Title: Cybersecurity IA Security Assessor
Location: Reston or Chantilly, VA
Clearance: TS/SCI, will sponsor for CI Poly.
Program Description:
This program is supporting the DIA ESITA III program. The Defense Intelligence Agency (DIA) is an intelligence agency and combat support agency of the United States Department of Defense, specializing in defense and military intelligence. The Enterprise Senior Information Technology Advisors (ESITA) program cybersecurity services aim at maintaining and improving the protection of network and communication’s infrastructure and applications used by warfighters, policy makers, and acquisition leaders across the DIA.
Job Description:
Within ESITA III, the individual will work on the JWICS Connection Approval Process (JCAP) Team. The role of JCAP is to assess external agencies and services, such as Department of Army, U.S. Marine Corps, and Department of the Air Force, to connect to the JWICS network. The assessments would review risks presented by all sites to connect to the network. The Risk assessment provided the basis for the Risk acceptance from the Approval Authorities. The JCAP Risk assessment covered many aspects including, but not limited to, the accreditation status of Sensitive Compartmentalized Information Facility (SCIF), TEMPEST document reviews, Plan of Action and Milestone (POAM), and records of connections and devices. Based on reviews to the Risk Management Framework (RMF) Body of Evidence (BOE), the assessors would provide expert opinion into the risk weighed against the benefits gained by the nation and individual services
Responsibilities:
- Creating JCAP packages
- Gathers and organizes technical information about an organization's mission goals and needs, existing security products, and ongoing programs in cybersecurity,
- Performs assessment and risk analyses of systems and applications during all phases of the system development life cycle,
- Act as Cybersecurity Consultant,
- Lead in the planning, execution and reporting of security audits and network vulnerability assessments with minimal supervision,
- Perform interviews, examinations, and testing of security controls,
- Assist in preparation of assessment deliverables - Security Control Assessment Report, Security Risk Assessments, etc.
- Plan, execute and report on information technology, privacy, and operational reviews in order to identify mission, privacy, security, compliance, information technology and regulatory risks.
Qualifications:
- EMASS experience is needed
- Familiarity (working knowledge) of the JWICS Connection Approval Process, RMF, and risk assessments.
- RMF and ATC, Recommendations for ATO
- An active TS/SCI clearance with a CI Poly OR the ability to obtain a CI Poly,
- Expert level Must have a minimum of twelve (12) years of experience
- Some occasional travel to DIA sites required.