ARL IT - Info Security Spec - Intermediate (Cybersecurity)

Under general supervision, the Cybersecurity Information Security Specialist - Intermediate uses current information security technology disciplines and practices to ensure the confidentiality, integrity, and availability of corporate information assets in accordance with established standards and procedures. Specific duties include developing and maintaining a knowledge base on changing regulatory, threat, and technology landscapes to continually develop or maintain security policies and standards and ensure compliance throughout the organization. The role involves working with Change Management and Cybersecurity to devise, document, and execute sufficient processes for testing software patches and updates to ensure they do not cause failures in system functionalities after they are deployed. The Information Security Specialist ensures operating systems and software are maintained and upgraded in compliance with Army and vendor lifecycle requirements. They monitor and maintain an up-to-date supported software list and ensure all software in the software catalog is a current version and aligned with the ARL Software program. They manage the entire software lifecycle and remove all older and unsupported versions of software to maintain a clean software environment. The role also includes implementing technical methods to install ACAS agents on every system and technology that can support it, ensuring systems and devices are configured for ACAS to run fully credentialed vulnerability scans, and correcting any credential errors as required. They ensure all systems remain up to date with all software and operating system updates and work with the Cybersecurity team to document any assets that cannot support vulnerability scanning. Additionally, the Information Security Specialist implements technical methods to ensure that Host Based Security System (HBSS) components are installed on all applicable ARL systems, reviews rogue and broken system reports, and corrects any deficiencies identified. They configure required systems and devices to automatically send system events and logs to the ARL logging tool in support of DoD, Army, and A&A regulations. They validate that ARL systems and devices meet baseline security requirements following DISA STIG guidance and submit monthly and quarterly STIG checklists. They draft and submit/maintain accurate and current baseline configuration documentation, Risk Acceptance requests, and Plan of Action and Milestone (POAMs) approved through the Change Control Board (CCB) following the Change Management Program for all servers, systems, devices, technologies, and applications that are supported.