Overview
Please note that this position is contingent upon the successful award of a contract currently under bid.
Peregrine is a pioneer within the cybersecurity industrial control systems and the Internet of Things, supporting many federal and commercial customers. Peregrine's experienced staff knows the cybersecurity and operational technology environment and provides these capabilities for our customers daily.
Summary:
The Senior Information Security Analyst is responsible for the overall cybersecurity of assigned networks and devices. They must have intimate knowledge of federal government, Department of Defense, and U.S. Coast Guard cybersecurity requirements.
Responsibilities
Essential Job Functions:
Aggressively manage Cyber security accreditation requirements by working closely with the Program Manager, system administrators, database administrators and other key personnel to ensure all system accreditations remain current.
Ensure that all initial and recurring certification and accreditation activities are completed in accordance with DoDI 8500.01, Cyber Security, and DoDI 8510.01, Risk Management Framework (RMF) for assigned information systems, as well as maintaining compliance with the Federal Information Security Management Act (FISMA) of 2002 and other applicable directives for the assigned information systems
Working directly with leadership, developers, engineers, system and database administrators to track changes to the system configurations and software, conducting regular reviews, updates and maintenance of certification and accreditation plans, topology drawings, and associated documents, and uploading completed documents to eMASS.
Schedule, oversee and document information system compliance testing, to include weekly Assured Compliance Assessment Solution (ACAS) scans and annual execution and testing of the Contingency Plans.
Manage accreditation and annual compliance actions using eMASS and the U.S. Coast Guard tracking tools to ensure annual reviews, control tests and contingency plan tests are completed on schedule to comply with FSMA requirements and keep the Program Manager informed of compliance and status of ATO efforts via updates to the PM's Drumbeat and Metrics products.
Conduct a continuous review of all applications and database tools that make up the family of systems to ensure all software versions are registered and approved for use by the U.S. Coast Guard.
Conduct an annual review and update of all parent and child system profiles in the DHS approved repository system to ensure system's registrations are complete and accurate, and that essential waivers for Data-At-Rest (DAR) and unsupported Commercial-Off-The-Shelf (COTS) software are documented and approved by U.S. Coast Guard CIO so that accreditations are not adversely affected.
Serve as Information Assurance Officer (IAO)/Information Systems Security Officer (ISSO), directly advising and assisting the Program Manager, developers, engineers, system and database administrators and staff on all cyber security policy, configuration and compliance matters.
This includes all aspects of cyber security that may affect the system security posture, to include emerging threats published in Cyber Alerts, Communication Tasking Orders, and vulnerability alerts and bulletins issued under the Information Assurance Vulnerability Management program.
As IAO/ISSO, advise the team on ports, protocols and services (PPS) approved for use by the U.S. Coast Guard, and register new PPS in the U.S. Coast Guard PPS Management Registry.
Prior to testing, identify Security Technical Implementation Guides (STIGs) to be applied to systems under development and test, and identify appropriate vulnerability scanning tools to be used during testing, to include the ACAS and Security Content Automation Protocol (SCAP) Compliance Checker automated scanning tools.
The IAO/ISSO will assist during scanning and advise the team on the remediation of findings identified during testing.
Following testing, the IAO will collect, collate, review and validate all test results and prepare supporting documentation, reports and artifacts to support the certification and accreditation of the system. Following accreditation, the IAO/ISSO will track and manage open findings in the Risk Assessment Report until mitigated or closed.
Provide expert advice in support of special projects, to include the development of an automated Cross Domain Solution (CDS) for use by the program and closely coordinate actions with the U.S. Coast Guard Cross Domain Solutions Office (USCGCDSO) and the Department of Homeland Security Unified Cross Domain Management Office (UCDMO).
This support includes authoring and submitting detailed system documentation and architectural drawings and working closely with both USCGCDSO and UCDMO personnel to navigate through a complex and highly technical approval process.
On a daily and weekly basis, provide authoritative cyber security advice during Internal Review Boards and make recommendations on open Configuration Change Requests (CCRs); Application Change Requests (ACRs), Database Change Requests (DBCRs), QA Trouble Reports (QTRs), Problem Reports (PRs), and Program Trouble Reports (PTRs).
Qualifications
Necessary Skills and Knowledge:
Minimum Qualifications:
Preferred Qualifications:
Pay and Benefits
The annual salary range for this position is $100,000 to $140,000.
At Goldbelt, we value and reward our team's dedication and hard work. We provide a competitive base salary commensurate with your qualifications and experience. As an employee, you'll enjoy a comprehensive benefits package, including medical, dental, and vision insurance, a 401(k) plan with company matching, tax-deferred savings options, supplementary benefits, paid time off, and professional development opportunities.
Goldbelt, Incorporated is an urban Alaska Native, for‐profit corporation headquartered in Juneau, Alaska. Incorporated on January 4, 1974 following the Alaska Native Claims Settlement Act (ANCSA), Goldbelt’s primary mission is to manage assets and conduct business for the benefit of its more than 3,600 shareholders. Goldbelt first ventured into the logging and timber industry but later expanded its operations into tourism, which still remains an integral part of its operations. Today, the majority of Goldbelt’s revenue and income derives from government contracting and services.
Goldbelt’s shareholder base consists of Alaska Natives who are of Tlingit and Haida descent. The Tlingit and Haida tribes are the indigenous people of Southeast Alaska, whose rich history spans more than ten thousand years in the region. Goldbelt shareholders own the entire 272,000 shares of Goldbelt stock, representing assets in excess of $100 million in addition to over 32,000 acres of land in the vicinity of Juneau. Goldbelt seeks to honor and preserve the Tlingit culture - its history, art, dance, legends, and the traditions of its Alaska Native shareholders. Learn more about Goldbelt Heritage.
The company is named after a richly mineralized zone in Southeast Alaska that encompasses 33,000 acres of Goldbelt’s land holdings— an area that stretches along the mainland from Frederick Sound to Berners Bay. Learn more about Goldbelt Lands.