Information Assurance Security Specialist Job Description
Information Assurance Security Specialist Duties & Responsibilities
To write an effective information assurance security specialist job description, begin by listing detailed duties, responsibilities and expectations. We have included information assurance security specialist job description templates that you can modify and use.
Sample responsibilities for this position include:
Information Assurance Security Specialist Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Information Assurance Security Specialist
List any licenses or certifications required by the position: IAT, III, PKI, II, IA, CISSP, IAM, ITIL, SRR, DOD
Education for Information Assurance Security Specialist
Typically a job would require a certain level of education.
Employers hiring for the information assurance security specialist job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Master's Degree in Computer Science, Technical, Education, Information Systems, Science, Computer, Engineering, Information Technology, Information Assurance, Computer Information Systems
Skills for Information Assurance Security Specialist
Desired skills for information assurance security specialist include:
Desired experience for information assurance security specialist includes:
Information Assurance Security Specialist Examples
Information Assurance Security Specialist Job Description
- Develop Cybersecurity policies, procedures, and best practices
- Identify all applicable Security Technical Implementation Guides (STIGs) for the managed networks and track their implementation
- Assist in the implementation of IA/CS and network security best practices when addressing IA/CS and network security issues that are not specifically addressed by documentation from one of the sources cited in the preceding section
- Provide and support information assurance requirements
- Support cyber security mission requirements, as necessary
- Administer Cross Domain Solutions
- Provide lifecycle project management analysis
- Perform rigorous audits on information technology, including all applicable systems and processes
- Prepare documentation such as Risk Assessment Report, System Security Plans, Security Assessment Reports, PCI, and Penetration Testing Reports
- Manage Vulnerability and Patch Management Process performed by suppliers
- Experience in Intrusion Detection/Intrusion protection
- Experience with tools such as ArcSight, AppDetective Pro, ArcGIS+, steetmap, or Centrify
- Experience with managing, monitoring and administration of Cross Domain Solutions
- Applicants will have a strong understanding of NIST, CIS, PCI, and other industry standard information security and assurance frameworks
- Be able to create and add user defined signatures, or custom signatures, in order to compensate for the lack of monitoring in threat areas, as warranted by threat changes, or as directed by the FBI
- Determine if a critical system or data set has been impacted
Information Assurance Security Specialist Job Description
- Support Risk management reporting and actions identified within our Information Security Risk register
- Define deliveries affecting PCI-DSS scope
- Ensure smooth transition from Project into Business-as-usual, and defining Assurance schedules so we can evidence good security management with internal and external stakeholders
- Ensure all new and existing service providers are part of an Assurance schedule evidencing how Information Security and Data protection contractual requirements are being met, so we can evidence the same to Senior management and customers
- Report on meeting requirements according to applicable KPIs and SLAs
- Support resolution of security incidents, ensure on-going security policy compliance and support security strategy implementation
- A Degree or equivalent experience in ICT domain (Software Development experience desirable)
- Security certifications, like CEH, CISSP, CISM, SSCP, ISO 27001 Auditor
- Formal qualification in Information Security domain or equivalent experience desirable
- Provide an accounting of hardware and support life-cycle to both Senior Management and the Customer of the existing IT infrastructure
- Security credential's in accordance with DoDI-8570.01M
- Security Plus or equivalent
- Secret clearance - The selected applicants will be subject to a security investigation and must meet eligibility requirements for access to classified information
- 7 - 15 years of directly related work experience preferred
- Experience with scripting using Python or equivalent preferred
- Interest in Software Defined Networking preferred
Information Assurance Security Specialist Job Description
- Develop and maintain supporting documentation for new networks, systems, and technologies as they are introduced into the SIE
- Develop and review the A&A of SIE networks, systems, services, devices, hardware, and software using the DoD & IC RMF to obtain an Authority to Operate (ATO), Interim Authority to Test (IATT), or Authority to Connect (ATC)
- Perform risk and vulnerability assessments of IT and IS for accreditation
- Track and maintain A&A databases, web sites and tools to ensure that networks, systems and devices are properly documented and managed from a security perspective
- Ensure timely notifications are made to responsible individuals and organizations in order to prevent lapses in accreditations (e.g., 30, 60, and 90 day notices)
- Coordinate with USCYBERCOM, DoD, DIA, NSA, DISA, and subordinate organizations to support the resolution of issues with security, A&A, connection approvals, and waiver requests
- Assist USSOCOM, its Component Commands, TSOCs and deployed forces with the enforcement of A&A, DoD, DIA, USSOCOM, Component Command, TSOC, and deployed forces’ connection standards for networks and systems
- Develop and maintain an Information Security Continuous Monitoring (ISCM) Plan
- Perform network security authorization, the application and execution of policy, including project management support services
- Provide DoD & IC RMF subject matter expertise to USASOC, its Component Commands, deployed forces and their delegates, including other Contractors, and assist with the development and execution of the RMF program at USASOC, its Component Commands, and deployed forces
- Experience with configuring and monitoring network attached security appliances and products to include Firewalls and other IDS/IPS products on a large enterprise network preferred
- Bachelors and 9 years or Masters and 7 years
- Must have active TS/SCI security clearance with current CI-Poly
- Knowledgeable of DoD 8510.01 Department of Defense Instruction Number 8510.01 Dated March 12
- AA or BS Degree in Information Assurance, Cyber Security, Incident Response, Security Management, or discipline directly related to Cyber Security
- Ability to create, modify and manage objects within Active Directory
Information Assurance Security Specialist Job Description
- Maintain, track, and validate DISN and DIA connection approval packages, including those from USASOC, its Component Commands, and other subordinate organizations
- Assist USASOC, its Component Commands, and deployed forces with the enforcement of A&A, DoD, DIA, USASOC, Component Command, and deployed forces’ connection standards for networks and systems
- Provide dedicated, on-site support for Cybersecurity policy, plans, and procedures
- Develop, publish and review Cybersecurity policy and guidance, to include SOPs, TTPs, policy memorandums, directives, instructions, manuals, Task Orders, CONOPs, COOPs, ISAs, MOAs, and MOUs
- Notify the appropriate USSOCOM, Component Command, TSOC and deployed forces’ Government personnel about Cybersecurity-related incidents, threats, and other general information (e.g., fake web sites, banking and phishing scams) in a timely manner
- Manage Cybersecurity information in a way that provides ready access for rapid correlation, analysis, and dissemination
- Assist USSOCOM, its Component Commands, TSOCs, and deployed forces with collaborative Cybersecurity planning and operations
- Disseminate Cybersecurity information to decision makers, to the Computer Network Defense (CND), Network Operations (NetOps), and information operations communities, to support planning, operations, and other related activities
- Evaluate guidance from higher headquarters, coordinate applicable implementation by USSOCOM, its Component Commands, TSOCs and deployed forces, and draft recommended direction
- Provide dedicated, on-site support for Cybersecurity reporting
- Experience with HPE ArcSight auditing appliance/function a plus
- Compile metrics and create Cybersecurity reports for CTOs, IAVM, FISMA, DoD, USCYBERCOM, NSA, DISA, and DIA compliance reporting
- Track IAVM, CTO, and Warning Order (WARNORD) Compliance
- Analyze trends and publish summary reports at least monthly
- Report metrics in support of IA compliance requirements
- Comply with the IT System Rules of Behavior and report any potential violations of the Rules of Behavior to the Government Computer Security Incident Response Team
Information Assurance Security Specialist Job Description
- Develop, update, and maintain corporate IT security policies and procedures
- Ensures that the Information Systems Security department's policies, procedures, and practices other systems user groups are in compliance
- Provide Cyber Security and Cyber Risk expertise to the Sponsor, to include best practice approaches, research on specific topics, modeling techniques, analysis and prioritization of proposed mitigation
- Provide Information Security Controls and guidelines to nodes and network management systems
- Maintain network/system access and password controls
- Collate and analyze audit trail data
- Assess configuration changes for security impacts
- Perform system administration functions to include, but not limited to, documenting the security architecture
- Develop user security guidelines and SOPS
- Perform functions as required in support of the DoD Instruction 8510.01 “Risk Management Framework (RMF) for DoD Information Technology (IT),” March 12, 2014 and DISAI 630-230-19
- 6+ years experience in information assurance/AGFT lab
- 1-2 years of experience in a position focused on the assessment and design of infrastructure risk and controls (governance, tools, and processes)
- 3-4 years’ experience in a network administration, systems administration or systems engineering role
- Demonstrated ability to interact and communicate effectively with various IT managers and staff
- Prior experience in IT Risk Management or IT Operations strongly desired
- Database Management Software (Desired)