RecruitMilitary Logo
Sign In

SECURITY ANALYST (INFOSEC - LEVEL IV) - Military Veterans

at Navy Exchange Service Command

Job Summary: Serve as a Senior Information Security Analyst Alternate ISSM with responsibility of developing maintaining and supporting NEXCOMs Information Assurance program and associated security controls within the NEXCOM Enterprise environment. Perform security assessments and associated reports. Maintain the NEXCOM IAVM program. Maintain compliance with current DoD DON cybersecurity policy. Processes and reviews of System Security Reviews SSR. Maintain DIACAPRMF accreditations for existing and future NEXCOM systems. Includes working with stakeholders both leadership and subject matter experts to build a holistic view of NEXCOMs strategy processes information and security posture.

Duties and Responsibilities: Incumbents must be U. S. Citizens Serves as mentor providing instruction and guidance to lower level InfoSec Analysts. Excellent analytical and problem solving skills. Maintaining and tracking IAVM program compliance. Review and document security assessments of computing environments through the SSR process to identify points of vulnerability and noncompliance with established Information Assurance IA standards and regulations Track FISMA Contingency Plan testing compliance. Assist CSWFPM with maintaining and tracking CSWF program compliance. Perform quarterly audit reviews and reporting. Expert with compliance and regulatory requirements such as DIACAP RMF PCI PII SOX. Complete weekly metric reports for Code IS. Analyze STIG and ACAS reports and advise system administrators on acceptable mitigation measures. Compile all required artifacts for DIACAP and RMF Authorization packages and work through obtaining an Authorization to Operate. Ensure security deficiencies identified during securitycertification testing have been mitigated corrected or a risk acceptance has been obtained by the appropriate authorized representative. Perform data security assessments including applications servers databases and other network components and associated processes against the PCI DSS standards to identify areas of noncompliance. Process and authorize NEXCOM system access through SAAR and PAA agreements. Provide system related input on IA security requirements to be included in statements of work and other appropriate procurement documents. Performs other related duties as assigned. Department of the Navy DON Cyber Information Technology Cybersecurity Workforce positions Cyber ITCSWF This position has been designated as a Cyber ITCybersecurity Workforce position in specialty area 72 and as a condition of employment incumbents of this position are required to comply with the DON Cyber ITCSWF Program requirements of SECNAV M5239.2 which include 1. Earn and maintain appropriate credentials from the Cyber ITCSWF Qualification Matrix described in SECNAV M5239.2 associated with the specialty area and level commensurate with the scope of major assigned duties for the position to which you are assigned and 2. Per SECNAVINST 1543.2 Cyber ITCSWF individuals shall participate annually in 40 hours of continuous learning CL activities to be documented in a current individual development plan IDP signed by both the employee and supervisor. 3. Required minimum Cybersecurity Credentials for this position are a. Education at least one of the following i. Graduate Degree from accredited University ii. CNSSI 4012 Senior Systems Manager OR b. Certification at least one of the following i. Certified Authorization Professional CAP ii. Certified Information Security Manager CISM iii. Certified Information Systems Security Professional CISSP iv. CompTIA Advanced Security Practitioner CASP ce v. GIAC Security Leadership Certification GSLC This position is designated IT1 Critical Sensitive in accordance with SECNAV M5510.30 and will require a favorable Single Scope Background Investigation SSBI. Candidates must be eligible for and obtain a Top Secret Clearance within 6 months of appointment. Failure to obtain will result in termination.

Requirements

Qualified candidates must be U.S. Citizens. A total of 7 years of experience consisting of the following

GENERAL EXPERIENCE Three years of experience performing certification and accreditation work which enabled the applicant to gain an in-depth understanding of accreditation processes methods and Department of the Navy DON policies required for accomplishing work the ability to analyze systems apply sound judgment in documenting technical details and resolving the problems presented and the ability to communicate effectively with others both orally and in writing.

OR SUBSTITUTION OF EXPERIENCE FOR EDUCATION One year of related academic study above the high school level may be substituted for 9 months of experience up to a maximum of a 4 year bachelors degree in Computer Science Cyber Security Information Technology or related field for 3 years of general experience.

AND SPECIALIZED EXPERIENCE Four years of experience in at least two of the following Security control assessments and reports Research and analysis of cybersecurity policy IT security compliance and reporting System risk analysis Drafting DIACAPRMF Authorization packages or one year experience at the next lowest level of this position. Department of the Navy DON Cyber Information Technology Cybersecurity Workforce positions Cyber ITCSWF This position has been designated as a Cyber IT Cybersecurity Workforce position in specialty area 72 and as a condition of employment incumbents of this position are required to comply with the DON Cyber ITCSWF Program requirements of SECNAV M5239.2 which include 1. Earn and maintain appropriate credentials from the Cyber ITCSWF Qualification Matrix described in SECNAV M5239.2 associated with the specialty area and level commensurate with the scope of major assigned duties for the position to which you are assigned and 2. Per SECNAVINST 1543.2 Cyber ITCSWF individuals shall participate annually in 40 hours of continuous learning CL activities to be documented in a current individual development plan IDP signed by both the employee and supervisor. 3. Required minimum Cybersecurity Credentials for this position are a. Education at least one of the following i. Graduate Degree from accredited University ii. CNSSI 4012 Senior Systems Manager OR b. Certification at least one of the following i. Certified Authorization Professional CAP ii. Certified Information Security Manager CISM iii. Certified Information Systems Security Professional CISSP iv. CompTIA Advanced Security Practitioner CASP ce v. GIAC Security Leadership Certification GSLC Candidates without the required credentials may be placed into this position but must obtain the required credentials within 6 months of appointment failure to obtain this requirement will result in termination of employment. This position is designated IT1 Critical Sensitive in accordance with SECNAV M5510.30 and will require a favorable Single Scope Background Investigation SSBI. Candidates must be eligible for and obtain a Secret Clearance within 6 months of appointment. Failure to obtain will result in termination.

Virginia Beach, VA

Salary Range
$0 to $91,520
Navy Exchange Service Command

The Navy Exchange Service Command (NEXCOM) is headquarters for the worldwide NEXCOM Enterprise. Our mission is to provide authorized customers with quality goods and services at a savings and to support quality of life programs for active duty military, retirees, reservists and their families.

NEXCOM oversees six primary business programs:

  • Navy Exchange (NEX) Retail Stores and Services
  • Navy Lodge Program
  • Uniform Program Management Office (UPMO)
  • Navy Clothing Textile and Research Facility (NCTRF)
  • Ships Stores Program
  • Telecommunications Program Office (TPO)
Similar Jobs