Senior Mobile Information Assurance/Security Analyst
Location
Manassas, VA | United States
Job description
Job TitleSenior Mobile Information Assurance/Security Analyst
PositionFull Time ,W2 in Manassas, VA
Minimum/General Experience7+ years of experience in DoD environment/ 5 years of experience mobile security technology
Functional ResponsibilityPosition Description/Tasks to be Performed:
- Apply knowledge of DoD security standards to develop, evaluate and enhance mobile security requirements, policy and tools.
- Provide information assurance support for the development and implementation of security architectures to meet new and evolving security requirements.
- Analyze policies and procedures against Federal laws and regulations and provides recommendations for closing gap.
- Complete Application Security Development (ASD) assessments both as a regular part of product lifecycles, and on demand in support of Certification and Accreditation (C&A) events.
- Conduct source code review using static (e.g. HP Fortify, Synopsys Coverity) and dynamic (e.g., fuzzers, Burp, ZAP) assessment tools.
- Evaluate the customer’s ASD processes and procedures for compliance with DoD Cybersecurity requirements (DISA ASD STIG).
- Test discovered vulnerabilities to determine full scope and impact.
- Perform data consolidation and analysis on test results based on NIST Risk Assessment methodology (SP 800-30 rev 1), documenting the results in standardized test artifacts.
- Research appropriate technical and/or procedural recommendations to improve the security state of the customer’s products.
- Present analysis and recommendations through formal reporting, both written and verbal, to developers and senior stakeholders.
Skills & Experience:
- In-depth knowledge of DoD IA policies
- Experience with DoD or Federal compliance testing methodologies (e.g. Common Vulnerability Scoring System, NIST Risk Management Framework)
- Experience with reviewing, understanding and assessing DoD Cybersecurity requirements related to software security (e.g. DISA ASD STIG, DoD Directive 8500.01E, NIST Special Publication 800-53)
- Experience with various mobile operating systems (iOS, Android) and common threat mitigation technologies
- Experience with DIACAP, DoD RMF or Federal Certification and Accreditation Processes for IT systems.
- Knowledge of emerging technologies, standards, and best practices
- Must be able to work effectively and efficiently in a collaborative environment
- Excellent verbal and written English communication skills
- Strong attention to detail, organization, and time/project management skills
- Ability to thrive in a fast-paced environment
- Strong analytical skills
The Ideal Candidate: Will possess 7+ years of Cyber-Security/IA experience operating in the .mil environment with at least 5 years of experience with mobile security. In addition, the individual must be certified in accordance with the 8570.01M at the IAT-2 level, have knowledge and understanding of DoD instructions 8520.02 and 8500.01. The individual must be familiar with the integration of Cyber-Security requirements throughout the entire Program Life Cycle from early requirements definition through delivery, operations, and decommissioning. Have knowledge applying NIST 800-53 controls, DISA Security Technical Implementation Guides (STIGs) and NSA Guides regarding configuration standards for DOD IA and IA-enabled devices/systems.
Minimum Education- BA/BS degree or higher in a technology related field. Additional years of experience may be substituted for education.
- CISSP certification is a plus
Related articles
About DeAnna Davidson
| |
Job tags
Salary