Compliance Analyst

* IAT II Level Certification required (e.g. Sec+, SSCP, CCNA, CySA+, OS, etc.)

The Naval Air Warfare Center Weapons Division (NAWCWD) conducts research, development, acquisition, and test & evaluation of Naval air-to-air, air-to-ground and surface launched weapon systems; conducts weapons systems integration, and weapons, mission, and life-cycle cost analysis; and provides weapons and armament life-cycle services in support of the operating forces, Department of Defense (DoD), and the Missile Defense Agency (MDA).

Execute the Risk Management Framework (RMF) rules and regulations as they apply to Continuous Monitoring of enterprise networks and systems and manage cyber processes and tasks as they relate to the project while ensuring compliance.

* Utilize McAfee/Trellix Host-Based Security Suite (HBSS) and Assured Compliance Assessment Solution (ACAS), Tenable Nessus, Tanium, Microsoft Defender Endpoint (MDE), Vulnerability Remediation Asset Manager (VRAM) tool sets in detecting events, remediating vulnerabilities, and reporting on any and all threats that are directed against those systems regardless of their classification level or type.

* Collaborate with leadership to develop metrics based on situational awareness and threat monitoring at an enterprise level that will be reported based on the approved plan and supporting checklists.

* Support a full comprehensive array of analytical activities as part of external threat monitoring, detection, event analysis and incident reporting efforts to include: presentation reviews, internal and external threat reporting, analysis of inbound and outbound public internet traffic, suspicious e-mail messages, administer access request to specific public sites, communicate and coordinate the characterization of events and the response.

* Facilitate new device adds, perform compliance scans and verify system compliance.

* Provide user training with security compliance tools and administer user accounts.

* Troubleshoot and resolve issues with security compliance tools and dashboards.

* Monitoring and managing incoming helpdesk tickets and updates users with ticket status in a timely manner.

* Maintain current knowledge of available patches, deciding what patches are appropriate for particular systems, ensuring that patches are installed properly, testing systems after installation, and documenting all associated procedures, such as specific configurations required.

* Provide support for complex computer network exploitation and defense techniques to include deterring, identifying and investigating computer and network intrusions; providing incident response and remediation support; performing comprehensive computer surveillance/monitoring, identifying vulnerabilities; developing secure network designs and protection strategies, and audits of information security infrastructure.

* Provide technical support for continuous monitoring, computer exploitation and reconnaissance; target mapping and profiling; and, network decoy and deception operations in support of computer intrusion defense operations.

* Provide technical support for forensics services to include evidence seizure, computer forensic analysis and data recovery, in support of computer crime investigation.

* Research and maintain proficiency in open and closed source computer exploitation tools, attack techniques, procedures and trends.

* Perform research into emerging threat sources and develop threat profiles.

* Provide technical support for a comprehensive risk management program identifying mission critical processes and systems; current and projected threats; and system vulnerabilities.

* IAT II Level Certification required (e.g. Sec+, SSCP, CCNA, CySA+, OS, etc.)

Education, Background, and Years of Experience

* BS Computer Science or other technical field or AS with 2 years experience or 3 years relevant work experience.

* Strong analytical and organizational skills.

* Concise writing skills, excellent MS Word skills as well as other MS Office Applications.

* Strong customer service skills.

* Familiar with the McAfee/Trellix Host-Based Security Suite (HBSS) and Assured Compliance Assessment Solution (ACAS), Tanium tool sets, their application, implementation and uses.

* Preferred trainings: CEH, eCPPT, OSCP, GCFW, GCIH, other relevant IT security certifications, or advanced vendor certifications such as Splunk Certified Architect or SourceFire Certified Administrator; Security+, Network+, GSEC, or other relevant IT security product certifications such as Tenable Certified Nessus Auditor, SnortCP CISSP, CISM.

* Contractor site with 0%-10% travel possible. Possible off-hours work to support releases and outages. General office environment. Work is generally sedentary in nature, but may require standing and walking for up to 10% of the time. The working environment is generally favorable. Lighting and temperature are adequate, and there are not hazardous or unpleasant conditions caused by noise, dust, etc. Work is generally performed within an office environment, with standard office equipment available.

Strength Demands

* Sedentary - 10 lbs. Maximum lifting, occasional lift/carry of small articles. Some occasional walking or standing may be required. Jobs are sedentary if walking and standing are required only occasionally, and all other sedentary criteria are met.

Physical Requirements

* Stand or Sit; Walk; Repetitive Motion; Use Hands / Fingers to Handle or Feel; Stoop, Kneel, Crouch, or Crawl; See; Push or Pull; Climb (stairs, ladders) or Balance (ascend / descend, work atop, traverse).

Happy - Be Infectious.

Helpful - Be Supportive.

Honest - Be Trustworthy.

Humble - Be Grounded.

Hungry - Be Eager.

Hustle - Be Driven.