Agil3 Technology Solutions (A3T)
Theatre Vulnerability Analyst
Agil3 Technology Solutions (A3T), Honolulu, Hawaii, United States, 96815
Theatre Vulnerability Analyst
Agil3 Technology Solutions, LLC (A3T), a small, Women-Owned, Service-Disabled Veteran-Owned, and 8(a) Small Disadvantaged Business, delivers expert-level information systems and cybersecurity solutions to federal, state, and private sector clients. We are seeking a highly skilled Theatre Vulnerability Analyst to provide expert support, analysis and research into exceptionally complex problems, and processes relating to Theater Vulnerability Management. Job Duties Analyzes AOR cyber security posture reports. Provides cyber units expertise and fix action guidance. Interfaces with base cyber units and provides leadership a depiction of Wings ability to: Scan Assured Compliance Assessment Solution (ACAS) Mitigate (via MS System Center Configuration Management (SCCM)/MS Endpoint Configuration Manager (MECM)), and Maintain Host Based point products mandated by the DoD (End Point Security formerly known as HBSS). Maintains proficiency on current and future End Point Security assessment tools. Assists cyber field support team with Vulnerability Management (VM). Provides and/or coordinates vulnerability mentor training (virtual or on-site) to bases as requested. Creates and maintains cyber security/VM management training documentation. Interfaces with cybersecurity technicians/ISSMs to maintain up-to-date reporting to keep operations compliant. Coordinates with Vulnerability Management teams upon scan result analysis. Identify patching issues/troubleshooting way ahead. Produce report to chain of command informing of patching status. Maintains command wide SCCM and MECM health status. Analyzes and produces command wide NIPRNet & SIPRNet weighted vulnerability indicator scores. Produces and disseminates cybersecurity/vulnerability reports to staff containing current security posture. Utilizes CORA reports from the DISA J3 website on SIPRNet to advise Cybersecurity staff of findings and level of risk. Assists with cyber operations briefs by preparing and briefing command-wide statuses to the Director of Air and Cyberspace Operations. Creates and conducts compliance update briefs on command wide cyber security status and assist with troubleshooting cyber security short falls. Assists with creating TASKORDs to raise cyber security posture. Tracks status of VM POAMs until completion and reports at risk POAMs to leadership. Augments CRR-M team as required. Maintains Internet Protocol (IP) space and asset lists to cover 100% base assets. Maintains MAJCOM ACAS Account with auditing role in order to analyze and produce vulnerability metrics. Maintains SIPRNet PROD Account in order to provide command wide SCCM/MECM patching analysis on SIPRNet. Maintains ELICSAR Account for situational awareness of cybersecurity toolsets used. Maintains AFNET Compliance Tracker Account in order to maintain situational awareness of CTOs, MTOs, TCNOs pertaining to vulnerability management. Provides Government Representative Contract Personnel Roster Updates to contractor availability Contract Invoices & Funding Expenses Monthly Status Report (MSR) Contractor's Non-Disclosure Agreements (NDA) Kick-Off Brief & Close-Out Brief Transition Brief Assistance with processing contractors travel requirements Track contract Labor/Events/Workload/Travel schedule & expenses Metrics of Program for Yearly Closeout Provides Cybersecurity SME contractors assistance with: Common access Card (CAC) ID processing and renewals Building Badge processing and renewals DD254 TS/SCI processing and renewals Synchronized Pre-deployment and Operational Tracker (SPOT) processing. Financial preparation Letters of Identification Travel Estimates/Schedule Ensure all contractors follow all applicable commercial, and government/military standards which include, but are not limited to the following: Department of Defense Instruction 8500.01, Cybersecurity Department of Defense Instruction 8510.01, RMF for DoD Systems Committee on National Security Systems Instruction 1253, Security Categorization and Control Selection for National Security Systems National Institute of Standards and Technology Special Publication 800-53, Security and Privacy Controls for Federal Information Systems and Organizations National Institute of Standards and Technology Special Publication 800-53A, Guide for Assessing the Security Controls in Federal Information Systems and Organizations: Building Effective Security Assessment Plans National Institute of Standards and Technology Special Publication 800-39, Managing Information Security Risk: Organization, Mission, and Information System View National Institute of Standards and Technology Special Publication 800-30, Guide for Conducting Risk Assessments All applicable DISA STIGs and Security Review Guides (SRGs) Air Force Instruction (AFI), 17-130 Cyber Security Program Management AFI 17-101, RMF for Air Force Information Technology (IT) AFI 17-110, Information Technology Portfolio Management and Capital Planning and Investment Control General Job Requirements TS/SCI security clearance DoD 8570.1-M certified at IAT Level 3 - Anyone (1) of the following: CASP+ CE CCNP Security CISA CISSP (or Associate) GCED GCIH CCSP 2-3 years of experience and the skills required to execute Federal, National, DoD, USAF CIO, and US State Department Requirements to be able to assess cyber risk, identify mission sets, and defend the mission. 2-3 years of experience of applying, assessing, and advising MAJCOM staff and Wings on cybersecurity requirements. Understand the AF Cyber architecture and MOBs and GSUs roles. Ability to travel to MOBs and GSUs to conduct duties and responsibilities - at a minimum of 40% of the time. Certificates of completion for the following training: Level 1 Anti-Terrorist Training - within the past year Level A Survival, Evasion, Resistance, and Escape (SERE) Training - within the past 1-2 years USFK Training - no time requirement (only required to be taken once) DoD Cyber Awareness Challenge - within the past year Operations Security (OPSEC) Awareness - within the past year Derivative Classification IF103.16 - within the past year Force Protection - within the past year COR will provide update website addresses to the above that may change. 3-4 years of experience conducting Network Vulnerability Engineering functions. Expertise in the following DoD, AF, DISA, NIST, NIAP and processes: 3-4 years of experience of DoD approved Scanning Tools (e.g., ACAS) 3-4 years of experience of Microsoft SCCM & MECM Familiarization of End Point Security Point Product requirements Ability to analyze and develop cyber vulnerability information into an understandable presentation. Proficiency in Microsoft Office Suite products and SharePoint collaborative tools to build trend analysis. In-depth experience with DISA STIGs and by-product analysis. Threat Vulnerability Analyst Skills, Knowledge, and Abilities
Agil3 Technology Solutions, LLC (A3T), a small, Women-Owned, Service-Disabled Veteran-Owned, and 8(a) Small Disadvantaged Business, delivers expert-level information systems and cybersecurity solutions to federal, state, and private sector clients. We are seeking a highly skilled Theatre Vulnerability Analyst to provide expert support, analysis and research into exceptionally complex problems, and processes relating to Theater Vulnerability Management. Job Duties Analyzes AOR cyber security posture reports. Provides cyber units expertise and fix action guidance. Interfaces with base cyber units and provides leadership a depiction of Wings ability to: Scan Assured Compliance Assessment Solution (ACAS) Mitigate (via MS System Center Configuration Management (SCCM)/MS Endpoint Configuration Manager (MECM)), and Maintain Host Based point products mandated by the DoD (End Point Security formerly known as HBSS). Maintains proficiency on current and future End Point Security assessment tools. Assists cyber field support team with Vulnerability Management (VM). Provides and/or coordinates vulnerability mentor training (virtual or on-site) to bases as requested. Creates and maintains cyber security/VM management training documentation. Interfaces with cybersecurity technicians/ISSMs to maintain up-to-date reporting to keep operations compliant. Coordinates with Vulnerability Management teams upon scan result analysis. Identify patching issues/troubleshooting way ahead. Produce report to chain of command informing of patching status. Maintains command wide SCCM and MECM health status. Analyzes and produces command wide NIPRNet & SIPRNet weighted vulnerability indicator scores. Produces and disseminates cybersecurity/vulnerability reports to staff containing current security posture. Utilizes CORA reports from the DISA J3 website on SIPRNet to advise Cybersecurity staff of findings and level of risk. Assists with cyber operations briefs by preparing and briefing command-wide statuses to the Director of Air and Cyberspace Operations. Creates and conducts compliance update briefs on command wide cyber security status and assist with troubleshooting cyber security short falls. Assists with creating TASKORDs to raise cyber security posture. Tracks status of VM POAMs until completion and reports at risk POAMs to leadership. Augments CRR-M team as required. Maintains Internet Protocol (IP) space and asset lists to cover 100% base assets. Maintains MAJCOM ACAS Account with auditing role in order to analyze and produce vulnerability metrics. Maintains SIPRNet PROD Account in order to provide command wide SCCM/MECM patching analysis on SIPRNet. Maintains ELICSAR Account for situational awareness of cybersecurity toolsets used. Maintains AFNET Compliance Tracker Account in order to maintain situational awareness of CTOs, MTOs, TCNOs pertaining to vulnerability management. Provides Government Representative Contract Personnel Roster Updates to contractor availability Contract Invoices & Funding Expenses Monthly Status Report (MSR) Contractor's Non-Disclosure Agreements (NDA) Kick-Off Brief & Close-Out Brief Transition Brief Assistance with processing contractors travel requirements Track contract Labor/Events/Workload/Travel schedule & expenses Metrics of Program for Yearly Closeout Provides Cybersecurity SME contractors assistance with: Common access Card (CAC) ID processing and renewals Building Badge processing and renewals DD254 TS/SCI processing and renewals Synchronized Pre-deployment and Operational Tracker (SPOT) processing. Financial preparation Letters of Identification Travel Estimates/Schedule Ensure all contractors follow all applicable commercial, and government/military standards which include, but are not limited to the following: Department of Defense Instruction 8500.01, Cybersecurity Department of Defense Instruction 8510.01, RMF for DoD Systems Committee on National Security Systems Instruction 1253, Security Categorization and Control Selection for National Security Systems National Institute of Standards and Technology Special Publication 800-53, Security and Privacy Controls for Federal Information Systems and Organizations National Institute of Standards and Technology Special Publication 800-53A, Guide for Assessing the Security Controls in Federal Information Systems and Organizations: Building Effective Security Assessment Plans National Institute of Standards and Technology Special Publication 800-39, Managing Information Security Risk: Organization, Mission, and Information System View National Institute of Standards and Technology Special Publication 800-30, Guide for Conducting Risk Assessments All applicable DISA STIGs and Security Review Guides (SRGs) Air Force Instruction (AFI), 17-130 Cyber Security Program Management AFI 17-101, RMF for Air Force Information Technology (IT) AFI 17-110, Information Technology Portfolio Management and Capital Planning and Investment Control General Job Requirements TS/SCI security clearance DoD 8570.1-M certified at IAT Level 3 - Anyone (1) of the following: CASP+ CE CCNP Security CISA CISSP (or Associate) GCED GCIH CCSP 2-3 years of experience and the skills required to execute Federal, National, DoD, USAF CIO, and US State Department Requirements to be able to assess cyber risk, identify mission sets, and defend the mission. 2-3 years of experience of applying, assessing, and advising MAJCOM staff and Wings on cybersecurity requirements. Understand the AF Cyber architecture and MOBs and GSUs roles. Ability to travel to MOBs and GSUs to conduct duties and responsibilities - at a minimum of 40% of the time. Certificates of completion for the following training: Level 1 Anti-Terrorist Training - within the past year Level A Survival, Evasion, Resistance, and Escape (SERE) Training - within the past 1-2 years USFK Training - no time requirement (only required to be taken once) DoD Cyber Awareness Challenge - within the past year Operations Security (OPSEC) Awareness - within the past year Derivative Classification IF103.16 - within the past year Force Protection - within the past year COR will provide update website addresses to the above that may change. 3-4 years of experience conducting Network Vulnerability Engineering functions. Expertise in the following DoD, AF, DISA, NIST, NIAP and processes: 3-4 years of experience of DoD approved Scanning Tools (e.g., ACAS) 3-4 years of experience of Microsoft SCCM & MECM Familiarization of End Point Security Point Product requirements Ability to analyze and develop cyber vulnerability information into an understandable presentation. Proficiency in Microsoft Office Suite products and SharePoint collaborative tools to build trend analysis. In-depth experience with DISA STIGs and by-product analysis. Threat Vulnerability Analyst Skills, Knowledge, and Abilities