CommIT Enterprises, Inc. is seeking a IA Security Specialist to provide Information Systems Security support for enterprise network assets. A strong understanding of DoD STIG/ IAVA and compliance processes are necessary in order to be successful in this position. Assured Compliance Assessment Solution (ACAS) is the primary tool used to facilitate a compliant and secure network.

The auditing environment consists of Cisco Identity Service Engine (ISE), SolarWinds, Marine Corps Database (MCD), Operational Directive Reporting System (OPDRS), RedSeal, DISA STIG Viewer, Marine Corps Compliance and Authorization Support Tool (MCCAST) and vulnerability scanning tools such as ACAS. Auditing compliance aligns with Defense Information Systems Agency (DISA) Secure Technical Implementations Guides (STIGs).

Established in 2001, CommIT is a Certified Veteran-Owned Small Business (CVOSB) providing innovative technical engineering and data science services. Our enterprise systems support includes the Department of Defense’s (DoD) GCSS-MC, CAC2S, TBMCS-MC, and the Department of Veteran’s Affairs’ (VA) telehealth communications. We offer acquisition management, systems engineering, Agile software development, cloud management, IT modernization, data analytics, cybersecurity, and training, including leading-edge DevSecOps, automated testing, and mobile application development.

Your essential job functions will include but may not be limited to-

• Conduct vulnerability scans on a regularly scheduled basis, and ad hoc, as directed.

• Provide a regularly updated list of systems scanned and individual scan results.

• Coordinate scans with respective system owners.

• Provide scan results to system engineers for mitigation efforts.

• As required, work directly with system engineers to clearly identify changes.

• Maintaining configuration items and executing functions on vulnerability management platform, to include ACAS, Nessus, STIG Validation Scans and Manual Checks.

• Creating essential documentation (procedures, scanning reports, remediation reports, etc.), providing analysis and metrics on vulnerabilities, and driving remediation of vulnerabilities throughout the organization.

• Serve as a subject matter expert for vulnerability scanning and STIG Compliance procedures, ACAS 5.4 or higher execution/operation.

• Assist with STIG viewer answers.

• Assist with the development of Risk Management Framework (RMF) plans.

• Assist with Security Content Automation Protocol (SCAP) scans to validate compliancy.

• Be able to assist with DODI 8500.2 IA Controls and reciprocity.

• Attend meetings and provide recommendations concerning Risk Management and mitigation efforts for organizational assets.

• Ability to develop and maintain metrics and reports on vulnerability findings and remediation compliance.

• Facilitate proactive remediation of new vulnerabilities by collecting information from threat and vulnerability feeds, analyzing the impact/applicability to our environment and communicating applicable vulnerabilities and recommended remediation actions to the impacted teams.

• Provide technical support to system and technology owners to propose mitigation and remediation solutions.

• Document config deviations; validate against tickets and RFMs.

• Provide assistance with Marine Corps Compliance and Authorization Support Tool (MCCAST) package preparation and review.

Required Experience, Education and Certifications:

• DoD 8570 IAT II Level Certification Required (CCNA-Security, CySA, GICSP, GSEC, Security+CE, SSCP)

• High-level familiarity with Vulnerability Management tools such as ACAS and SCAP.

• A Cyber Security Team team-player contributing to policy development, RMF package accreditation requirements

Preferred Skills:

• The ideal candidate has a background as an Information Systems Security Officer and has a strong systems security mindset and is very detailed oriented with strong written and oral communication skills.

Security Requirements:

• Active DoD Secret

Equal Opportunity Employer:

CommIT Enterprises, Inc. is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national origin, gender, sexual orientation, gender identity, age, physical or mental disability, genetic factors, military/veteran status or other characteristics protected by law.