Mid Level Cyber Intelligence Analyst

Requisition #: 749

Job Title: Cyber Intelligence Analyst II | Exempt

Location: 6490 Saufley Field Road Building 2434Pensacola, Florida32509

Clearance Level: Active DoD - Secret

Required Certification(s)

• Secret clearance
• Minimum of HS diploma or GED, but Bachelor's degree is preferred
• DoD 8570 compliant IAM I Certification
  
  

Summary

The Naval Education and Training Command provides training and education to the Fleet in support of fleet readiness and Navy mission accomplishment. NETC develops the Naval Total Force (NTF) through education and training that builds personal, professional and leadership skills by tailoring training delivery to the individual and providing access when and where needed through optimal use of technology. The NETC Information Management/Information Technology (IM/IT) organization’s mission is to enable delivery of secure, affordable, next generation technologies and business capabilities for OPNAV N16, the NETC clamancy, and the Navy enterprise.

Provide support for the NETC IT Cyber Security Task Order. Agile Defense provides Cyber Security Support for Cyber Security Program, ISSM Support Services, and Cybersecurity and Audit Support. Completion is measured through deliverables, to include specific NETC documents and artifacts and monthly status reports, and routine performance updates between prime, subcontractor, and client.

Job Duties And Responsibilities

• Provide technical and engineering support in establishing/updating/maintaining policies and processes to include boundary defense (e.g., MDE, Host Based Security System (HBSS), SSIM, and MECM); access management groups (e.g., access, action, resource, and relationship groups); intrusion detection system (e.g., IDS, HIDS, WIDS); configuration management standards, practices, and settings affecting NETC boundary security that includes modifications to operating systems and network infrastructure including renewals or updates; and, firewall exceptions; governance of the response and coordination of security issues including cyber-attacks, classified and PII spillages, and security compromises; new technologies and technical solutions that affect local architecture, services, or perimeter boundary defense posture (e.g., firewall, proxy, domain name services (DNS), file servers, patching servers/applications, scanning servers/assets) with enterprise security impacts or implications; analysis for security policy changes and risk management, technical modifications and deployment to implement risk mitigation and develop compliance strategies; incidents, monitoring ES and incident management program to ensure identification, investigation, response, and recovery to operational status; Communications Security (COMSEC) program policies covering Communications Material Security (CMS) oversight responsibilities (will not require access to or management of COMSEC documents) are available and up to date, watch standing procedures are current and complied with, and cryptographic handling and emergency destruction procedures are followed.
• Maintain the security of information contained within the NETC domain, and the efficiency of projects or programs managed. Create/update/maintain the NETC Cyber Security Program Management (CSPM) policies including instruction, guidance, procedure documents, plans and processes which govern the enterprise CS program including:
• Risk Management Framework (RMF) Assessment & Authorization (A&A)
• Incident and Electronic Spillage Management
• Scanning
• Vulnerability Management
• A&E
• Audit and Compliance
• Inspection Readiness and Compliance
• CWF Management
• Risk Management (e.g. suspected or actual intrusion, denial of service, malicious code, unauthorized access, inappropriate use, and malware)
• Data Management and Protection
• Access Control, Boundary Security, and Enterprise Security Framework (ESF).
• Protect information from unauthorized access, disclosure, misuse, disruption or modification.
• Provide NETC targeted self-assessment projects where selected NETC entities are reviewed for the areas that would be included in a network inspection from authorities such as C10F/DISA.
• Perform assessments of enterprise information security architecture, processes, procedures, activities, and operations. Conduct risk assessments on systems, networks, CS processes, and operations.
• Identify, verify, and consolidate specific vulnerabilities, causes, analyze alternatives and identify appropriate corrective actions from each risk assessment conducted. Assess systems to determine security status and ensure adherence to CS policy, procedures and standards. Assess current CS processes and identify alternatives for overall CS improvements in enterprise processes. Streamline technical CS processes, analyze alternatives, validate technical solutions, and validate level of effort associated with projects and assigned tasks. Process, record, and track status of account requests, alt-token status (i.e., tokens requested, ordered, received), and PKI compliance for NETC users. Manage end user completion of CS education and awareness programs. Evaluate security systems according to industry best practices to safeguard information systems and databases.
• Evaluate Security Technical Implementation Guides (STIGs) as they are released from the Defense Information System Agency (DISA) to determine applicability to NETC systems and assets. Conduct investigations of security violations and breaches and analyze solutions, prepare reports, and provide analysis of alternatives summary to government management. Respond to queries and requests for computer security information and reports from NETC staff, site personnel, and customers. Perform analysis, fact-finding, and other documentation associated with CS/PII problems, issues, and resolutions as well as analyze input data and provide analysis. Develop CS procedures, processes, and process improvements. Analyze and identify corrective actions and validity of reports, documents, and products.
• Perform CS reviews as required of technician-generated checklists and scans of servers/systems IAW published Defense Information Systems Agency (DISA) and Department of Navy (DON) guidance.
• Review and apply DOD, DISA, DON and NETC CS policies regarding appropriate mitigation, remediation, and resolution of findings. Support resolution of findings or issues associated with periodic reviews/scans of servers/systems. Provide NETC Enterprise Cybersecurity and Audit support using the Risk Management Framework (RMF). Support NETC Enterprise audit and compliance assessments in support of NETC Training Delivery Services and Applications. Provide HBSS, ACAS, eMASS, and VRAM report summaries depicting NETC Enterprise compliance status for ATO, IAVM, CTO, NTD, NAVADMIN and STIG updates.
• Provide monthly and adhoc reports for NETC Enterprise compliance posture based on data within ACAS Security Center, VRAM, and HBSS. Provide NETC Enterprise/AIS monthly report on CTO, IAVM, and ATO status based on accreditation boundaries. Support NETC Enterprise CS Inspection reports and responses for pre-inspection, during inspection events, and post inspection activities. Support NETC Enterprise tracking of ATO conditions and POAM items to monitor compliance. Provide report and analysis summary of non-compliant or potential non-compliant cybersecurity areas of concern.
  
  

Qualifications

Required Certifications

• Secret clearance
• Minimum of HS diploma or GED, but Bachelor's degree is preferred
• DoD 8570 compliant IAM I Certification
  
  

Education, Background, And Years Of Experience

• Degree: Bachelor’s degree in information technology, computer science, mathematics, statistics, business, engineering, or physical science.
• Years of Experience: 6
• General Experience: Data Analysis, Statistical Analysis, Problem Solving, Content Management, Software and Network Programming.
  
  

Additional Skills & Qualifications

Required Skills

• Data Analysis, Statistical Analysis, Problem Solving, Content Management, Software and Network Programming.
  
  

WORKING CONDITIONS

Environmental Conditions

• Contractor site with 0%-10% travel possible. Possible off-hours work to support releases and outages. General office environment. Work is generally sedentary in nature, but may require standing and walking for up to 10% of the time. The working environment is generally favorable. Lighting and temperature are adequate, and there are not hazardous or unpleasant conditions caused by noise, dust, etc. Work is generally performed within an office environment, with standard office equipment available.
  
  

Strength Demands

• Light – 20 lbs. Maximum lifting with frequent lift/carry up to 10 lbs. A job is light if less lifting is involved but significant walking/standing is done or if done mostly sitting but requires push/pull on arm or leg controls.
  
  

Physical Requirements

• Stand or Sit; Walk; Repetitive Motion; Use Hands / Fingers to Handle or Feel; Stoop, Kneel, Crouch, or Crawl; See; Push or Pull; Climb (stairs, ladders) or Balance (ascend / descend, work atop, traverse).