity related tasks which are assigned through internal and external entities requiring Contractor support.
- Tracks dates, deliverables, artifacts, and reports as required.
- Ensures suspense dates are coordinated with owners and are not missed.
- Works internal/external to Customer to compile, create, enhance, validate, communicate deliverables via Project, PowerPoint, Excel, or other required programs.
- Provides input to the development of new and enduring requirements from Customer Leadership.
- Ensures that all internal and external Cybersecurity briefing, and report requirements are coordinated, developed, analyzed, and produced IAW established timelines (daily, weekly, monthly, quarterly, or annually).
- Maintains tracking and communication mechanism for reporting and processing internal and external Cybersecurity Task Orders, WARNOs, OPORDS, EXSUMS, and other deliverables.
- Tracks and responds to Cybersecurity related Request for Information (RFIs), enter RFI tracker.
- Supports, provides, and monitors means to create, share, use, and manage the cybersecurity related Knowledge Management program in association with contract tasks to support leadership in making sound and timely decisions.
Access Control & Training Management:
- Processes account requests for all arriving individuals, assists in creating and managing enterprise email accounts, validates training requirements for users outlined IAW regulations and directives.
- Provides account request form to Government employee for signature by IAO.
- Sends completed account request form to Security Office for processing.
- Provides seasonal in-processing support for specific events.
- Reviews out-processing checklist annotating access of individual, reassigns individual within ATCTS, signs out-processing form, and provides reports as required.
- Provides seasonal support for event out-processing and account cleanup on Recruiting Services Network (RSN).
- Serves as primary North Atlantic Southeast (NASE) ISSO, processes all Privileged Access Account requests ensuring users meet required training and Computing Environments (CE) and security requirements.
- Completes installation Privileged Access Orders and Non-Disclosure Agreement (PAA/NDA), System Administrator Orders and account request form activities amongst Command, Installation, and supporting organizations/Mission Partners.
- Checks ATCTS daily to update user’s annual training requirements IAW local policies, statutory and regulatory requirements to ensure compliance for Customer and Mission Partners.
- Processes service account password request via password control form for all service accounts.
- Provides Password to individual on control form, records information in account control, and provides reports as required.
- Assists in Quarterly update of the Automated Account Provisioning Tool manuals and uploads into the SharePoint.
- Assists in processing account request forms for RSN access control forms, tracks all access managed, and provides reports as required.
- Provides assistance to all users with Automated Account Provisioning Tool inquiries and issues and tracks all access managed, and provides reports as required.
- Processes and assists users with access to Customer applications, tracks all access managed, and provides reports as required.
- Processes access for personnel in and out processing, tracks all access managed, and provides reports as required.
- Deletes and suspends accounts IAW regulations, tracks all access managed, and provides reports as required.
- Processes requests for access through automated systems for users requiring access to applications unique to RSN, tracks all access managed, and provides reports as required.
- Provides weekly reports for the total number of individuals in/out processing on the NASE and RSN, service account password changes and newly created, providing a by name list.
- Emails report to managers and/or email distribution list for respective organizations.
- Serves as alternate Non-classified Internet Protocol (IP) Router Network (NIPRnet) ISSO, processes all NIPRnet ISSO/IMO/ISSM order requests ensuring the vetted users meet the training requirements.
- Maintains a list of ISSO/IMO/ISSM activities amongst the Command, Installation, Customer, and Mission Partners.
- Completes an annual review updating the ISSO/IMO/ISSM orders.