Information Security Analyst

Overview

Goldbelt Integrated Logistics Services (GbILS) provides four specific areas of expertise-Logistics Engineering, Measurement Sciences, Program Management, and Technical Support-serving the scientific, technical, and engineering needs of clients. GbILS values its innovative thinking and service-oriented team who provide services for a variety of federal government and commercial clients.

Summary:

Goldbelt Integrated Logistics Services is looking for an Information Security Analyst to provide onsite support for our government customer located in the Washington DC Metro Area. The Security Analyst shall provide Cybersecurity services in support of the C5ISC Engineering Services Division (ESD) Information Assurance Branch (IAB). The Security Analyst shall act as the Information Systems Security Officer and shall provide cybersecurity audits, reviews and recommendations to assist the customer in maintaining accreditation for network and enterprise system as designated. This includes validation of POA&M content submitted by the area of responsibility (AOR) for weakness remediation; ensuring POA&Ms are submitted via proper channels; providing reports and status tracking of remediation efforts; work with the AOR as needed to ensure items are completed in a timely manner and to gather appropriate artifacts for closure; and identifying POA&Ms that will need waivers or risk acceptance. Utilize DOD/ USCG and industry-standard security practices and policies to conduct detailed vulnerability assessments and implement recommended security safeguards to protect all CG IT assets.

Responsibilities

Essential Job Functions:

• Prepare and maintain correct, thorough, and timely inputs to accreditation packages and critical documents that stipulate concepts, requirements, continuity, and contingency to include, System Security Plan (SSP), Security Risk Analysis (SRA), and all critical requirement documents, artifacts in accordance with current network accreditation processes.

• Provide analyses and decision support information for the CGCyber A&A to make system/network risk management determinations for an Authorization to Operate (ATO).

• Maintain the continuous monitoring process and ensure all systems are compliant with DOD and USCG security guidelines, and DISA Security Technical Implementation Guides (STIG).

• Provide draft inputs to security policies and guidance, based on Government requirements and industry best practices, to ensure CG practices are in compliance with DOD/USCG policy directives.

• Provide artifacts and information required for audits and inspections.

• Develop and maintain matrices to track and analyze trends in IA readiness and compliance.

• Manage and track all Plan of Action and Milestones (POA&Ms) created by the organization to address identified weaknesses, vulnerabilities, and audit/assessment findings from creation to closure.

• Coordinate with other organizations as needed in the processing and management of the POA&Ms.

• Coordinate and implement Information Operations Conditions (INFOCON) measures as necessary.

• Utilize tools and tracking mechanisms that shall automate reporting and data collection of Information Security (INFOSEC) associated vulnerabilities.

• The Contractor shall submit findings and recommendations to the ISSO as requested.

• Provide continuous monitoring of all C5ISC enterprise-managed assets.

• The continuous monitoring process shall ensure all systems are compliant with DOD and USCG security guidelines.

• Coordinate and maintain the DHS' and DOD's vulnerability database accounts.

• Coordinate with ISSOs to advise and facilitate resolution of all IA and INFOSEC issues.

• Review system audit records and intrusion detection data to assist ISSOs in identifying security incidents.

Qualifications

Necessary Skills and Knowledge:

• Must have strong foundational knowledge of information security and practical experience in Security Services

• Must have a strong background and experience with projects involving information assurance and cybersecurity.

• Familiarity with security frameworks (