NOVA Corporation is 100% tribally owned by the Navajo Nation.
NOVA Corporation is dedicated to providing outstanding services to its customers and employees. Our strength is in our ability to understand our client's needs and deliver a solution that will not only meet those needs but exceed their expectations.
NOVA Corporation strives to be innovative in all areas of business and is committed to technical excellence. Our corporate offices are located on the Navajo Nation reservation in Window Rock, Arizona, Chambersburg, Pennsylvania, Albuquerque, New Mexico, and Columbia, Maryland.
NOVA Corporation provides unique, custom solutions to meet our customers’ communications needs. Our solutions provide communication capabilities using modern technology. At their most complex, they are multi-purpose systems that gather information from dozens of different sources. The information is presented to decision makers immediately, visually, clearly.
NOVA Corporation will accommodate individuals with disabilities that need assistance applying for open positions.
Serves as the local Subject Matter Expert (SME) for DISAs implementation of ACAS by overseeing the successful operation of the ACAS tool: providing expert level analysis, guidance, and troubleshooting. Performs network vulnerability scanning using ACAS, vulnerability analysis, and vulnerability reporting in accordance with the provisions of DoD, DISA, and NIST policies, directives, and guidelines. The associated duties may include, but are not limited to, the following:
• Support potential security violations and/or incidents by providing vulnerability scan results against target machines.
• Provide technical guidance to junior and intermediate team members.
• Perform quality control on junior and intermediate team members' work to ensure accuracy
• Provide input to engineer solutions for ACAS to include PVS, Nessus Server, Nessus Agent/Manager and Security Center.
• Interface with the Tier 3 ACAS Project Management Office personnel on topics regarding Security Center and Nessus Server application upgrades/issues, plugin false positives, and application feature requests.
• Translate technical issues and solutions so they are easy to understand and can be presented to high level management.
• Perform NASL (Nessus Attack Scripting Language) source code review when necessary to assist with plugin false positives.
• Supervise the installation, monitoring, testing, troubleshooting, and administration of the Nessus application.
• Perform data analysis on ACAS, CMRS, ESPS and other vulnerability management tools to explain discrepancies between the tools.
• Provide target system configuration guidance to customers to ensure successful vulnerability scans.
• Diagnose and resolves ACAS vulnerability scanning credential failures, false positives, scanning issues, and reporting issues.
• Conduct vulnerability scans, reports, asset creation/modification, and policy creation/modification using ACAS Security Center.
• Comfortable with the Security Center user and administrator interface.
• Create assets, policies, user accounts, groups, scheduled scans and reports using Security Center.
• Create scan zones, adds Nessus Servers, and shares/modifies objects using Security Center.
• Ensure Security Center configurations are compliant with DISA Best Practices.
• Conduct vulnerability analysis on common vulnerability exploits (CVEs) to determine if they are applicable to DISAs assets, the impact, the severity, and mitigation techniques.
• Uploads applicable DISA STIG benchmarks to Security Center(s) on a quarterly basis.
• Responsible for performing scheduled and ADHOC vulnerability scans to support planned and upcoming security events (ATOs, site security visits, CCRIs, etc.).
• Conducts analysis across Security Center(s) to determine the current open vulnerabilities, credentials failures, total hosts scanned, and total scans run during a defined frequency.
• Performs daily network vulnerability scanning actions, providing data analysis to stakeholders, and generating technical and executive summary reports.
• Apply knowledge of information security services/analysis concepts, practices and procedures as they relate to vulnerability scanning.
• Conduct analyses of existing ACAS implementations to incorporate requested enhancements.
• Review/analyze requested changes to scans, assets, and credentials, which may impact existing configurations.
• Research current cyber events and/or intrusions for impact to Agency systems.
• Provide input into the design, deployment, and implementation of enterprise vulnerability scanning tools (Security Center and Nessus Server).
• Develop SOP and other technical documentation IAW with current government policy.
• Prepare/conduct acceptance test plans and confirm accompanying results, including the development of vulnerability assessments and functionality.
• Conduct briefings to senior leadership as required by the government.
Minimum 5-8 years relevant experience, with 2-3 years direct ACAS experience
• ACAS Subject Matter Expert
• Experience with COTS & GOTS network scanning tools: Tenable Nessus, Tenable Security Center, CMRS, Tenable Nessus Agent/Manager, and Tenable Passive Vulnerability Scanner
• Experience with web application scanning and reporting tools (BURP suite)
• Experience with incident management tracking and reporting tools (ITSM)
Highly Desired Qualifications:
• Basic knowledge of common Operating Systems to include, Windows 7/10, Unix, Windows Server 2008/2012, Cisco Routers, Firewalls, Proxies, and Switches
• Basic knowledge of DOD PKI/PKE implementation and related governing policies
• Experience with IAVMs, DISA STIGs, POA&Ms, and related Federal/DoD policies and regulation
*MUST BE A U.S. CITIZEN WITH AN ACTIVE TOP SECRET/SSBI CLEARANCE*
• Minimum Bachelor’s Degree in computer sciences, information security, or related fields; Master’s degree in relevant fields desired
• Minimum 5-8 years relevant experience, with 2-3 years direct ACAS experience
Required Certifications: DoD 8570-01M IAT Level II certification (CompTIA Security +, CASP, CEH, or similar)
Desired Certifications: DoD 8570-01M IAT Level III certification (CISSP, CISA, or similar)