- Evaluate, develop and/or implement Information Assurance guidelines and procedures as required.
- Recommend security solution mitigations and enhancements supporting Information Assurance guidelines and customer requirements.
- Perform vulnerability/risk analyses of computer systems and applications during all phases of the system development life cycle.
- Conduct IT security site surveys.
- Support Authorizing Official (AO) actions by developing and delivering accreditation packages with supporting documents and artifacts in accordance with RMF as defined in NIST 800-37 revision 2 and related agency specific RMF requirements.
- Provide input into an Audit and Accountability Plan containing methods, procedures, and planned reviews for the continuing accreditation and authorization against AU (Audit and Accountability) family controls per NIST SP 800-53 guidance.
- Provide input and implements an organizational access control policy and plan in compliance with risk-levels defined in the National Institute of Standards and Technology (NIST) 800-53, rev 4, Access Control family of controls to include auditing annually, at a minimum.
- Develop processes and procedures for evaluating and documenting information system security vulnerabilities IAW DoD Instruction (DoDI) 8510.01 (RMF for DoD IT)
- Ensure that all information systems meet or exceed compliance requirements.
- Identify, report, and resolve security violations.
- Establish and satisfy Information Assurance and security requirements based upon the analysis of user, policy, regulatory, and resource demands.
- Perform various types of vulnerability and assessment scans with multiple tools.
- Experience using eMASS and/or Xacta.
- Mentor team members.
- Monitor and review the regular updates/upgrades to equipment and procedures to maintain pace with IA requirements and business needs.
- Identify overall security requirements for the proper handling of Government data.
- Other duties as assigned.
- Must have an active Secret clearance!
- Bachelor’s degree and 8+ years of experience; additional years of directly applicable experience may be accepted in lieu of a degree.
- Current DoD 8570 IAT II Certification is required. (Sec+.)
- Prior relevant experience working with RMF, serving in an ISSO, ISSO support, SCA representative, or similar role.
- Have experience performing various types of vulnerability and assessment scans with multiple tools.
- Have experience using eMASS and/or Xacta.
- Solid understanding of the Risk Management Framework (RMF) and the System Development Life Cycle (SDLC).
- Understanding of hardware and software engineering best practices.
- Demonstrated analytical and problem-solving skills.
- Must meet eligibility requirements for work assignment on specified contract.
- Ability to identify needed changes to processes and activities and help to implement continuous improvement solutions.
- Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), and/or Certified Accreditation Professional (CAP).
- Ability to work successfully as part of a virtual team.
This contractor and subcontractor shall abide by the requirements of 41 CFR 60–1.4(a), 60–300.5(a) and 60–741.5(a). These regulations prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities, and prohibit discrimination against all individuals based on their race, color, religion, sex, sexual orientation, gender identity, national origin, or for inquiring about, discussing, or disclosing information about compensation. Moreover, these regulations require that covered prime contractors and subcontractors take affirmative action to employ and advance in employment individuals without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status.