ACAS System Security Compliance Administrator - AFINC with Security Clearance

---

Job description

ACAS System Security Compliance Admin Full Time Montgomery, AL Secret clearance This position is contingent upon contract award Overview: The AFINC III contract supporting the 26th Network Operations Squadron (26NOS) is searching for qualified candidates for a position of Junior or Mid-Level ACAS System Security Compliance Administrator (depending upon experience). We are seeking an individual for information system administration with a strong cybersecurity knowledge to carry out Vulnerability Assessment Analyst tasks. Responsibilities: Operates the security and compliance baseline configuration, inventory, and best practices for the vulnerability management solution (VMS) deployed across multiple unclassified and classified network locations supporting the implementation for Tenable products within Assured Compliance Assessment Solution (ACAS) including .SC (SecurityCenter ) and Nessus scanners; Also 2.0 Architecture Components: Nessus Networking Monitor (NNM), Nessus Manager and Nessus Agents use cases. Work in concert with other Tenable users, operators, integrator, and IA personnel responsible for security compliance within operations and maintaining the ACAS program in multiple enclaves. Will work alongside SA/ENAT team members to implement tailored security compliance reports, collections, distributions, and separate asset management solutions of dynamic and static lists. Candidate will coordinate system activities such as deploying, configuring, monitoring, tuning, upgrading, and troubleshooting Tenable components spanning local, remote, and complex environments. Assist in meeting compliance requirements while conforming to security standards to aide in reducing gaps in cyber security risk exposure. Record configurations, conduct assessments and submit suggestions to scan schedule(s), scanners scan zones, repository management, chart Credentials >Assets >Scans >Reports >Dashboards. Assist with installation/maintenance of configuration files, custom security policies, plug-ins, signatures, certificates, STIGs and checklist configuration audits; Create/edit/customizing Nessus compliance ".AUDIT" files to align compliance scans to add vulnerability discovery capabilities into ACAS system Responsible for supporting and ensuring external deliverables: DISA/Continuous Monitoring and Risk Scoring (CMRS), importing vulnerability and security audit plug-ins, DoD Patch Repository Defense Asset Distribution System (DADS), build/maintain vulnerability and audit repositories. Assist in mapping scan zones, scanners, subnets to include experience leveraging asset management solutions and enterprise network application tools such as Forescout, SolarWinds Orion, McAfee Endpoint Security Solutions (ESS) and/or Microsoft Endpoint Configuration Manager (MECM) Implement/create and streamline report dashboard designs, automated custom email report notifications, report repositories for each environment that are specific to the following audiences: Leadership & Executives; Cybersecurity Staff; System Administrators; Application Maintainers Follow established change management process, systems access, implement changes or configuration, and test changes. Apply expertise in system administration, information security, and infrastructure to enhance established policies and procedures, operations, and implement best practices in environments. Rack and provision government furnished equipment (GFE) servers when applicable. Continuously assesses current ACAS implementations for scans, assets, analysis, and permissions. Assist with validation and sustainment of documentation such as Security Plans, Network Address Declaration (NAD), security groups/roles/permissions and/or zones/credentials/scans. Document ACAS systems for each network to include IP address, Fully Qualified Domain Name (FQDN), DNS entries, Role Based Access Controls (RBAC), service accounts, certifications, licenses, and physical/virtual location of each component. Deploy and manage Nessus Agents to servers across environment if and where applicable. Ensures networks receive periodic updates from AFCYBER-released software patches, updates, and upgrades via Time Compliance Technical Orders (TCTO), Time Compliance Network Orders (TCNO), Maintenance Tasking Order (MTO) and Notices to Airman (NOTAMs) Responsible to assist/troubleshoot schedule scans are covering 100% of intended targets ensuring timely and accurate scanning and reporting per PMO, IA and DoD policies and orders. Maintains the Nessus scanners connectivity with the associated Tenable.sc (formerly SecurityCenter) Provide cyber security staff scanning capability and system administration continuity. Maintain effective communications with other external and internal teams essential to ACAS operations. Create/maintain/implement custom security policies in line with DISA ACAS best practice guidance. Assist AF Cyber personnel with the DISA Information Assurance Vulnerability Management (IAVM) programs, cybersecurity toolsets, and Operation Order (OPORD)/Fragmentary Order (FRAGO) support. Perform systems analysis, design review, integration of complex system applications. Ensure external networks receive cybersecurity inventory reporting for compliance data via ACAS to DISA CMRS, Splunk logging and DoD Enterprise Logging Ingest and Cyber Situational Awareness Refinery (ELICSAR) Big Data Platform (BDP). Participate in all phases of the Vulnerability Management (VM) life cycle with emphasis on the scan, patch, rescan and reporting phases. Qualifications/Requirements: Candidate should have 1 to 4 years of years of hands-on experience in: ACAS and/or Tenable.sc (SecurityCenter) or Tenable Nessus products Familiarity using ACAS or Tenable .SC/Nessus best practices. Linux-based (RHEL) or Windows operating systems support with experience in mid-to-large enterprise data center environment; familiarity with network patch/update management. Exposure interacting with virtualized environments (VMware vSphere, ESXi) Must have experience setting up and executing Tenable Nessus scans, review scan data, assess reports and trends through SC interface; determine whether a completed scan provide valid results, and ensure reports/dashboards meet customer needs and expectations. Ability to install and patch operating systems, applications, and document Department Information Systems Agency (DISA) Security Technical Implementation Guidelines (STIGs) / Security Requirements Guide (SRG), applicable to each Non-classified or Secret Internet Protocol (IP) Router Network (NIPRNet, SIPRNet) environment for all ACAS implementations. Demonstrate advanced diagnostics, analytical, critical thinking and troubleshooting skills. Passion for continuous learning in IT data protection and technical/infrastructure technologies Ability to manage, evaluate and prioritize workload to accommodate and align with business objectives, security concerns, and costs. Any scripting experience: Bash, Perl, PowerShell, Python, Nessus Attack Scripting Language (NASL) Disaster Recovery - knowledge in risk reduction, hot/warm site DR architecture Knowledge of data communications, local-area networking (LAN), wide-area networking (WAN), VoIP, routers, switches, and firewalls Advanced networking concepts, VLAN, trunking and port channel Thorough understanding of Internet Protocol (IP) routing, switching, and OSI model Possess refined critical thinking skills, should be a motivated self-starter, and multi-task capable. Good communication and interpersonal skills; Ability to follow policies and procedures. Education/Certification(s): Technical degree, Associates or, bachelor's degree in computer science/information systems, S.T.E.M. or 2-4 years' relevant experience in Information Technology preferably systems or applications administration All ACAS personnel will attend and complete the ACAS Operator and Supervisor Course once they have started on contract as soon as available from DISA. There are two required certifications for this position, that must be held prior to starting on the contract. Requires one of the following DoD 8570.01-M Information Assurance Technical (IAT) Level II certification to begin on contract: CompTIA Security+ CE (Continuing Education) CompTIA Cybersecurity Analyst (CySA+) CE (Continuing Education) (ISC) Systems Security Certified Practitioner (SSCP) GIAC Global Industrial Cyber Security Professional (GICSP) GIAC Security Essentials Certification (GSEC) (ISC) Systems Security Certified Practitioner (SSCP) Requires the following Computing Environment/Operating System (CE/OS) to begin on contract: Microsoft Certified: Identity and Access Administrator Associate; Microsoft Endpoint Administrator Associate; Microsoft Certified: Azure Administrator Associate; Linux Foundation Certified System Administrator (LFCS); LPIC-1 or Linux+ Clearance: Active DoD Secret required or ability to complete investigation process for interim with potential to upgrade to Top Secret clearance preferred. About Semper Valens Solutions: Semper Valens Solutions, Inc. (SVS) is a Service-Disabled Veteran Owned Small Business (SDVOSB) providing Cost Effective Software and Systems Engineering, Field Support, Training and Full Life cycle Support Management to the DOD and VA community. At Semper Valens, our vision is to remain a creative, cutting edge and cost-effective solutions provider where our shared intellect, industry experience, and technology excellence, make a positive difference in our customer's success. Our solutions help bridge the gap between IT and business prioritizations to optimize budgets, risks, and operational processes. We search for outstanding technical professionals, hiring at all levels of the experience spectrum; intermediate, journeyman and senior. Consider us for your career plan. Semper Valens Solutions is an Equal Opportunity

<!– job description page –>