Back to All Jobs
Montgomery, AL, US
26 days ago
ACAS System Security Compliance Administrator - AFINC

ACAS System Security Compliance Admin\n

Full Time Montgomery, AL\n

Secret clearance\n

Overview:\n

The AFINC III contract supporting the 26th\u202fNetwork Operations Squadron (26NOS) is searching for qualified candidates for a position of\u202f Junior or Mid-Level ACAS System\u202fSecurity Compliance Administrator (depending upon experience). We are seeking an individual for information system administration with a strong cybersecurity knowledge to carry out Vulnerability Assessment Analyst tasks. \n

Responsibilities:\n\nOperates the security and compliance baseline configuration, inventory, and best practices for the vulnerability management solution (VMS) deployed across multiple unclassified and classified network locations supporting the implementation for Tenable products within Assured Compliance Assessment Solution (ACAS) including .SC (SecurityCenter\u2122) and Nessus\u00ae scanners; Also 2.0 Architecture Components: Nessus Networking Monitor (NNM), Nessus Manager and Nessus Agents use cases.\nWork in concert with other Tenable users, operators, integrator, and IA personnel responsible for security compliance within operations and maintaining the ACAS program in multiple enclaves.\nWill work alongside SA\/ENAT team members to implement tailored security compliance reports, collections, distributions, and separate asset management solutions of dynamic and static lists.\nCandidate will coordinate system activities such as deploying, configuring, monitoring, tuning, upgrading, and troubleshooting Tenable components spanning local, remote, and complex environments.\nAssist in meeting compliance requirements while conforming to security standards to aide in reducing gaps in cyber security risk exposure.\nRecord configurations, conduct assessments and submit suggestions to scan schedule(s), scanners scan zones, repository management, chart Credentials >Assets >Scans >Reports >Dashboards.\nAssist with installation\/maintenance of configuration files, custom security policies, plug-ins, signatures, certificates, STIGs and checklist configuration audits; Create\/edit\/customizing Nessus compliance \".AUDIT\" files to align compliance scans to add vulnerability discovery capabilities into ACAS system\nResponsible for supporting and ensuring external deliverables: DISA\/Continuous Monitoring and Risk Scoring (CMRS), importing vulnerability and security audit plug-ins, DoD Patch Repository Defense Asset Distribution System (DADS), build\/maintain vulnerability and audit repositories.\nAssist in mapping scan zones, scanners, subnets to include experience leveraging asset management solutions and enterprise network application tools such as Forescout, SolarWinds Orion, McAfee Endpoint Security Solutions (ESS) and\/or Microsoft Endpoint Configuration Manager (MECM)\nImplement\/create and streamline report dashboard designs, automated custom email report notifications, report repositories for each environment that are specific to the following audiences: Leadership & Executives; Cybersecurity Staff; System Administrators; Application Maintainers\nFollow established change management process, systems access, implement changes or configuration, and test changes. Apply expertise in system administration, information security, and infrastructure to enhance established policies and procedures, operations, and implement best practices in environments.\nRack and provision government furnished equipment (GFE) servers when applicable.\nContinuously assesses current ACAS implementations for scans, assets, analysis, and permissions.\nAssist with validation and sustainment of documentation such as Security Plans, Network Address Declaration (NAD), security groups\/roles\/permissions and\/or zones\/credentials\/scans.\nDocument ACAS systems for each network to include IP address, Fully Qualified Domain Name (FQDN), DNS entries, Role Based Access Controls (RBAC), service accounts, certifications, licenses, and physical\/virtual location of each component.\nDeploy and manage Nessus Agents to servers across environment if and where applicable.\nEnsures networks receive periodic updates from AFCYBER-released software patches, updates, and upgrades via Time Compliance Technical Orders (TCTO), Time Compliance Network Orders (TCNO), Maintenance Tasking Order (MTO) and Notices to Airman (NOTAMs)\nResponsible to assist\/troubleshoot schedule scans are covering 100% of intended targets ensuring timely and accurate scanning and reporting per PMO, IA and DoD policies and orders.\nMaintains the Nessus scanners connectivity with the associated Tenable.sc (formerly SecurityCenter)\nProvide cyber security staff scanning capability and system administration continuity.\nMaintain effective communications with other external and internal teams essential to ACAS operations.\nCreate\/maintain\/implement custom security policies in line with DISA ACAS best practice guidance.\nAssist AF Cyber personnel with the DISA Information Assurance Vulnerability Management (IAVM) programs, cybersecurity toolsets, and Operation Order (OPORD)\/Fragmentary Order (FRAGO) support.\nPerform systems analysis, design review, integration of complex system applications.\nEnsure external networks receive cybersecurity inventory reporting for compliance data via ACAS to DISA CMRS, Splunk logging and DoD Enterprise Logging Ingest and Cyber Situational Awareness Refinery (ELICSAR) Big Data Platform (BDP).\nParticipate in all phases of the Vulnerability Management (VM) life cycle with emphasis on the scan, patch, rescan and reporting phases.\n\n

Qualifications\/Requirements:\n

Candidate should have 1 to 4 years of years of hands-on experience in:\n\nACAS and\/or Tenable.sc (SecurityCenter) or Tenable Nessus products\nFamiliarity using ACAS or Tenable .SC\/Nessus best practices.\nLinux-based (RHEL) or Windows operating systems support with experience in mid-to-large enterprise data center environment; familiarity with network patch\/update management.\nExposure interacting with virtualized environments (VMware vSphere, ESXi)\nMust have experience setting up and executing Tenable Nessus scans, review scan data, assess reports and trends through SC interface; determine whether a completed scan provide valid results, and ensure reports\/dashboards meet customer needs and expectations.\nAbility to install and patch operating systems, applications, and document Department Information Systems Agency (DISA) Security Technical Implementation Guidelines (STIGs) \/ Security Requirements Guide (SRG), applicable to each Non-classified or Secret Internet Protocol (IP) Router Network (NIPRNet, SIPRNet) environment for all ACAS implementations.\nDemonstrate advanced diagnostics, analytical, critical thinking and troubleshooting skills.\nPassion for continuous learning in IT data protection and technical\/infrastructure technologies\nAbility to manage, evaluate and prioritize workload to accommodate and align with business objectives, security concerns, and costs.\nAny scripting experience: Bash, Perl, PowerShell, Python, Nessus Attack Scripting Language (NASL)\nDisaster Recovery - knowledge in risk reduction, hot\/warm site DR architecture\nKnowledge of data communications, local-area networking (LAN), wide-area networking (WAN), VoIP, routers, switches, and firewalls\nAdvanced networking concepts, VLAN, trunking and port channel\nThorough understanding of Internet Protocol (IP) routing, switching, and OSI model\nPossess refined critical thinking skills, should be a motivated self-starter, and multi-task capable.\nGood communication and interpersonal skills; Ability to follow policies and procedures.\n\n

Education\/Certification(s):\n\nTechnical degree, Associates or, bachelor's degree in computer science\/information systems, S.T.E.M. or 2-4 years' relevant experience in Information Technology preferably systems or applications administration\n\n

All ACAS personnel will attend and complete the ACAS Operator and Supervisor Course once they have started on contract as soon as available from DISA.\n

There are two required certifications for this position, that must be held prior to starting on the contract.\n

Requires one of the following DoD 8570.01-M Information Assurance Technical (IAT) Level II certification to begin on contract:\n\nCompTIA Security+ CE (Continuing Education)\n\n\nCompTIA Cybersecurity Analyst (CySA+) CE (Continuing Education)\n\n\n(ISC)\u00b2 Systems Security Certified Practitioner (SSCP)\n\n\nGIAC Global Industrial Cyber Security Professional (GICSP)\n\n\nGIAC Security Essentials Certification (GSEC)\n\n\n(ISC)\u00b2 Systems Security Certified Practitioner (SSCP)\n\n

Requires the following Computing Environment\/Operating System (CE\/OS) to begin on contract:\n\nMicrosoft Certified: Identity and Access Administrator Associate;\n\n\nMicrosoft Endpoint Administrator Associate;\n\n\nMicrosoft Certified: Azure Administrator Associate;\n\n\nLinux Foundation Certified System Administrator (LFCS);\n\n\nLPIC-1 or Linux+\n\n

Clearance:\u202f\n\nActive DoD\u202fSecret\u202frequired or ability to complete investigation process for interim with potential to upgrade to Top Secret clearance preferred.\n\n

About Semper Valens Solutions:\n

Semper Valens Solutions, Inc. (SVS) is a Service-Disabled Veteran Owned Small Business (SDVOSB) providing Cost Effective Software and Systems Engineering, Field Support, Training and Full Life cycle Support Management to the DOD and VA community.\n

At Semper Valens, our vision is to remain a creative, cutting edge and cost-effective solutions provider where our shared intellect, industry experience, and technology excellence, make a positive difference in our customer's success. Our solutions help bridge the gap between IT and business prioritizations to optimize budgets, risks, and operational processes.\n

We search for outstanding technical professionals, hiring at all levels of the experience spectrum; intermediate, journeyman and senior. Consider us for your career plan.\n

Semper Valens Solutions is an Equal Opportunity Employer\n

Semper Valens Solutions proactively fulfills its role as an equal opportunity employer. We do not discriminate against any employee or applicant for employment because of race, color, sex, religion, age, sexual orientation, gender identity and expression, national origin, marital\/parental status, pregnancy\/childbirth, or related conditions, physical or mental disability, genetic information, status as a Disabled Veteran, Recently Separated Veteran, Active-Duty Wartime or Campaign Badge Veteran, Armed Forces Services Medal, or any other characteristic protected by law.\n

If you require a reasonable accommodation to apply for a position with Semper Valens Solutions through its online applicant system, please contact Semper Valens Solutions Human Resources Department at (830) 899-6870.\n

Semper Valens Solutions is an affirmative action\/equal opportunity employer - minorities, females, disabled, and protected veterans are urged to apply. Applicants have rights under Federal Employment Laws.\n

All Jobs at Semper Valens Solutions: https:\/\/sempervalens.com\/careers

Show More
Save & Apply Later Applying Later... Click to ApplyI AppliedDidn't Apply
Confirm your E-mail: Send Email
Apply for this job
All Jobs from Semper Valens Solutions
17 Semper Valens Solutions jobs in Montgomery, AL 17 Semper Valens Solutions jobs in Alabama 65 Semper Valens Solutions jobs in US
Search Jobs Apply Later
Processing Unique Jobs for You: