Mindbank Consulting Group has an immediate need for a junior-level Information Security Risk Specialist to work with the United States Navy to discover their cyber risks, understand applicable policies, and develop a mitigation plan. This opportunity is located in Virginia Beach, Virginia, is a 3.5-year contract to start, and is hybrid (2-3 days onsite per week). Candidates must be U.S. Citizens with an active Secret (or higher) clearance. IAT or IAM Level II Certification is required (see below for examples).
- Please read the description, responsibilities, and qualifications carefully. This position requires someone with policy experience as well hands-on technical experience.
The Information Security Risk Specialist will get technical, environmental, and personnel details from system and application SMEs to assess the entire threat landscape. The Information Security Risk Specialist will then help the team guide the client through a plan of action with presentations, whitepapers, and milestones. This is your opportunity to take an active role in information security while growing your skills in Risk Management Framework (RMF), Information Assurance, and Assessment and Authorization.
Work with us as we protect our military's training and education infrastructure.
Information Security Risk Specialist Responsibilities : Have you recently done this type of work?
Work on translating security concepts for the client so they can make the best decisions to secure their mission critical systems, infrastructure, and applications. Provide on-site CS / IA technical expertise in areas including Account Management, CS and Information Systems security policy, Incidents and Spillages, and IS Assessment and Authorization (A&A) utilizing the Risk Management Framework (RMF).Perform reviews on Security Plan artifacts to include System Contingency Plans, Incident Response Plans, Disaster Recovery Plans, Vulnerability and Patch Management Plans, and Privacy Impact Assessments.Participate in weekly communications with Navy Authorization Official (NAO) to discuss status of current NETC RMF Packages in review, upcoming packages, and implementation of any upcoming Navy RMF Practices.Conduct risk analysis from ACAS / Nessus vulnerability scans, compliance scans, DISA STIG Checklists, and other audit activities.Perform security testing and evaluation of applications against applicable security criteria using tools including ACAS, SCAP Compliance Checker, and DISA STIGs.Produce security testing reports, including Security Risk Assessment Reports detailing the findings noted during testing.Assist programs with completing security documentation to meet assessment and authorization requirements.Utilize eMASS to develop Security Plan, Security Control Documentation, upload Security Plan artifacts.Information Security Risk Specialist Qualifications : Candidates must meet these qualifications in order to be considered.
U.S. Citizen with an active Secret Clearance2 years of professional experience with DoD Cybersecurity, Information Assurance, and Risk Management Framework (RMF)Experience with system and network vulnerability analysis, risk assessment and risk mitigation analyses, contingency planning, and firewall policy, ports, and protocolsIAT or IAM Level II Certification such as Security CE, CISM, CISSP, or CASP CertificationHigh School diploma or GEDExperience with Xacta, eMASS, ACAS, VRAM, HBSS, and Altiris is a plusNavy experience is a plus
