Astrion
Join to apply for the
Information Assurance Support Analyst
role at
Astrion
Overview Location: Rockville, MD Clearance: NRC Clearance Job Status: Full-Time Travel: 10% Occasional Domestic Travel
Required Qualifications / Skills
BA/BS or 5 years additional equivalent experience
6 years IT experience, with 4 years specialized in Information Assurance
Secret Clearance; the ability to obtain an NRC Security Clearance; US citizenship required
Must hold at least one of the following certifications: CompTIA Security+, CISSP, ISACA CISA, GIAC GSEC, GIAC GSNA, GIAC GPEN, CEH, CAP, CASP+, CRISC, or CCSK
Preferred Qualifications / Skills
A strong understanding of FISMA and NIST Special Publications, especially NIST SP 800-37 and NIST SP 800-53
Excellent written and oral communication skills; attention to detail is a must
Experience with vulnerability scanning tools, such as Tenable Security Center
Working knowledge of DISA STIGs, SCAP content/ audit files, and CIS Benchmarks
Understanding of cloud service models (SaaS, PaaS, IaaS) and protections as described in FedRAMP security documentation
Experience reviewing FedRAMP authorization packages and understanding how to ensure customer responsibilities are addressed in accordance with the shared responsibility model
Experience with performing technical architecture reviews of complex systems
Knowledge of major cloud platforms (Azure/ Amazon Web Services [AWS]), virtualization, networking devices, web services, network security appliances, databases, and intrusion prevention/ anti-malware software
Knowledge of system and application security threats and vulnerabilities
Proficiency with Microsoft Office applications
Ability to prioritize and complete tasks efficiently and effectively
Comfortable working individually and as part of a team
Scripting ability (e.g., PowerShell, VBA) is a plus
Familiarity with the use of artificial intelligence (AI) tools such as chat technologies to enhance personal productivity
Responsibilities
Work closely with all levels of personnel, including system administrators, Information System Security Officers (ISSOs), and Authorizing Official (AO), to support FISMA systems through the Security Assessment & Authorization (SA&A)
Assess the confidentiality, integrity, and availability impact levels of information stored, possessed, and transmitted by systems to determine the FIPS 199 security categorization
Develop and maintain system security documentation throughout all phases of the NIST Risk Management Framework (RMF). This includes security categorizations, digital identity risk assessments, system security plans, system policy and procedures, privacy impact assessments, contingency plans, configuration management plans, incident response plans, vulnerability assessment reports, deviation requests, and any other documents necessary to support systems' authorization and continuous monitoring
Analyze risks identified during security control assessments and continuous monitoring activities in accordance with NIST SP 800-30, providing recommendations for mitigation remediation
Perform and document the results of vulnerability scans and configuration compliance checks against configuration standards such as DISA STIGs and CIS Benchmarks
Analyze FedRAMP security packages to document and assess customer responsibility for cloud-based services
Assist in the review of monthly continuous monitoring deliverables produced by Cloud Service Providers (CSPs) and annual assessments produced by third party assessors (3PAOs) in support of FedRAMP requirements
Create, track, and manage system Plans of Action and Milestones (POA&Ms)
Attend project meetings and collaborate with stakeholders to ensure security is addressed throughout the entire system lifecycle
#J-18808-Ljbffr
Information Assurance Support Analyst
role at
Astrion
Overview Location: Rockville, MD Clearance: NRC Clearance Job Status: Full-Time Travel: 10% Occasional Domestic Travel
Required Qualifications / Skills
BA/BS or 5 years additional equivalent experience
6 years IT experience, with 4 years specialized in Information Assurance
Secret Clearance; the ability to obtain an NRC Security Clearance; US citizenship required
Must hold at least one of the following certifications: CompTIA Security+, CISSP, ISACA CISA, GIAC GSEC, GIAC GSNA, GIAC GPEN, CEH, CAP, CASP+, CRISC, or CCSK
Preferred Qualifications / Skills
A strong understanding of FISMA and NIST Special Publications, especially NIST SP 800-37 and NIST SP 800-53
Excellent written and oral communication skills; attention to detail is a must
Experience with vulnerability scanning tools, such as Tenable Security Center
Working knowledge of DISA STIGs, SCAP content/ audit files, and CIS Benchmarks
Understanding of cloud service models (SaaS, PaaS, IaaS) and protections as described in FedRAMP security documentation
Experience reviewing FedRAMP authorization packages and understanding how to ensure customer responsibilities are addressed in accordance with the shared responsibility model
Experience with performing technical architecture reviews of complex systems
Knowledge of major cloud platforms (Azure/ Amazon Web Services [AWS]), virtualization, networking devices, web services, network security appliances, databases, and intrusion prevention/ anti-malware software
Knowledge of system and application security threats and vulnerabilities
Proficiency with Microsoft Office applications
Ability to prioritize and complete tasks efficiently and effectively
Comfortable working individually and as part of a team
Scripting ability (e.g., PowerShell, VBA) is a plus
Familiarity with the use of artificial intelligence (AI) tools such as chat technologies to enhance personal productivity
Responsibilities
Work closely with all levels of personnel, including system administrators, Information System Security Officers (ISSOs), and Authorizing Official (AO), to support FISMA systems through the Security Assessment & Authorization (SA&A)
Assess the confidentiality, integrity, and availability impact levels of information stored, possessed, and transmitted by systems to determine the FIPS 199 security categorization
Develop and maintain system security documentation throughout all phases of the NIST Risk Management Framework (RMF). This includes security categorizations, digital identity risk assessments, system security plans, system policy and procedures, privacy impact assessments, contingency plans, configuration management plans, incident response plans, vulnerability assessment reports, deviation requests, and any other documents necessary to support systems' authorization and continuous monitoring
Analyze risks identified during security control assessments and continuous monitoring activities in accordance with NIST SP 800-30, providing recommendations for mitigation remediation
Perform and document the results of vulnerability scans and configuration compliance checks against configuration standards such as DISA STIGs and CIS Benchmarks
Analyze FedRAMP security packages to document and assess customer responsibility for cloud-based services
Assist in the review of monthly continuous monitoring deliverables produced by Cloud Service Providers (CSPs) and annual assessments produced by third party assessors (3PAOs) in support of FedRAMP requirements
Create, track, and manage system Plans of Action and Milestones (POA&Ms)
Attend project meetings and collaborate with stakeholders to ensure security is addressed throughout the entire system lifecycle
#J-18808-Ljbffr