When it comes to connecting IT experts to the organizations that need their talent most, Randstad Technologies has the edge. We position our candidates to succeed by introducing them to opportunities that both utilize their unique technical skills and allow them to develop new ones. In an ever-evolving industry,we're constantly refreshing our expertise in the field to deliver the full-service capabilities—from resume guidance to industry trendspotting—necessary for IT professionals to succeed and stay ahead. With ourlarge network of professionals and our relationships with many leading-edge firms, we’re here to find opportunities for you to contribute to business successes, achieve your current career goals, and pave the way for new ones.
Randstad US is comprised of a portfolio of specialty brands. Our comprehensive staffing approach provides clients with simplified access to our entire specturm of capabilities, including Accounting & Finance, Administrative/Clerical, Engineering, Healthcare, Human Resources, Information Technology, Legal, Life Sciences, Managed Services, and Manufacturing/Logistics. Randstad's full-service capabilities include project, project to direct hire recruitment and staffing from the executive to support levels, providing flexible options for our clients' staffing and candidates' career needs.
Information Assurance Analyst
Patuxent River Naval Air Station, Maryland 20670
Roles and Responsibilities:
• Support Information Assurance Managers (IAMs), Information Assurance Officers (IAOs), Program Managers, Project and Application leads across the enterprise in ensuring the required Certification and Accreditation (C&A) documentation is prepared, reviewed, and retained in accordance with DoD/Navy/FISMA guidance.
• Ensure Risk Management is provided throughout the life cycle of the systems and networks.
• Review and assess Information System security certification and accreditation support documentation (e.g., DIP, Scorecard, SIP, system architecture diagrams, document external and internal interfaces and data flows, accreditation boundaries, ensure DADMS/FAM approved applications are used, systems are configured per DISA Security Technical Implementation Guides (STIGs), ensure POA&Ms are updated, contingency plans are developed and tested, incident response plans are developed, ensure Sustainment and Supportability, etc.)
• Track, document, and formally brief status of assigned systems and networks.
• Provide technical capability to identify security-related solutions.
• Provide technical expertise as an RDAA-representative during formal Configuration Control Board (CCB) meetings.
• Comprehend vulnerability scans and develop mitigation strategies and POA&Ms.
• Brief IAMs, IAOs, program managers, project leads, application managers, and system administrators across the enterprise on Information Assurance, Certification and Accreditation and methods for securing their systems and networks.
• Draft accreditation support documentation such as DIACAP packages, to include NIST 800-34 contingency plans, POA&Ms, Privacy Impact Assessments (PIAs) security standard operating procedures, security test and evaluation plans, and residual risk assessments.
• Review and comment on local security policies and procedures; coordinate security implementation issues with the appropriate Government officials and/or prime contractors; and support technical security testing.
• Some travel to may be required
• High School diploma.
• 8 years related recent experience.
• Experienced in developing, reviewing and analyzing DIACAP packages in accordance with the DoD/Navy accreditation process.
• Experienced with reviewing security architecture and design diagrams detailing ports, protocols, etc. for DoD RDT&E labs.
• Experience in analyzing and interpreting the results of network and system vulnerability scans and be able to test and validate IA controls per the DIACAP Knowledge Service.
• Experience using DoD hardening and scanning tools such as the DISA Gold Disk, Security Readiness Reviews, Retina, Hercules, Nessus, etc.,
• Experience conducting manual validations to ensure assigned systems are configured to DISA Security Technical Implementation Guides (STIGs).
• Technical understanding of Firewall policy (PPS CAL, UTNPp, CTNPp, etc)
• Demonstrated hands on, C&A/Information Assurance System Security Engineering (IASSE) experience with Navy and/or DoD programs.
• Knowledge of TEMPEST, COMSEC, and experience conducting Independent Verification & Validation (IV&V) and security testing of DoD and/or Navy systems.
• Excellent verbal and written communication skills.
• Must be able to obtain and maintain SECRET clearance (INTERIM required to start).
• US Citizenship required.
Candidates with these desired skills will be given preferential consideration:
• Bachelor Degree in Computer Science/Information Systems or related technical field.
• 4 years related experience.
• Experience supporting the C&A of DoD/Navy systems with Cross Domain Solutions, Platform IT, and DISN circuits .
• DoD 8570 compliant IA certification for IAM II including one of the following:
o (ISC)2 Certification Authorization Professional (CAP)
o GIAC Security Leadership Certificate (GSLC)
o Information Systems Audit and Control Association (ISACA) Certified Information Security Manager (CISM)
o (ISC)2 Certified Information Systems Security Professional (CISSP), or Associate
• Active SECRET clearance
Randstad Technologies is an EOE-M/F/V/D and is a wholly owned subsidiary of Randstad Holding nv, a $22.5 billion global provider of HR services and the second largest staffing organization in the world.